Overview
When visitors sign in to your workplace, Envoy collects personal data on your behalf, including names, email addresses, phone numbers, and more. Depending on your industry and location, holding onto that data indefinitely may conflict with privacy regulations such as GDPR, CCPA, or other regional data protection laws, which typically require that personal data be retained only for as long as it's necessary. For customers using Workplace, employee entries may include sensitive information if included in an employee registration flow.
A data retention policy lets you define that window. Rather than storing visitor and/or employee records forever, you can configure Envoy to automatically anonymize personal data after a set period, helping your organization stay compliant, reduce risk, and demonstrate to visitors that their data is handled responsibly.
Note: This data retention policy does not affect ID scans captured by our ID Scanning feature.
Visitors Standard and Premium
For customers on our Visitors Standard and Premium plans, you can only set a location-level retention plan. There will not be any field-level or sign-in flow configuration to complete. You will only be able to choose the retention period and nothing more.
When shortening the data retention period, all data older than the set limit will be deleted immediately. This data cannot be recovered.
To manage:
Navigate to Manage > Location settings.
Scroll down to Data and privacy, and click Edit next to Visitor data retention policy.
By default, your data will be retained indefinitely.* Check the box next to Discard data after a set retention period to change this.
Select a number of days from the drop-down menu, or select Custom and enter the number of days for which data will be retained.
Click Save to complete.
If your new data retention period is shorter than the previous period, you must confirm the immediate deletion of data. Type 'delete' when prompted, then click Confirm and delete.
Visitors Enterprise
For our Enterprise customers, you can select each sign-in field and visitor media (photos, legal documents, uploaded documents) to include in your data deletion.
While this specificity allows companies to configure precise data retention policies, you may need to add a few extra steps to your existing workflow.
When you add new fields to a sign-in flow, they are not automatically included in your retention policy. If you want a new field to be discarded under your policy, you'll need to add it explicitly.
When you add new visitor flows, you'll need to opt in to have their corresponding data deleted by repeating this process.
Visits and Invites themselves will not be destroyed. Any visits/invites with fully anonymized data will read as "discarded." This ensures your analytics dashboard remains accurate, even if the visitor information is no longer available in Envoy. Learn more about visitors analytics.
When the data retention period is shortened, all data older than the set limit will be deleted immediately. This data cannot be recovered.
To configure:
Navigate to Manage > Location settings.
Scroll down to Data and privacy, and click Edit next to Visitor data retention policy.
By default, all of your visitors' data will be retained indefinitely.* Select which fields to discard after set retention period to set a specific, field-level policy.
Use the drop-down to select the sign-in flow you wish to include in your data retention policy. All omitted fields will not be deleted and will remain accessible in your Visitors' data.
Select the Data to discard. You will see each associated sign-in field and media type.
Repeat this process for each sign-in flow.
Remember to click Save after setting up your policy.
If your new data retention period is shorter than the previous period, you must confirm the immediate deletion of data. Type 'delete' when prompted, then click Confirm and delete.
Workplace
For customers with Visitors Standard + Premium, all employee entry data captured by Workplace will be deleted alongside visitor data, according to the retention period set.
For customers with Visitors Enterprise, you can delete workplace data by selecting the Employee registration flow.
FAQ + Notes
Your Envoy Visitors data will be stored indefinitely, as long as you remain an Envoy customer. Your account team will confirm permanent data deletion as a part of the standard offboarding process.
If you upgrade from Premium to Enterprise and have an existing custom data retention policy, you must perform a one-time setup to define which sign-in information is deleted.