How We Handle Your Data

This page explains the data lifecycle inside MultiDrive so your team can evaluate our controls with confidence. We prioritize minimization, traceability, and accountable security across every stage.

Updated February 21, 2026

We scope processing to the minimum needed for secure, high-quality operations.
Data flows are monitored, controlled, and aligned with least-privilege practices.
Optional analytics are consent-driven and can be disabled at any time from the page-level privacy controls.

Collection and minimization

We collect only the categories of data needed to authenticate users, process requested workflows, and protect platform integrity.

Feature-level controls are designed to limit over-collection and reduce unnecessary exposure.

  • Scoped account and session metadata to operate identity and access controls.
  • Workflow metadata tied to user-initiated actions such as search, migration, and sharing.
  • Operational diagnostics required for reliability, abuse prevention, and incident handling, including hashed IP/network identifiers and user-agent data.

Processing and access controls

Data processing is constrained by internal policy, technical safeguards, and role-based access restrictions.

Privileged access is limited to authorized personnel with documented need and oversight controls.

  • Role-gated access for administrative and support workflows.
  • Session controls and audit logs for sensitive operations.
  • Policy-driven review for access to high-sensitivity paths.

Storage, encryption, and security

Data is protected with layered controls that include encrypted transport, controlled storage boundaries, and continuous monitoring.

Security controls are regularly reviewed and updated to align with evolving threats and customer expectations.

  • Encryption in transit with strict protocol requirements.
  • Hardened infrastructure and boundary controls for managed services.
  • Security event logging and alerting for anomaly detection.

Retention and lifecycle management

Retention periods are defined by operational necessity, contractual scope, and legal requirements.

When retention requirements end, we follow deletion workflows designed to remove data in a consistent and auditable manner.

  • Retention windows mapped to logs, account records, and operational artifacts.
  • Customer-requested deletion workflows with verification safeguards.
  • Controlled archival and cleanup processes to reduce stale data risk.