Data retention guidelines
Other languages:
Bahasa Indonesia • ‎Bahasa Melayu • ‎Basa Banyumasan • ‎British English • ‎Deutsch • ‎English • ‎Esperanto • ‎Lëtzebuergesch • ‎Nederlands • ‎Nordfriisk • ‎Scots • ‎Tiếng Việt • ‎Türkçe • ‎asturianu • ‎azərbaycanca • ‎català • ‎dansk • ‎español • ‎français • ‎hrvatski • ‎isiZulu • ‎norsk bokmål • ‎occitan • ‎polski • ‎português • ‎português do Brasil • ‎română • ‎suomi • ‎svenska • ‎čeština • ‎Ελληνικά • ‎български • ‎русский • ‎татарча/tatarça • ‎қазақша • ‎ייִדיש • ‎עברית • ‎اردو • ‎العربية • ‎سنڌي • ‎فارسی • ‎مصرى • ‎नेपाली • ‎हिन्दी • ‎ਪੰਜਾਬੀ • ‎தமிழ் • ‎తెలుగు • ‎ไทย • ‎中文 • ‎客家語/Hak-kâ-ngî • ‎日本語 • ‎한국어
Introduction
Data is important. It is one of the ways we can learn and grow as an organization and a movement, and how we can help make the projects better for those who use them to create, learn, and share. At the same time, we are committed to keeping your personal data "for the shortest possible time that is consistent with the maintenance, understanding, and improvement of the Wikimedia Sites, and our obligations under applicable U.S. law" (quote from the Wikimedia Foundation Privacy Policy).
This document helps explain how we fulfill this commitment, by describing our guidelines for data retention, system design, and ongoing auditing and maintenance. These guidelines are meant to be a living document — they will be updated over time to reflect current retention practices.
To what data do these guidelines apply?
These guidelines apply to all non-public data we collect from Wikimedia Sites covered by the Privacy Policy and Non-Wiki Privacy Policy. Our Donor Privacy Policy includes separate data retention guidelines that apply to donor information.
How long do we retain non-public data?
Unless otherwise indicated, we retain the following types of data for no more than the following periods of time:
Data typeOriginExamplesMaximum Retention Period
Non Public Personal informationCollected automatically from a user
  • IP addresses of site visitors (operational data)
  • IP addresses of A/B test subjects (analytical data)
  • Identifying user-agent information of site visitors
After at most 90 days, it will be deleted, aggregated, or de-identified
Account settings
Email address
Until user deletes/changes the account setting.
Non-personal informationCollected automatically from a user
Data collected by MediaWiki about a user account's activity (e.g., first time a user goes to an edit page, date and time that a user verifies their email address)
Indefinitely
Data collected by EventLogging and associated with their user ID (e.g., whether an account was created on mobile, A/B test data for Getting Started)
After at most 90 days, it will be deleted, aggregated, or de-identified
Provided by a user
Logs of terms entered into the site's search box, or terms within prefilled links to the search engine that have been followed by user navigation
After at most 90 days, it will be deleted, aggregated, or de-identified
Provided by a user
Language
Until user deletes/changes the account setting.
Non-personal information not associated with a user account[T 1]Collected automatically from various users
Counts of how many times certain events have occurred (e.g. successful HTTPS requests)
Indefinitely
Articles browsed by readersCollected automatically from a reader
A list of articles visited by readers
After at most 90 days, if retained at all, then only in aggregate form
For the purposes of this table, "user account" means username, user ID, or IP address; "reader" means visitor to a Wikimedia project.
How long do we retain public data?
Wikimedia hosts Wikipedia and the associated projects as part of our mission to collect, document, and freely distribute the sum of human knowledge to the world. Accordingly, when you make a contribution to any Wikimedia Site, including on user or discussion pages, you are creating a permanent, public record of every piece of content added, removed, or altered by you. The page history will show when your contribution or deletion was made, as well as your username (if you are signed in) or your IP address (if you are not signed in). We may use your public contributions, either aggregated with the public contributions of others or individually, to create new features or data-related products for you, or to learn more about how the Wikimedia Sites are used. If you mistakenly included your personal information in a contribution to a Wikimedia Site and you would like to have it removed, please consult the community’s oversight policy. Keep in mind that the transparency and integrity of our sites’ revision histories is essential to our mission, and the Foundation supports our community’s right to reject oversight requests in order to protect the projects.
If you choose to register for an account with the Wikimedia projects, you will be asked to select a username. Usernames are retained until the user requests that the account be renamed, or goes through the community courtesy vanishing process.
For more information, see our Privacy Policy.
Definitions
For the purposes of these guidelines:
"Personal information" means information you provide us or information we collect from you that identifies or could be used to personally identify you. For details, please see the Wikimedia Foundation Privacy Policy and Non-Wiki Privacy Policy.
Some examples of "public information" would include:
Some examples of types of information that are considered to be "nonpublic information" include:
Data is "de-identified" when it has been aggregated or otherwise retained in a manner such that it can no longer be used to identify the user.
Data is "aggregated" when the data associated with a specific user has been combined with data from others to show general trends or values without identifying specific users.
An example of how data can be aggregated includes:
Using ranges rather than specific numbers, such as recording that there are "between 1 and 10 editors in language X in country Y" rather than recording that there are 4 editors.
Terms that are not defined in this document have the same meaning given to them in the Privacy Policy.
Exceptions to these guidelines
If we make exceptions to these guidelines, we will notify the community by describing the exception on this page.
Audits and improvements
The Foundation is committed to continuous evaluation and improvement of these guidelines, and to periodic audits in order to identify such improvements. As we make changes to existing and systems, we will update these guidelines to reflect our changing practices.
Design of new systems
In order to support these data retention periods and our overall privacy policy, new tools and systems implemented by the Foundation will be designed with privacy in mind. This will include:
Ongoing handling of new information
Despite our best efforts in designing and deploying new systems, we may occasionally record personal information in a way that does not comply with these guidelines. When we discover such an oversight, we will promptly comply with the guidelines by deleting, aggregating, or de-identifying the information as appropriate.
Contact us
If you think that these guidelines have potentially been breached, or if you have questions or comments about compliance with the guidelines, please contact us at privacy
wikimedia.org.
Privacy-related pages
Privacy policy FAQ Glossary of key termsSubpoena FAQ Data retention guidelinesAccess to nonpublic personal data Confidentiality agreementHow to sign Underage exemptionsDonor privacy policy
Last edited on 3 August 2021, at 21:44
Meta
Content is available under CC BY-SA 3.0 unless otherwise noted.
Privacy policy
Terms of Use
Desktop
HomeRandomLog inSettingsDonateAbout MetaDisclaimers
WatchEdit