As an admin, you are responsible for workspace governance. This means enabling your teams to surface impactful insights while ensuring the organization complies with data policies and protects customer privacy. Dovetail has several features that help you manage this responsibility at scale. In this lesson, we will cover how you can use Dovetail’s data retention, access control, and redaction features to protect personally identifiable information (PII) and reduce organizational risk.

Establish clear data retention policies

Holding onto raw customer data indefinitely creates significant compliance risks (GDPR, CCPA) and increases your organization’s liability. Manually tracking and deleting data across hundreds of projects is not scalable and is prone to human error, making it impossible to guarantee compliance. Workspace admins of Enterprise workspaces can create a predictable schedule for deleting unneeded and stale PII across video/audio data in the workspace. This can be done by setting custom retention periods to data at the workspace-level and at the project-level. When setting a custom retention period, Dovetail will auto-delete raw video in notes, but maintain any highlight, reels, or transcripts generated from the video itself.

Setting a default retention period for all data in the workspace

  • To set a default workspace-level period, go to ⚙️ Settings → Data retention.
  • From there, go to Data retention period and set the workspace time period. This will be automatically applied to all projects created in your workspace.

Setting a retention period for data in a specific project

There may be projects where your team need to ensure data is deleted within a time period different to what is set at the workspace-level. This may be due to the nature of the project itself, or agreements made with their research participants. You can enforce a data retention period at the project-level to ensure project data is deleted at the required timeframe.
  • To update a project’s period, go to ⚙️ Settings → Data retention and toggle on Enable project-level configuration.
  • From there, navigate to the project you want to enforce a different retention period for, select your time frame, and confirm.
This is a “set it and forget it” governance tool. It automates compliance with your data policies, creating a predictable and defensible process that drastically reduces legal risk. Because it preserves transcripts and highlights, you meet your security obligations without destroying the long-term value of the research insights your teams have generated.

Control access to data across the workspace

Managing permissions user-by-user across hundreds of projects is an administrative nightmare. It leads to mistakes, data silos, and security vulnerabilities when access isn’t revoked promptly or is granted too broadly. Instead of managing individual people, you manage groups. By organizing users into groups and applying permissions at the folder level, you create a scalable structure that mirrors your organization.
1

Create user groups

To get started, we recommend for admins to create user groups to reflect teams of people who should have the same level of access to data.
2

Share folders with groups

From there, start adding specific user groups to folders in your workspace and assign them Full or Edit access. By doing so, every user in the group will have the same access and projects created within the folder will apply the same access settings as the folder.
For projects that require stricter access, you can lock these down further by updating the access controls within the project’s settings. Check out Assign access across the workspace to learn more → This drastically reduces administrative overhead and minimizes human error. Onboarding a new team member is as simple as adding them to the correct group. Permissions are applied consistently and automatically, ensuring sensitive data is protected by default and preventing accidental data leaks.

Anonymize personal information in your data

Powerful video insights often contain PII. This forces teams into a difficult choice: either keep the valuable data siloed to protect privacy, or share it broadly and create a security risk. Manually redacting videos is a technical, time-consuming task that researchers are not equipped for. Dovetail provides easy-to-use redaction tools directly on the platform. As an admin, you can empower your teams to anonymize their own data before sharing it. AI redact makes it easy for your team to protect participants’ privacy, with the ability to blur videos to hide faces and names, and censor sensitive information from transcripts. Encourage your team to use this feature when working on new projects so no one has to hold back valuable insights from the rest of your organization.

Redact sensitive information from customer calls

Users with edit access to a project can remove sensitive information in a piece of raw data. This includes the ability to blur, mute audio, and hide the text shown in a transcript of a customer call, interview, or usability test.
  • To redact a specific section of a video, highlight a section of text in the transcript and select Redact. From there, you can choose to blur the video, and / or censor audio and text in the transcript.
  • If working with video, you can also blur an entire call to hide faces, text, and screens. To do this, click ••• in the top right corner of the video and select Blur video.
Set a default retention period for the workspace. This will automatically apply to all data across the workspace and help create a predictable schedule for data deletion.
This process resolves the conflict between sharing and security. It provides a sanctioned, controlled method for removing PII, which encourages the safe, widespread sharing of insights. It reduces the risk of PII exposure across the organization while ensuring that the most impactful research evidence can be used to drive decisions. You enable your teams while maintaining strong data governance.