DirectLine Conversation Cache & GDPR Compliance

[zubcomandante]

Hi all,

I've been checking the instruments provided by Microsoft to comply with GDPR regulation in the EU, for Bots with Directline-based clients.
I found a document that Microsoft provides to tackle this issue: https://blog.botframework.com/2018/04/23/general-data-protection-regulation-gdpr/
However, in that document there is no mention on how to manage the actual content of conversations stored in the DirectLine cache (only about their state): I've been wondering if there's a way to forcibly clear a cached conversation for a given user, and/or if one can rely on a given expiry period.

Thank you very much

Marco

[compulim]

@ckkashyap do you have an answer for this?

[ckkashyap]

Hi Marco,
Conversation messages are only stored for 24 hours in DirectLine. Conversation metadata (such as conversation id and couple other housekeeping data) are removed after a period of inactivity (between 15 to 20 days). So you can rely on automatic expiry from a GDPR compliance standpoint. I hope that answers you query.
Regards,
Kashyap

[zubcomandante]

Thank you Kashyap for your satisfying answer.

Best Regards

Marco