Data retention policy
Our company is committed to protecting the privacy of our customers and their data. To that end, we have developed a data retention policy to ensure that personal data is handled responsibly and in accordance with applicable laws.
1. We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or for legal or business purposes.
2. We will securely destroy or delete any personal data no longer required in accordance with applicable laws and regulations.
3. If a customer requests that their personal data be deleted, we will do so within a reasonable time frame.
4. We will ensure that any third-party service providers who process personal data on our behalf are subject to appropriate security measures and comply with this policy.
Data archiving and removal policy
Data Archival/Removal Policy
1. All users must archive important data regularly. Data should be archived to a secure cloud storage platform or an external hard drive and stored in an accessible location.
2. All data no longer needed must be removed from the system as soon as possible unless it is required for legal or regulatory reasons to retain the data.
3. Data should be securely deleted when it is no longer needed by using encryption or a secure delete software program such as Eraser or File Shredder to ensure that the data can not be recovered once it is deleted.
4. Users must also ensure that any archived data is regularly updated and kept up-to-date to avoid any potential security risks caused by outdated versions of the data being stored on the system for extended periods of time.
Data storage policy
Data Storage Policy:
1. All data must be securely stored in an encrypted format.
2. Access to data should be restricted to authorized personnel only.
3. Data backups should be performed regularly and stored in a secure offsite location.
4. Data should not be shared outside of the organization without written authorization from the appropriate parties.
5. All employees must adhere to security protocols when accessing sensitive data, including using unique passwords and multi-factor authentication procedures when necessary.
6. All access logs and activity related to data storage must be monitored and reported regularly as part of an overall security audit process.
Data center location(s)
App/service has sub-processors