Data Retention Policy - Build Trust Center

← Back to Trust Center

Data Retention Policy

Guidelines for data retention periods and deletion procedures

Other Policies: Encryption Policy Risk Assessment Policy Incident Response Plan Data Protection Policy Data Classification Policy Vendor Management Policy Information Security Policy Acceptable Use Policy

Data Retention Policy

Purpose

To define data retention periods and ensure compliance with legal and business requirements.

Retention Periods

Customer Data

Active account data: Retained while account is active
Deleted account data: Removed within 30 days of deletion request
Backup retention: 90 days for disaster recovery

Business Records

Financial records: 7 years
Contracts: 7 years after expiration
Employee records: 7 years after termination

Security Logs

Access logs: 1 year
Security event logs: 2 years
Audit logs: 3 years

Data Deletion

Automated deletion based on retention schedules
Secure deletion methods to prevent recovery
Certificate of destruction for sensitive data

Legal Holds

Data subject to legal hold is preserved regardless of retention schedule
Legal department manages hold notifications
Regular review of active holds