1. Purpose
This Data Retention Policy outlines the duration for which StackCX retains different categories of data generated and maintained within its systems. The purpose of this policy is to ensure that data is retained for only as long as necessary to meet legal, regulatory, and operational requirements.
2. Scope
This policy applies to all data collected, processed, and stored by StackCX in the course of delivering its Software as a Service (SaaS) offerings. It includes backups, logs, and operational data related to invoicing, billing, and contracting.
3. Data Retention Periods
| Data Type | Retention Period | Purpose |
|---|---|---|
| Application Backups | 3 months | For recovery in case of data loss, corruption, or disaster |
| System and Application Logs | 12 months | For auditing, debugging, and security analysis |
| Invoicing, Account, Billing, and Contract Data | 7 years | To comply with audit and legal obligations under UK law |
4. Data Disposal
At the end of the retention periods specified above, StackCX will securely delete or anonymise data in accordance with industry best practices, ensuring that it cannot be reconstructed or retrieved.
When a contract ends and Stack no longer has a reason to process or store customer-supplied data, Stack will promptly take steps to irretrievably delete data in accordance with industry best practice.
5. Legal and Regulatory Compliance
StackCX retains data in accordance with applicable legal and regulatory obligations, including but not limited to the UK Companies Act 2006 and HMRC requirements for financial records retention.
6. Policy Review
This policy is reviewed annually and may be updated from time to time to ensure continued compliance with legal requirements and industry standards.