security-policy

Data Deletion and Retention Policy

Savvi Technologies, Inc. Updated 2023-01-11

Edit this page at https://github.com/savvi-legal/security-policy/blob/main/data-retention-policy.md.

Data Retention

tags: privacy_consumer_consent, privacy_data_minimization, privacy_data_usage

Due to the legal and sensitive nature of many of the documents on our platform, documents involving multiple active parties, and public documents, as well as all metadata related to those documents, are kept permanently. This may include:

• Investor Agreements
• Employee Agreements (including NDAs)
• Terms of Service
• Privacy Policy

Such documents will be kept for a minimum of 9 years to comply with regulatory requirements.

Security Logs

Logs related to authentication, authorization, and signing activity may be kept for a minimum of 9 years to comply with regulatory requirements.

Backups

In addition to full system backups of all customer data, the backups provided as part of 3rd party SLAs, we may make additional backups of data linked through the following service providers:

Signature Management

• AdobeSign
• DocuSign
• EchoSign
• HelloSign
• PandaDoc

Document & Data Room Management

• Box
• Dropbox
• Google Drive
• iCloud Drive

Backups may be kept for a minimum of 90 days.

Backups are read-only and cannot be altered to remove specific data. However, backups are kept “offline” in the sense that they are not accessible through customer-facing applications. They are also not accessible to general customer support.

Data Deletion

Customers are directed to contact support to delete their personal or company account, as well as specific personal or company data to delete individual account information.

Individual data for deactivated accounts may be deleted automatically after 90 days.

ALL involved parties must request and approve data deletion for any multi-party document. Public documents, such as Terms of Service or Privacy Policy documents, which are agreed to en masse without specific signatures, may not be deleted as it is not possible to know that ALL involved parties have agreed to its deletion.

There are exceptions for one-way documents which are only signed by a single party, and where all other parties are inactive. Such exceptions may include:

• State Registration
• Federal Registration

Exceptions may also be made by way of substitution documents that intentionally or accidentally contain sensitive information, such as Social Security and Tax Identification numbers, Credit Card numbers, passwords, etc - provided that an equivalent redacted document can be provided.

Edit this page at https://github.com/savvi-legal/security-policy/blob/main/data-retention-policy.md.