Data Retention Policy
1. Purpose
The purpose of this Data Retention Policy is to define how Yupcha Softwares Pvt. Ltd. ("Yupcha,” “we,” or “our”) manages, stores, and securely disposes of personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable laws.
The objective is to ensure that all data is kept no longer than necessary for the purposes for which it was collected and that it is deleted or anonymised once those purposes are complete.
2. Scope
This policy applies to:
- All forms of personal and business data collected, processed, and stored by Yupcha are digital or physical.
- Data collected through corporate websites, SaaS products, client interactions, HR systems, and internal operations.
- Employees, contractors, customers, vendors, and partners whose data is processed by Yupcha.
3. Key Principles
We adhere to the GDPR principles of:
- Storage Limitation: Data is retained only as long as necessary for its intended business or legal purpose.
- Data Minimisation: Only essential data is collected and stored.
- Accuracy: Data is routinely reviewed and updated.
- Security: Retained data is protected from unauthorised access, alteration, or loss.
4. Data Categories and Retention Periods
| Data Category | Typical Retention Period | Disposal Method |
|---|---|---|
| Customer account details | Until account deletion or 24 months after last activity | Secure deletion/anonymisation |
| Billing and financial records | 7 years (for accounting/legal compliance) | Secure deletion after the retention period |
| Support tickets and communications | 2 years from ticket closure | Secure deletion |
| Marketing data (emails, leads) | 12 months from last interaction | Opt-out removal/deletion |
| Employee and HR data | As required by employment laws (typically 5–7 years) | Secure deletion or archive encryption |
| System logs (security, access, API) | 12 months unless required for a security audit | Log rotation and automated deletion |
Retention periods are subject to updates based on evolving legal, regulatory, or business requirements.
5. Data Storage and Security
All data under Yupcha control is stored either:
- On a secure cloud infrastructure with encryption at rest and in transit, or
- In limited-access on-premises systems with multi-level identity access controls.
Regular security audits and data integrity checks ensure alignment with internal controls and GDPR Article 32.
6. Data Disposal Procedure
When data reaches the end of its retention period:
- Digital data is erased using secure deletion tools that meet GDPR erasure standards.
- Physical documents are shredded or securely incinerated.
- Backups containing expired data are purged on the next scheduled overwrite cycle.
Anonymisation may be used in situations where legal or research obligations require data to be retained without personal identifiers.
7. Data Subject Rights
Individuals may request:
- Access to their data,
- Correction of inaccuracies,
- Restriction or objection to processing,
- Deletion in accordance with Article 17 (Right to Erasure).
Requests are processed within 30 days via [email protected] or the in-app privacy settings.
8. Policy Review and Updates
This policy is reviewed annually or whenever legal, technical, or operational changes occur. Revisions are approved by Yupcha's Data Protection Officer (DPO) or a designated compliance lead.
9. Responsibilities
- DPO/Compliance Team: Oversees policy enforcement and legislative compliance.
- Engineering Team: Manages automated data deletion schedules and logs.
- HR and Admin Teams: Ensure employee records meet legal retention standards.
10. Contact Information
For questions about this policy or GDPR data management, contact:
Email: [email protected]
Address: 153, Banamalipur, Agartala, West Tripura, Pin - 799001
Website: https://yupcha.com