Data Retention Policy

How we collect, store, retain, and dispose of your data

Data Retention Policy

Effective Date: 01/01/2024

This Data Retention Policy explains how DevSecura collects, stores, retains, secures, and disposes of data obtained through our website, cybersecurity services, consulting engagements, training programs, and digital products.

Information We May Retain

We may retain:

  • Customer details
  • Contact information
  • Billing information
  • Project documentation
  • Security assessment reports
  • Vulnerability findings
  • Screenshots
  • Logs
  • Communications
  • Training enrollment records
  • Purchase history
  • Technical evidence
  • System metadata
  • Website analytics
  • Support tickets

Purpose of Retention

Data is retained for purposes including:

  • Service delivery
  • Report generation
  • Customer support
  • Legal compliance
  • Tax obligations
  • Fraud prevention
  • Security investigations
  • Audit trails
  • Dispute resolution
  • Service improvement

Retention Period

Unless otherwise required by law or contract:

  • Client records may be retained for up to 7 years.
  • Security reports may be retained for up to 5 years.
  • Financial records may be retained as required by applicable tax and accounting laws.
  • Website logs may be retained for security monitoring and incident response.

Longer retention may apply where required for legal proceedings, regulatory obligations, fraud prevention, or ongoing contractual commitments.

Security Measures

We implement reasonable technical and organizational safeguards, including:

  • Access controls
  • Encryption where appropriate
  • Secure storage
  • Role-based access
  • Audit logging
  • Backup procedures
  • Monitoring

No system can guarantee absolute security; however, we take commercially reasonable measures to protect retained data.

Data Sharing

Data may be shared only:

  • With authorized employees.
  • With approved contractors under confidentiality obligations.
  • Where required by law.
  • With regulatory authorities when legally obligated.
  • To protect legal rights or investigate fraud.

We do not sell customer personal information.

Data Deletion Requests

Where legally permissible, clients may request deletion of certain personal information.

However, DevSecura reserves the right to retain records where necessary for:

  • Legal obligations
  • Regulatory compliance
  • Financial recordkeeping
  • Fraud prevention
  • Contract enforcement
  • Ongoing disputes
  • Security investigations

Data Disposal

When retention is no longer required, data is securely deleted or destroyed using appropriate methods to reduce the risk of unauthorized recovery, where practicable.

Policy Updates

This policy may be updated periodically without prior notice.

Continued use of our services indicates acceptance of the latest version.