Data Retention Policy

Our comprehensive data retention and management practices ensure your data is handled securely and responsibly.

Last updated: 10/4/2025

This Data Retention Policy outlines how Mindmorph Technologies Private Limited ("we," "our," or "us") manages, retains, and disposes of personal data in accordance with applicable data protection laws and industry best practices.

Purpose of Data Retention

We retain personal data for specific business purposes and legal requirements, including:

  • Providing and improving our services
  • Maintaining business relationships and customer support
  • Complying with legal and regulatory obligations
  • Preventing fraud and ensuring security
  • Conducting business analytics and research
  • Resolving disputes and enforcing agreements

Data Retention Periods

Customer Data

Active Customers: Retained for the duration of the business relationship plus 7 years

Inactive Customers: Retained for 7 years after last interaction

Marketing Data: Retained until consent is withdrawn or 3 years of inactivity

Website and Analytics Data

Website Logs: Retained for 12 months

Analytics Data: Retained for 26 months (anonymized after 14 months)

Cookie Data: Retained according to cookie-specific policies (typically 1-2 years)

Communication Data

Email Communications: Retained for 7 years

Support Tickets: Retained for 5 years after resolution

Contact Form Submissions: Retained for 3 years

Financial and Legal Data

Financial Records: Retained for 7 years (as required by law)

Contract Data: Retained for 7 years after contract termination

Legal Documents: Retained for 10 years or as required by law

Employee and HR Data

Active Employees: Retained for employment duration plus 7 years

Former Employees: Retained for 7 years after termination

Payroll Records: Retained for 7 years (as required by law)

Data Categories and Specific Retention Periods

Data CategoryRetention PeriodLegal Basis
Personal Identifiers7 years after last contactLegitimate interest
Contact Information5 years after last interactionConsent/Legitimate interest
Usage Data2 years (anonymized after 1 year)Legitimate interest
Technical Data1 yearLegitimate interest
Marketing DataUntil consent withdrawnConsent

Data Security During Retention

While data is retained, we implement appropriate security measures to protect it:

  • Encryption of data at rest and in transit
  • Access controls and authentication mechanisms
  • Regular security audits and monitoring
  • Secure backup and disaster recovery procedures
  • Staff training on data protection and security
  • Incident response and breach notification procedures

Data Disposal and Deletion

When data reaches the end of its retention period, we securely dispose of it using:

  • Secure deletion from all systems and backups
  • Physical destruction of hard copies
  • Verification of complete data removal
  • Documentation of disposal activities

Important Note

Some data may be retained longer than the standard retention period if required by law, legal proceedings, or legitimate business interests. In such cases, we will notify affected individuals when possible.

Legal Basis for Data Retention

We retain data based on the following legal grounds:

  • Consent: Where you have given explicit consent for specific purposes
  • Contract Performance: To fulfill contractual obligations
  • Legal Obligation: To comply with applicable laws and regulations
  • Legitimate Interest: For legitimate business interests that do not override your rights
  • Vital Interests: To protect vital interests of individuals
  • Public Task: For tasks carried out in the public interest

Your Rights Regarding Data Retention

You have the following rights regarding your personal data:

  • Right to Access: Request information about what data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal requirements)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to certain types of data processing

Changes to This Policy

We may update this Data Retention Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by posting the updated policy on our website and updating the "Last updated" date.

Contact Information

If you have questions about this Data Retention Policy or wish to exercise your rights regarding your personal data, please contact us:

Data Protection Officer: dpo@mindmorph.com

General Inquiries: privacy@mindmorph.com

Phone: +91 XXX XXX XXXX

Address: Mindmorph Technologies Private Limited, [Company Address], India