Imperial Eminence Cyberguard Corporation · The Ivory Index
Data Retention Schedule
Tier V — Security Program · Ref: IECC-T5-005 · Version 1.0 · Effective 14 June 2026
This Data Retention Schedule ("Schedule") specifies the retention periods applicable to different categories of data held by IECC in connection with The Ivory Index Software and associated services. It supplements the Privacy Policy (IECC-T1-002) and DPA (IECC-T3-004).
~/.theivorry/profiles/{"{id}"}/ is under the User's sole control. IECC does not hold this data and cannot enforce retention or deletion obligations with respect to it. The retention periods in this Schedule apply only to data actually held by IECC.
| Data Category | Description | Retention Period | Basis | Deletion Method |
|---|---|---|---|---|
| Support Tickets | Customer support correspondence, tickets, attachments | 3 years from closure | Legitimate interests (warranty, dispute resolution) | Secure deletion from support platform |
| Account Data | Customer name, email, account details (commercial accounts) | Duration of account + 5 years post-termination | Contract; legal obligation (accounting records) | Anonymisation or secure deletion |
| Billing & Invoice Records | Invoices, payment records, transaction logs | 7 years from transaction date | Legal obligation (tax and accounting law) | Archival then secure deletion |
| Contract Documents | Signed MSAs, Order Forms, NDAs, licences | Duration + 7 years post-expiry | Legal obligation; limitation periods | Secure archival then deletion |
| Security & Access Logs | Authentication logs, admin access logs, API logs | 90 days (standard); 1 year (enterprise) | Legitimate interests (security monitoring) | Automated rolling deletion |
| Incident Records | Security incident reports, post-mortems, breach notifications | 5 years from incident date | Legal obligation; regulatory compliance | Secure deletion |
| Marketing Communications | Email addresses, consent records, campaign logs | Until consent withdrawn + 2 years for consent evidence | Consent | List removal + consent record deletion |
| Website Logs | Server access logs, error logs (IP addresses, timestamps) | 90 days | Legitimate interests (security, debugging) | Automated rolling deletion |
| HR & Personnel Records | Employment records, onboarding documents, access grants | Duration of engagement + 6 years post-termination | Legal obligation | Secure deletion |
| Legal Correspondence | Solicitor communications, court documents, regulatory correspondence | 10 years from resolution | Legal obligation; limitation periods | Secure archival then deletion |
| Data Subject Requests | DSAR logs, erasure requests, objections | 3 years from completion | Legal obligation (GDPR accountability) | Secure deletion |
Where technically feasible, IECC implements automated deletion or anonymisation at the end of each retention period. Manual deletion processes are documented and reviewed quarterly.
Where IECC becomes aware of actual or threatened litigation, regulatory investigation, or other legal process, a Legal Hold suspends automated deletion for affected data categories until the legal hold is released by the Security Owner or legal counsel. Legal Hold notifications are issued in writing.
Where full deletion is disproportionate, IECC may anonymise data (removing all direct and indirect identifiers) as an alternative to deletion, where the anonymisation is irreversible and the resulting data cannot reasonably be re-identified.
IECC requires that vendors and subprocessors comply with equivalent retention and deletion standards under their data processing agreements.
Requests for early deletion or restriction of processing should be submitted to legal@imperialecc.com. IECC will respond within statutory timeframes. Deletion requests will be fulfilled within 30 days subject to legal retention obligations that override the request.
This Schedule is reviewed annually and updated when: applicable law changes; new data categories are introduced; or retention periods become disproportionate to their purpose. Contact: legal@imperialecc.com.
