Data Retention & Destruction Policy
Purpose
BoboCorp (also referred to as “the Company” or “BoboCo LLC”) is committed to responsible data management in support of our mission to improve local data governance and build technology for public good. This policy outlines how BoboCorp collects, retains, and securely disposes of data used across our services, including but not limited to websites like bobocorp.dev and related platforms.
This policy should be read alongside our Privacy Policy, Terms of Use, and Cookie Policy.
Scope
This policy applies to all data collected, processed, or stored by BoboCorp across all systems and formats—digital or physical. It includes data related to users, customers, employees, contractors, vendors, and partners.
It is designed to comply with all applicable laws and regulations, including state and federal privacy laws and international standards like the EU General Data Protection Regulation (GDPR).
Reasons for Data Retention
We retain data only when necessary and for legitimate purposes, including:
- Providing ongoing service to customers and users
- Compliance with tax, employment, immigration, or contractual obligations
- Fulfilling grant reporting or audit requirements
- Security investigations or incidents
- Preservation of intellectual property and research outputs
- Legal defense or litigation
- Improving products and services (where permitted)
Retention Guidelines
We follow the retention periods listed below unless otherwise required by law:
Data Type | Retention Period |
---|---|
Website Visitor & Contact Data | 1 year from last interaction |
Customer Accounts & Billing Info | 7 years post account closure |
Employment & HR Records | 6 years after employment ends |
Program or Project Data | 5 years after project completion |
Legal/Contractual Documents | 7 years post-expiration |
Audit Logs & Access Records | 1 year |
Retention timelines may be extended for legal reasons, business needs, or ongoing investigations.
Data Duplication
To promote efficient storage and reduce security risks, BoboCorp minimizes unnecessary duplication of data. However, backups and business continuity requirements may require some replication.
Data Destruction
Once the retention period has expired, BoboCorp securely destroys data using industry-standard methods, such as secure digital wiping or physical shredding.
If an employee believes certain data should be preserved beyond its scheduled destruction, they must notify their manager and explain the business rationale.
Exceptions
Exceptions to this policy must be approved by BoboCorp's Director of Technology & Security in consultation with legal counsel. In the event of pending or active litigation, a legal hold may be issued, prohibiting destruction of relevant data until the hold is lifted.
Policy Review
This policy will be reviewed annually or as necessary based on changes to laws, regulations, or business practices.
Contact
For questions or requests regarding data retention or deletion, contact us at info@bobocorp.org.