Data retention policy
All active Customer Data shall be retained for as long as the Customer continues to be an active Customer of SymOps, Inc. or unless a request has been made by the active Customer for the deletion of data.
All Customer Data, after termination of contract, must be retained in accordance with the contractual agreement between Customer and SymOps, Inc..
Customer Data retention policies may be implemented against Customer Data on an ad-hoc basis as may be agreed between SymOps, Inc. and Customer.
Data archiving and removal policy
Disposal of customer data will be carried out in accordance with the contractual agreement between SymOps, Inc. and Customer. In the absence of any contractual agreement, an automatic script or manual script (for ad-hoc requests) is initiated on SymOps, Inc. platform containing customer data. This activates a full hard delete of customer data on the platform. Data will be disposed 30 days after contract termination unless otherwise required or agreed to in writing.
Data storage policy
Sym maintains policies governing the storage of data; including, but not limited to, the following components:
All information assets (electronic and non-electronic) shall have designated owners and classified in accordance with information classification guidelines.
Storage of sensitive data at rest shall be encrypted at all times.
The encryption of data at rest shall only include strong encryption methods such as AES or RSA.
Encrypted data shall remain encrypted when access controls such as usernames and passwords fail.
Confidential or Sensitive Information at rest on computer systems owned or operated by Sym shall be protected by one or more industry standard mechanisms.
App/service has sub-processors
yes
Guidelines for sub-processors