Aude Data Retention Policy

Purpose: This policy outlines Aude's procedures for retaining and disposing of customer data to ensure proper data management throughout the customer lifecycle.

Scope: This policy applies to all data collected through Aude's performance management platform, including but not limited to:

1. Engineering Activity Data

   1. GitHub/GitLab data: Pull requests, code reviews, commit messages

   2. Jira data: Ticket activity, assignments, comments

   3. Confluence data: Document contributions and edits

   4. Slack data: Messages and interactions in work-related channels

2. Performance Management Data

   1. Goals and objectives

   2. Performance evaluations

   3. 1:1 meeting notes

3. Feedback records

   1. Organizational Data

   2. Team structure and reporting relationships

   3. Role/title information

   4. Employee identifiers

Data Retention Periods

1. Active Customers

   1. All customer data is retained for the duration of the active business relationship

   2. Data is maintained and accessible throughout the service period

2. Design Partners

   1. Data is retained for the duration of the design partner program

   2. Upon program completion, data is retained for 30 days unless converted to a paid customer

3. Trial/Evaluation Users

   1. Data is retained for the duration of the trial period plus 30 days

   2. If not converted to a paid customer, data is purged after the 30-day grace period

Data Deletion Process: Upon service termination or end of relationship:

1. Customer receives notification of impending data deletion

2. 30-day grace period begins

3. Option to export data is provided

4. After grace period, automatic purge process begins

Data Purge Process

1. All customer data is deleted from production systems

2. Backup data is removed according to backup rotation schedule

3. No customer data is retained beyond 90 days post-termination

Customer Rights and Responsibilities

1. Customers may request data export during active service period

2. Early data deletion requests will be honored upon written or email confirmation

3. Customers are responsible for extracting any desired data before the end of the grace period

Compliance and Verification

1. Audit Logs

   1. Audit logs record all data deletion events including:

      1. Date and time of deletion request

      2. Customer identifier

      3. Data categories deleted

      4. Verification of successful deletion

      5. Personnel who executed the deletion

      6. Method of deletion

   2. Audit logs are retained for 2 years after deletion

   3. Logs are encrypted and accessible only to authorized personnel

2. Compliance with Data Protection Regulations

   1. GDPR Compliance

      1. Right to erasure ("right to be forgotten") honored upon request

      2. Data minimization principles followed

      3. Processing records maintained as required

      4. Data transfer mechanisms compliant with EU requirements

      5. CCPA Compliance

         1. Consumer deletion requests honored within 45 days

         2. Verification process for deletion requests

         3. Records of deletion requests maintained

      6. General Data Protection:

         1. Regular security assessments conducted

         2. Data processing agreements with subprocessors maintained

         3. Privacy impact assessments performed for new features

         4. Employee training on data protection requirements

         5. Incident response procedures in place

3. Verification Process

   1. Customer can request written verification of deletion

   2. Deletion certificate provided including:

      1. Confirmation of data categories deleted

      2. Date of deletion

      3. Verification of completion

      4. Signed by authorized Aude representative