Data Retention

Purpose

The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by miniOrange or are of no value are discarded at the proper time. This Policy represents the miniOrange’s policy regarding the retention and disposal of records and the retention and disposal of electronic documents.

In order to provide customers with secure choices and what data we store, how we process the data and how the data is purged is mentioned in this policy.

For Details regarding the data storage and Data process you can go through our Privacy Policy by clicking here.

This Data Retention Policy will set out for which data is to be retained, the criteria for establishing and reviewing such period(s), and when and how it is to be deleted or otherwise disposed of.

Application Generated Data/ Logs Suspension

miniOrange only stores the Generic Information and internal system information connected to User Identification and Customer Identification. Other Personal Information or HTTP API Responses information, etc is not stored.

All important data/ information stored is masked or encrypted.

You can go through the security practices maintained by miniOrange for the stored data here: Security Practices

Data Retention Period

The Application/Logs data is stored on Accessible Servers for a duration of two months. If Customer wants any information, they can submit their request and miniOrange can provide this data between these 2 months from the date of generation. The data after 2 months is archived.

miniOrange can provide the data from the archived upon the request of customers and by considering the severity of the data requirement.

Data Deletion is performed automatically after the validity specified for each of the archived file. miniOrange will not be responsible for the data once deleted.

Data Backup

miniOrange stores the backup of the data in case of emergency issues and immediate concerns. The backup of the data is available with miniOrange for a duration of two years as per the laws.

The Data Backup is purged automatically by the system after the validity.

You can refer to the security practices of miniorange for security of the Data Backup by clicking on this link.

Contact

If you have any questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:

Email us at: info@xecurify.com

Or call us at: +1 978 658 9387

Or you can fill form with your question/concern: https://www.miniorange.com/contact

Last updated: December 13, 2024

Purpose

This Data Retention Policy will set out for which data is to be retained, the criteria for establishing and reviewing such period(s), and when and how it is to be deleted or otherwise disposed of.

The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by miniOrange or are of no value are discarded at the proper time.

This Policy represents the miniOrange’s policy regarding the retention and disposal of records and the retention and disposal of electronic documents.

In order to provide customers with secure choices what data we store, how we process the data, and how the data is purged is mentioned in this policy.

miniOrange seeks to ensure that it retains only data necessary to effectively conduct its service or activities and work in fulfilment of its mission.

The need to retain data varies widely with the type of data and the purpose for which it was collected. iniOrange strives to ensure that data is only retained for the period necessary to fulfil the purpose for which it was collected and is fully deleted when no longer required

For Details regarding the data storage and Data process, you can go through our Privacy Policy by clicking here.

This policy sets forth miniOrange’s guidelines on data retention and is to be consistently applied throughout the organization.

Scope

This policy covers all data collected by miniOrange and stored on miniOrange-owned systems and media, regardless of location. It applies to both, data collected and held electronically (including photographs, video, and audio recording if necessary) and data that is collected and held as hard copy or paper files. The need to retain certain information may be mandated by federal or local law, federal regulations and legitimate business purposes, as well as the EU General Data Protection Regulation (GDPR).

Reasons for Data Retention and Period

miniOrange retains only the necessary data to effectively carry out the business, fulfill its mission, and comply with applicable laws and regulations. Reasons for data retention include:

• Providing an ongoing service to the data subject (e.g. sending a newsletter, publication, or ongoing program updates to an individual, ongoing training or participation for conferences in Xecurify’s programs, processing of employee payroll and other benefits).
• Compliance with applicable laws and regulations associated with financial report, applicable labor, tax and immigration laws not to limited but related to other regulatory requirements.
• Security incident or other investigation.
• Intellectual property preservation.
• Litigation.
• Website visitor data will be retained as long as necessary to provide the service requested/initiated through the miniOrange website.
• Contributor data will be retained for the year in which the individual has contributed and then for three after the date of the last contribution. Financial information will not be retained longer than is necessary to process a single transaction.
• Event participant data will be retained for the period of the event, including any follow-up activities, such as the distribution of reports, plus a period of two years.
• Conference/Program participant data (including sign-in sheets) will be retained for the duration of the grant agreement that financed the program plus any additional time required under the terms of the grant agreement.
• Personal data of subgrantees, subcontractors, and vendors will be kept for the duration of the contract or agreement.
• Employee data will be held for the duration of employment and then [Duration] after the last day of employment.
• Data associated with employee wages, leave and pension shall be held for the period of employment plus two years, with the exception of pension eligibility and retirement beneficiary data which shall be kept for two years.
• Recruitment data, including interview notes of unsuccessful applicants, will be held for one year after the closing of the position recruitment process.
• Consultant (both paid and pro bono) data will be held for the duration of the consulting contract plus three after the end of the consultancy.
• Board member data will be held for the duration of service on the Board plus for three years after the end of the member’s term.
• Data associated with tax payments (including payroll, corporate, and VAT) will be held for three years.

Data Duplication

miniOrange seeks to avoid duplication in data storage whenever possible, though there may be instances in which for programmatic or other business reasons it is necessary for data to be held in more than one place. This policy applies to all data in Xecurify’s possession, including duplicate copies of data.

Application Generated Data / Logs Suspension

miniOrange only stores the Generic Information and internal system information connected to User Identification and Customer Identification. Other Personal Information or HTTP API response information, etc is not stored.

All important data/ information stored is masked or encrypted.

You can go through the security practices maintained by miniOrange for the stored data here: Security Practices

Data Retention Period for Application / Logs

The Application/Logs data is stored on Accessible Servers for a duration of two months. If Customer wants any information, they can submit their request and miniOrange can provide this data between these 2 months from the date of generation. The data after 2 months is archived.

miniOrange can provide the data from the archived upon the request of customers and by considering the severity of the data requirement.

Data Deletion is performed automatically after the validity specified for each of the archived file. miniOrange will not be responsible for the data once deleted.

Data Destruction

Data destruction ensures that Xecurify manages the data it controls and processes it in an efficient and responsible manner. When the retention period for the data as outlined above expires, miniOrange will actively destroy the data covered by this policy. Any exceptions to this data retention policy must be approved by miniOrange’s data protection offer in consultation with legal counsel. In rare circumstances, a litigation hold may be issued by legal counsel prohibiting the destruction of certain documents. A litigation hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.

Data Backup

miniOrange stores the backup of the data in case of emergency issues and immediate concerns. The backup of the data is available with miniOrange for a duration of two years as per the laws.

The Data Backup is purged automatically by the system after the validity.

You can refer to the security practices of miniOrange for the security of the Data Backup by clicking on this link.

Contact

If you have any questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:

Email us at: info@xecurify.com

Or call us at: +1 978 658 9387

Or you can fill form with your question/concern: https://www.miniorange.com/contact

Last updated: May 07, 2025

Purpose

This Data Retention Policy outlines miniOrange’s procedures for managing, retaining, and securely disposing of customers collected through our solutions, products, website & miniOrange employee related data . Customer Data includes all electronic data submitted by or on behalf of a customer to miniOrange Services and Solutions. The policy ensures compliance with applicable laws, protects user privacy, and aligns with industry best practices.

Scope

This policy applies to all data collected, processed, and stored by miniOrange in the course of providing services, including but not limited to:

• Customer Data:
  • User Identity Data: Usernames, email addresses, roles, groups, and custom attributes.
  • Authentication Data: Password hashes, multi-factor authentication settings, and single sign-on tokens.
  • Access Logs: Records of logins, token issuance, and resource access.
  • Audit Trails: Changes to policies, configurations, and privileges.
  • API Usage Logs: Logs of API calls made by tenants.
  • Session Data: Session tokens, device information, and IP addresses.
• Employee-Related Data: Information related to current, former, or prospective employees for operational and HR purposes.

Data Retention Periods

miniOrange retains Customer Data as follows:

• User Identity Data: Retained for the duration of the customer's subscription. Upon termination, data is deleted immediately unless otherwise required by law or contractual obligation.
• Authentication Data: Data will be accessible for 2 months from the UI. Then, it will be archived for 12 months and will be accessible upon request. Deleted immediately upon user removal or contract termination.
• Access Logs: Retained for 24 months by default.
• Audit Trails: Retained for 24 months by default.
• API Usage Logs: Data will be accessible for 2 months from the UI. Then, it will be archived for 12 months and will be accessible upon request.
• Session Data: Deleted immediately after session expiration.

miniOrange retains Employee Data as follows:

• Employee Personal Data: Retained for the duration of employment + 6 years after termination (unless required longer by law).
• Employee HR/Payroll Data: Retained for 5 years post-employment, or per jurisdictional requirements.

Data Deletion and Disposal

• Automated Deletion: Data exceeding retention periods is automatically deleted using secure methods to prevent recovery.
• Customer-Initiated Deletion: Customers may request data deletion by contacting support.
• Customer Contract Termination: Upon termination of services, all associated Customer data is deleted immediately, unless legal obligations require otherwise.
• Employee/HR Deletion Requests: Employee data is retained per legal timelines; certain deletions may be requested subject to compliance reviews.

Data Archiving

Certain data, such as critical logs and audit trails, may be archived securely using encrypted storage solutions. Archived data is accessible only to authorized personnel and retained per agreed-upon schedules.

Legal and Regulatory Compliance

miniOrange may retain data longer if required by:

• Legal Obligations: Compliance with laws such as GDPR, HIPAA, or other applicable regulations.
• Law Enforcement Requests: In response to valid legal processes.
• Dispute Resolution: For the duration of any dispute or litigation.
• Tax and Employment Regulations: For fulfilling statutory requirements applicable to employee data.

Security Measures

To protect retained data:

• Encryption: All data is encrypted both at rest and in transit.
• Access Controls: Access is restricted based on the principle of least privilege.
• Regular Audits: Periodic audits ensure compliance with retention and security policies.

Customer Configurability

Enterprise customers have the option to customize retention settings for specific data types through the platform settings or contractual agreements.

Policy Review and Updates

This policy is reviewed annually or upon significant changes in legal, regulatory, or business requirements. Updates are communicated to customers through official channels.

Contact Information

For questions or requests related to this Data Retention Policy, please contact us at info@xecurify.com