Draft template

Data Retention & Deletion Policy

Proposed lifecycle rules for active data, backups, exports, and deletion.

DRAFT TEMPLATE — NOT LEGAL ADVICE. This document has not been approved by an attorney. It must be reviewed, completed, and approved by qualified counsel before CatOps or any Client signs it or relies on it.

Bracketed fields require a business decision or verified fact. Do not remove this notice or present this document as final until counsel has approved it and CatOps has verified every operational and security statement.

Purpose and Data Ownership

This policy describes the proposed lifecycle of Client Data in CatOps. Client retains its rights in Client Data, subject to the parties’ agreements. Final periods must match the production architecture, backup configuration, legal obligations, and contracted requirements.

Active Subscription

During an active subscription, operational records are retained as needed to provide the subscribed service and according to Client-configured workflows. Client administrators are responsible for authorized deletion and for retaining independent copies of records that law, regulation, insurance, tax, quality, or Client policy requires them to preserve.

Export and Termination

Before termination, Client should use available export features and request any agreed assisted export. Proposed post-termination access/export window: [30 days], unless law or the Order Form requires otherwise. After that window, CatOps may delete or de-identify production Client Data, subject to backups, legal holds, security records, and records CatOps must retain for legitimate legal or financial purposes.

Backups

Proposed backup schedule: [frequency]. Proposed backup retention: [number of days]. Deleted production data may remain in protected backups until those backups expire through normal rotation. Backups are intended for service recovery and are not an archival service or a substitute for Client record-retention controls. Engineering must verify restoration procedures and actual retention before these statements are finalized.

Account, Log, and Security Records

Authentication, audit, diagnostic, support, billing, and security records may follow different retention periods based on security, contractual, and legal needs. The final retention schedule should list each category, system of record, period, owner, deletion method, and exception.

Deletion Requests and Legal Holds

Authorized Client administrators may submit requests to [privacy/support email]. CatOps may verify authority, explain applicable limitations, and retain information subject to a legal hold, dispute, fraud prevention, security investigation, or mandatory retention obligation. CatOps will document completion or the reason a request cannot be fully completed.