Data Retention Policy

Effective Date: October 24, 2025

1. Retention Periods

Account Data

  • Active Accounts: Retained while account is active
  • Inactive Accounts: Deleted after 2 years of inactivity
  • Deleted Accounts: Permanently deleted within 30 days of deletion request

Verification Reports

  • Standard Storage: 1 year from creation
  • User Deletion Request: 30 days
  • Legal Hold: Retained as required by law

Uploaded Documents

  • Resumes and Files: Deleted when associated report is deleted
  • Maximum Storage: 1 year unless actively used

System Logs

  • Activity Logs: 90 days
  • Security Logs: 1 year
  • Error Logs: 30 days

Payment Information

  • Transaction History: 7 years (tax and legal requirements)
  • Payment Methods: Deleted 30 days after removal or account closure

2. Deletion Process

When data is scheduled for deletion:

  1. Data is marked for deletion in our primary database
  2. Access is immediately revoked
  3. Data is securely removed from production systems within 30 days
  4. Backup copies are purged within 90 days

3. User-Initiated Deletion

You can request deletion of:

  • Individual verification reports
  • Specific uploaded documents
  • Your entire account and all associated data

To request deletion, go to your account settings or contact privacy@bastyn.com

4. Legal and Compliance Holds

We may retain data longer than specified periods if required by:

  • Legal proceedings or investigations
  • Regulatory requirements
  • Contractual obligations
  • Legitimate business interests (e.g., fraud prevention)

5. Data Minimization

We practice data minimization by:

  • Collecting only necessary information
  • Anonymizing data where possible
  • Regularly reviewing and purging unused data
  • Limiting access to authorized personnel only

6. Third-Party Data

Data about candidates that you verify through our platform is YOUR data. You are responsible for:

  • Obtaining appropriate consent before collection
  • Complying with applicable data protection laws
  • Determining your own retention requirements
  • Deleting data when no longer needed

Policy Updates

We review this policy annually and may update retention periods based on legal requirements or business needs. Users will be notified of significant changes.

Questions?

Contact us at privacy@bastyn.com