Policies
      Back to home
      1. Knowledge Center
      2. Policies

      ManoByte, Inc. Record and Data Destruction Policy

      1. Purpose The purpose of this policy is to establish guidelines for the retention and destruction of records and data handled by ManoByte, Inc. to ensure compliance with legal, regulatory, and contractual obligations, and to protect the privacy of

      2. Scope

      This policy applies to all records, both digital and physical, stored by ManoByte, Inc., including employee records, client data, and any other sensitive or proprietary information.

      3. Definitions

      • Records: Includes all information, in any form (e.g., physical, digital), that ManoByte, Inc. retains for operational, legal, or regulatory purposes.
      • Sensitive Data: Personal identifiable information (PII), financial records, and any data considered sensitive under laws such as GDPR, HIPAA, and FIPA.
      • Data Destruction: The process of permanently removing or deleting data from all media (physical or electronic) so that it cannot be recovered.

      4. Retention Periods

      ManoByte will retain records as follows:

      • Employee Records: Retained for 1 year post-termination, except for tax, legal, or compliance records, which are retained for 5 years.
      • Client Project Data: Retained for 2 years after project completion unless otherwise specified by the client.
      • Financial Records: Retained for 7 years to meet audit and tax requirements.
      • Contracts and Agreements: Retained for 6 years after contract termination.
      • Password Data: Stored in 1Password and managed according to internal access controls.

      5. Storage and Access Control

      • Employee records are stored securely in cloud storage with access limited to leadership (HR, Finance, and Operations teams).
      • Client data is stored temporarily in cloud services or HubSpot during implementation. Access to this data is restricted to team members involved in the project.
      • Passwords for systems are stored securely in 1Password.

      6. Data Destruction Process

      Data destruction at ManoByte will follow the established retention periods outlined in Section #4. The process is as follows:

      • Employee Data: HR will ensure that all employee data (such as records stored in cloud systems) is securely deleted after the 1-year retention period, with exceptions for legal and tax documents, which will be retained for up to 5 years. This includes data in Google Workspace, 1Password, and other internal systems.

      • Client Data: Project Managers will ensure that all client project data stored in HubSpot or cloud services is securely deleted within 30 days after the 2-year retention period, unless a longer retention period is requested by the client in writing. If sensitive data is stored temporarily for project purposes, it will be deleted immediately after the project is completed and reviewed with the client.

      • Financial Records: Financial data will be retained for 7 years for audit and tax purposes, after which it will be securely deleted from cloud storage systems.

      • Contracts and Agreements: Legal and contractual records will be retained for 6 years following contract termination. Once this period expires, the records will be deleted from both digital storage and physical archives (if applicable).

      • Digital Files: Any digital files no longer needed and beyond their retention period (such as project files, employee data, or old financial records) will be deleted from Google Drive, HubSpot, and other cloud storage services. Leadership will ensure this is executed quarterly during the review process.

      • Physical Records: If any physical records are retained, they will be shredded after they have reached the end of their retention period, according to the timeline outlined in Section #4.

      7. Methods of Destruction

      • Digital Data: Use cloud storage or platform-specific tools to ensure permanent deletion of files. No file should remain in backups beyond its retention period.
      • Passwords: Remove all passwords associated with past employees or completed projects from 1Password and update credentials as necessary.
      • Physical Data: All paper records will be shredded to ensure they cannot be reconstructed.

      8. Review and Audits

      • Quarterly Reviews: The VP of Operations or their designee will conduct quarterly reviews to ensure compliance with this policy. Reviews will include verifying retention periods and ensuring data destruction has occurred where appropriate.
      • Destruction Logs: A log will be maintained for all data destruction activities, noting the date, data type, and method of destruction.

      9. Compliance

      Failure to comply with this policy may result in disciplinary action. Any incidents of non-compliance should be reported to the VP of Operations.

      10. Amendments

      This policy may be updated periodically to reflect changes in regulatory requirements, company practices, or technology.