Login  
Hello there!

Need Help? We are right here!
miniorange Support~
miniOrange Email Support
success

Thanks for your Enquiry.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Data Retention

Purpose

The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by miniOrange or are of no value are discarded at the proper time. This Policy represents the miniOrange’s policy regarding the retention and disposal of records and the retention and disposal of electronic documents.

In order to provide customers with secure choices and what data we store, how we process the data and how the data is purged is mentioned in this policy.

For Details regarding the data storage and Data process you can go through our Privacy Policy by clicking here.

This Data Retention Policy will set out for which data is to be retained, the criteria for establishing and reviewing such period(s), and when and how it is to be deleted or otherwise disposed of.

Application Generated Data/ Logs Suspension

miniOrange only stores the Generic Information and internal system information connected to User Identification and Customer Identification. Other Personal Information or HTTP API Responses information, etc is not stored.

All important data/ information stored is masked or encrypted.

You can go through the security practices maintained by miniOrange for the stored data here: Security Practices

Data Retention Period

The Application/Logs data is stored on Accessible Servers for a duration of two months. If Customer wants any information, they can submit their request and miniOrange can provide this data between these 2 months from the date of generation. The data after 2 months is archived.

miniOrange can provide the data from the archived upon the request of customers and by considering the severity of the data requirement.

Data Deletion is performed automatically after the validity specified for each of the archived file. miniOrange will not be responsible for the data once deleted.

Data Backup

miniOrange stores the backup of the data in case of emergency issues and immediate concerns. The backup of the data is available with miniOrange for a duration of two years as per the laws.

The Data Backup is purged automatically by the system after the validity.

You can refer to the security practices of miniorange for security of the Data Backup by clicking on this link.

Contact

If you have any questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:

Email us at: info@xecurify.com

Or call us at: +1 978 658 9387

Or you can fill form with your question/concern: https://www.miniorange.com/contact


Last updated: December 13, 2024

Purpose

This Data Retention Policy will set out for which data is to be retained, the criteria for establishing and reviewing such period(s), and when and how it is to be deleted or otherwise disposed of.

The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by miniOrange or are of no value are discarded at the proper time.

This Policy represents the miniOrange’s policy regarding the retention and disposal of records and the retention and disposal of electronic documents.

In order to provide customers with secure choices what data we store, how we process the data, and how the data is purged is mentioned in this policy.

miniOrange seeks to ensure that it retains only data necessary to effectively conduct its service or activities and work in fulfilment of its mission.

The need to retain data varies widely with the type of data and the purpose for which it was collected. iniOrange strives to ensure that data is only retained for the period necessary to fulfil the purpose for which it was collected and is fully deleted when no longer required

For Details regarding the data storage and Data process, you can go through our Privacy Policy by clicking here.

This policy sets forth miniOrange’s guidelines on data retention and is to be consistently applied throughout the organization.

Scope

This policy covers all data collected by miniOrange and stored on miniOrange-owned systems and media, regardless of location. It applies to both, data collected and held electronically (including photographs, video, and audio recording if necessary) and data that is collected and held as hard copy or paper files. The need to retain certain information may be mandated by federal or local law, federal regulations and legitimate business purposes, as well as the EU General Data Protection Regulation (GDPR).

Reasons for Data Retention and Period

miniOrange retains only the necessary data to effectively carry out the business, fulfill its mission, and comply with applicable laws and regulations. Reasons for data retention include:

  • Providing an ongoing service to the data subject (e.g. sending a newsletter, publication, or ongoing program updates to an individual, ongoing training or participation for conferences in Xecurify’s programs, processing of employee payroll and other benefits).
  • Compliance with applicable laws and regulations associated with financial report, applicable labor, tax and immigration laws not to limited but related to other regulatory requirements.
  • Security incident or other investigation.
  • Intellectual property preservation.
  • Litigation.
  • Website visitor data will be retained as long as necessary to provide the service requested/initiated through the miniOrange website.
  • Contributor data will be retained for the year in which the individual has contributed and then for three after the date of the last contribution. Financial information will not be retained longer than is necessary to process a single transaction.
  • Event participant data will be retained for the period of the event, including any follow-up activities, such as the distribution of reports, plus a period of two years.
  • Conference/Program participant data (including sign-in sheets) will be retained for the duration of the grant agreement that financed the program plus any additional time required under the terms of the grant agreement.
  • Personal data of subgrantees, subcontractors, and vendors will be kept for the duration of the contract or agreement.
  • Employee data will be held for the duration of employment and then [Duration] after the last day of employment.
  • Data associated with employee wages, leave and pension shall be held for the period of employment plus two years, with the exception of pension eligibility and retirement beneficiary data which shall be kept for two years.
  • Recruitment data, including interview notes of unsuccessful applicants, will be held for one year after the closing of the position recruitment process.
  • Consultant (both paid and pro bono) data will be held for the duration of the consulting contract plus three after the end of the consultancy.
  • Board member data will be held for the duration of service on the Board plus for three years after the end of the member’s term.
  • Data associated with tax payments (including payroll, corporate, and VAT) will be held for three years.

Data Duplication

miniOrange seeks to avoid duplication in data storage whenever possible, though there may be instances in which for programmatic or other business reasons it is necessary for data to be held in more than one place. This policy applies to all data in Xecurify’s possession, including duplicate copies of data.

Application Generated Data / Logs Suspension

miniOrange only stores the Generic Information and internal system information connected to User Identification and Customer Identification. Other Personal Information or HTTP API response information, etc is not stored.

All important data/ information stored is masked or encrypted.

You can go through the security practices maintained by miniOrange for the stored data here: Security Practices

Data Retention Period for Application / Logs

The Application/Logs data is stored on Accessible Servers for a duration of two months. If Customer wants any information, they can submit their request and miniOrange can provide this data between these 2 months from the date of generation. The data after 2 months is archived.

miniOrange can provide the data from the archived upon the request of customers and by considering the severity of the data requirement.

Data Deletion is performed automatically after the validity specified for each of the archived file. miniOrange will not be responsible for the data once deleted.

Data Destruction

Data destruction ensures that Xecurify manages the data it controls and processes it in an efficient and responsible manner. When the retention period for the data as outlined above expires, miniOrange will actively destroy the data covered by this policy. Any exceptions to this data retention policy must be approved by miniOrange’s data protection offer in consultation with legal counsel. In rare circumstances, a litigation hold may be issued by legal counsel prohibiting the destruction of certain documents. A litigation hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.

Data Backup

miniOrange stores the backup of the data in case of emergency issues and immediate concerns. The backup of the data is available with miniOrange for a duration of two years as per the laws.

The Data Backup is purged automatically by the system after the validity.

You can refer to the security practices of miniOrange for the security of the Data Backup by clicking on this link.

Contact

If you have any questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:

Email us at: info@xecurify.com

Or call us at: +1 978 658 9387

Or you can fill form with your question/concern: https://www.miniorange.com/contact


Last updated: May 07, 2025

Purpose

This Data Retention Policy outlines miniOrange’s procedures for managing, retaining, and securely disposing of customers collected through our solutions, products, website & miniOrange employee related data . Customer Data includes all electronic data submitted by or on behalf of a customer to miniOrange Services and Solutions. The policy ensures compliance with applicable laws, protects user privacy, and aligns with industry best practices.

Scope

This policy applies to all data collected, processed, and stored by miniOrange in the course of providing services, including but not limited to:

  • Customer Data:
    • User Identity Data: Usernames, email addresses, roles, groups, and custom attributes.
    • Authentication Data: Password hashes, multi-factor authentication settings, and single sign-on tokens.
    • Access Logs: Records of logins, token issuance, and resource access.
    • Audit Trails: Changes to policies, configurations, and privileges.
    • API Usage Logs: Logs of API calls made by tenants.
    • Session Data: Session tokens, device information, and IP addresses.
  • Employee-Related Data: Information related to current, former, or prospective employees for operational and HR purposes.

Data Retention Periods

miniOrange retains Customer Data as follows:

  • User Identity Data: Retained for the duration of the customer's subscription. Upon termination, data is deleted immediately unless otherwise required by law or contractual obligation.
  • Authentication Data: Data will be accessible for 2 months from the UI. Then, it will be archived for 12 months and will be accessible upon request. Deleted immediately upon user removal or contract termination.
  • Access Logs: Retained for 24 months by default.
  • Audit Trails: Retained for 24 months by default.
  • API Usage Logs: Data will be accessible for 2 months from the UI. Then, it will be archived for 12 months and will be accessible upon request.
  • Session Data: Deleted immediately after session expiration.

miniOrange retains Employee Data as follows:

  • Employee Personal Data: Retained for the duration of employment + 6 years after termination (unless required longer by law).
  • Employee HR/Payroll Data: Retained for 5 years post-employment, or per jurisdictional requirements.

Data Deletion and Disposal

  • Automated Deletion: Data exceeding retention periods is automatically deleted using secure methods to prevent recovery.
  • Customer-Initiated Deletion: Customers may request data deletion by contacting support.
  • Customer Contract Termination: Upon termination of services, all associated Customer data is deleted immediately, unless legal obligations require otherwise.
  • Employee/HR Deletion Requests: Employee data is retained per legal timelines; certain deletions may be requested subject to compliance reviews.

Data Archiving

Certain data, such as critical logs and audit trails, may be archived securely using encrypted storage solutions. Archived data is accessible only to authorized personnel and retained per agreed-upon schedules.

Legal and Regulatory Compliance

miniOrange may retain data longer if required by:

  • Legal Obligations: Compliance with laws such as GDPR, HIPAA, or other applicable regulations.
  • Law Enforcement Requests: In response to valid legal processes.
  • Dispute Resolution: For the duration of any dispute or litigation.
  • Tax and Employment Regulations: For fulfilling statutory requirements applicable to employee data.

Security Measures

To protect retained data:

  • Encryption: All data is encrypted both at rest and in transit.
  • Access Controls: Access is restricted based on the principle of least privilege.
  • Regular Audits: Periodic audits ensure compliance with retention and security policies.

Customer Configurability

Enterprise customers have the option to customize retention settings for specific data types through the platform settings or contractual agreements.

Policy Review and Updates

This policy is reviewed annually or upon significant changes in legal, regulatory, or business requirements. Updates are communicated to customers through official channels.

Contact Information

For questions or requests related to this Data Retention Policy, please contact us at info@xecurify.com



Last updated: September 16, 2025

Purpose

This Data Retention Policy will set out for which data is to be retained, the criteria for establishing and reviewing such period(s), and when and how it is to be deleted or otherwise disposed of.

The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained, and to ensure that records that are no longer needed by miniOrange or are of no value are discarded at the proper time.

In order to provide customers with secure choices, what data we store, how we process the data, and how the data is purged are mentioned in this policy, ensuring compliance with applicable EU (GDPR), DPDPA, and other global privacy regulations.

miniOrange aims to retain only the data necessary to effectively perform its services or activities and fulfill its mission.

The need to retain data varies widely with the type of data and the purpose for which it was collected. miniOrange strives to ensure that data is only retained for the period necessary to fulfil the purpose for which it was collected and is fully deleted when no longer required.

Its objectives are to protect customer data, fulfil statutory and contractual obligations, and support business operations while minimizing data-related risks.

For Details regarding the data storage and Data process you can go through our Privacy Policy by clicking here.

This policy sets forth miniOrange’s guidelines on data retention and is to be consistently applied throughout the organization.

Scope

This policy covers all data collected by miniOrange and stored on miniOrange-owned systems and media, regardless of location. The Policy applies to all customer data (personal and business information), collected and processed by miniOrange, regardless of format or medium (Cloud, Servers, database, paper files, backups) covering data processed by employees. Contractors and authorized 3rd parties. The need to retain certain information may be mandated by federal or local law, federal regulations and legitimate business purposes, as well as the EU General Data Protection Regulation (GDPR).

Reasons for Data Retention and Period

miniOrange retains only the necessary data to effectively carry out the business, fulfill its mission, and comply with applicable laws and regulations.

Reasons for data retention include:

  • Providing an ongoing service to the data subject (e.g., sending a newsletter, publication, or ongoing program updates to an individual, ongoing training or participation for conferences in miniOrnage’s programs, processing of employee payroll and other benefits).
  • Compliance with applicable laws and regulations associated with financial reports, applicable labor, tax, and immigration laws, not limited to, but related to other regulatory requirements.
  • Security incident or other investigation.
  • Intellectual property preservation.
  • Litigation.
  • Website visitor data will be retained as long as necessary to provide the service requested/initiated through the miniOrange website.
  • Contributor data will be retained for the year in which the individual has contributed and then for three years after the date of the last contribution.Financial information will not be retained longer than is necessary to process a single transaction.
  • Event participant data will be retained for the period of the event, including any follow-up activities, such as the distribution of reports, plus a period of two years.
  • Conference or Program participant data (including sign-in sheets) will be retained for the duration of the grant agreement that financed the program, plus any additional time required under the terms of the grant agreement.
  • Personal data of subgrantees, subcontractors, and vendors will be kept for the duration of the contract or agreement.
  • Employee data will be held for the duration of employment and then 5-8 years after the last day of employment.
  • Data associated with employee wages, leave, and pension shall be held for the period of employment plus two years, with the exception of pension eligibility and retirement beneficiary data, which shall be kept for two years.
  • Recruitment data, including interview notes of unsuccessful applicants, will be held for one year after the closing of the position recruitment process.
  • Consultant (both paid and pro bono) data will be held for the duration of the consulting contract plus three after the end of the consultancy.
  • Board member data will be held for the duration of service on the Board, plus for three years after the end of the member’s term.
    • Data Category Retention Period Notes or Legal Basis
    Account & contact info Lifetime of customer relationship + 3 years GDPR “storage limitation”; DPDPA Section 8
    Usage logs/app data 3 months to 2 years (per contract) Minimized per operational/security need
    Transaction records 7 years Tax, accounting, and compliance laws
    Support tickets/emails 2 years after resolution Business need: GDPR/DPDPA
    Consent registrations 7 years post-withdrawal (DPDPA) DPDPA requirement
    Contractual documents 7 years post-contract end Business/legal need
    Backup images 2 years or as contractually agreed Secure, restricted access
    Marketing communications Until opt-out or withdrawal + 1 year GDPR/DPDPA; business need

Data Duplication

MiniOrange seeks to avoid duplication in data storage whenever possible, though there may be instances in which for programmatic or other business reasons it is necessary for data to be held in more than one place. This policy applies to all data in miniOrange’s possession, including duplicate copies of data.

Application Generated Data/ Logs Suspension

miniOrange only stores the Generic Information and internal system information connected to User Identification and Customer Identification. Other Personal Information or HTTP API response information, etc is not stored.

All important data or information stored is masked or encrypted. Data not actively used but retained for compliance or business reasons will be archived and accessible only to authorized personnel.

You can go through the security practices maintained by miniOrange for the stored data here: Security Practices.

Data Destruction

Data destruction ensures that Xecuirfy manages the data it controls and processes it in an efficient and responsible manner. When the retention period for the data as outlined above expires, miniOrange will actively destroy the data covered by this policy. In rare circumstances, a litigation hold may be issued by legal counsel prohibiting the destruction of certain documents. A litigation hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.

Data Backup

miniOrange stores the backup of the data in case of emergency issues and immediate concerns. The backup of the data is available with miniOrange for a duration of two years as per the laws. The Data Backup is purged automatically by the system after its validity.

Method of Data Deletion and Disposal

Once the applicable retention period expires, customer data will be securely deleted from all production and backup systems (physical: shredding; electronic: secure erasure/cryptographic wiping).

Deletion events are logged for audit and regulatory review purposes.

In the event of withdrawal of consent or request for erasure, data will be deleted unless retention is needed to comply with other laws or defend legal claims.

    a. Secure Deletion:

    Upon termination of the Agreement, completion of the processing purpose, or upon written request from the Disclosing Party, miniOrange shall securely delete or destroy all confidential information and personal data—including all electronic and physical copies—in its possession or control.

    b. Physical Data Disposal:

    All physical records containing confidential or personal information shall be destroyed using cross-cut shredding, incineration, or other appropriate methods to prevent reconstruction or unauthorized access.

    c. Data in Backups and Archives:

    Backup copies and archived data must also be securely deleted according to documented retention schedules, and log files of such actions shall be maintained for audit purposes.

    d. Data Principal Rights

    Customers (data principals) have the right to access, rectify, restrict, or request deletion of their personal data at any time, except where retention is otherwise required by law.

    e. Legal Hold and Exceptions

    If data is subject to ongoing litigation, audit, or investigation, regular deletion is paused for relevant data until given clearance by the Legal/Compliance team.

    f. Cross-Border Transfers

    If customer data is transferred internationally, appropriate safeguards (e.g., Standard Contractual Clauses, government approvals under DPDPA) are implemented and documented, and customers are informed beforehand.

Policy Review and Updates

This Data Retention Policy will be reviewed annually or whenever significant changes in regulations, business needs, or technology occur. The policy shall be updated as necessary to reflect these changes.

Communication of Changes

Any changes to this policy will be communicated to all relevant personnel. The customer will be required to read and acknowledge any updates to ensure continued compliance.

Conclusion

By following this Data Retention Policy, miniOrange ensures that it complies with legal, regulatory, and operational requirements, protecting the organization’s data while managing storage resources effectively.

Contact

If you have any questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:

Email us at: info@xecurify.com

Or call us at: +1 978 658 9387

Or you can fill form with your question/concern: https://www.miniorange.com/contact