Available for new projects
Xylexthord logo
Xylexthord
Data migration & integration specialists

Data Retention Policy

Last updated: April 1, 2024

This Data Retention Policy describes how Xylexthord collects, stores, and deletes data generated through the use of its services. By using our services, you acknowledge the practices described in this policy.


1. Purpose and Scope

This policy applies to all personal data, account data, usage data, and service-generated data processed by Xylexthord in connection with the delivery of its data migration and integration services. It covers data held in all systems operated or controlled by Xylexthord, including production databases, backup systems, logs, and archival storage.

The purpose of this policy is to ensure that data is retained only for as long as necessary to fulfill the purposes for which it was collected, to comply with applicable legal and contractual obligations, and to protect the rights of individuals whose data we process.


2. Categories of Data We Retain

2.1 Account and Identity Data

This includes information provided during registration and account management, such as name, email address, organization name, billing information, and authentication credentials. This data is retained for the duration of the active account relationship and for a defined period following account termination.

2.2 Service and Transaction Data

Data generated through the use of our services, including migration job configurations, integration pipeline definitions, transformation rules, scheduling settings, and associated metadata. This data is retained for the duration of the service agreement and for a limited period thereafter to support auditing and dispute resolution.

2.3 Customer-Supplied Data

Data provided by clients for the purpose of migration or integration processing. This data is treated as transient and is not retained beyond the completion of the relevant service task unless explicitly agreed otherwise in writing. Clients are responsible for maintaining their own copies of source data.

2.4 Usage and Diagnostic Logs

System-generated records including access logs, error logs, performance metrics, and audit trails. These are retained for operational and security purposes for a limited period as described in the retention schedule below.

2.5 Communication Records

Records of correspondence between clients and Xylexthord, including support tickets, email exchanges, and feedback submissions. These are retained to maintain service continuity and for quality assurance purposes.

2.6 Financial and Billing Records

Invoices, payment records, and related financial documentation are retained in accordance with standard accounting and tax record-keeping requirements.


3. Retention Schedule

Data Category Retention Period Basis for Retention
Account and Identity Data Duration of account plus 24 months after closure Contractual obligation, legitimate interest
Service and Transaction Data Duration of active service plus 12 months Contractual obligation, audit requirements
Customer-Supplied Data Up to 30 days after task completion Service delivery, then deleted
Usage and Diagnostic Logs 90 days (standard), up to 12 months (security events) Operational security, incident response
Communication Records 36 months from last interaction Legitimate interest, service continuity
Financial and Billing Records 7 years from transaction date Legal and accounting obligations
Backup Copies Up to 90 days from original deletion date System integrity and recovery

4. Data Deletion and Destruction

4.1 Standard Deletion Process

When data reaches the end of its defined retention period, it is scheduled for deletion through our automated data lifecycle management processes. Deletion is performed in a manner that renders the data unrecoverable, using secure overwriting or cryptographic erasure methods appropriate to the storage medium.

4.2 Backup and Archive Purging

Data deleted from primary systems may continue to exist in backup copies for up to 90 days following the deletion event. Backup purging occurs on a rolling schedule. Backup data is not accessed for any operational purpose other than disaster recovery and is subject to the same access controls as primary data.

4.3 Third-Party Subprocessors

Where data is processed by subprocessors on our behalf, we require those subprocessors to apply retention and deletion standards consistent with this policy. Upon termination of a subprocessor relationship, we take steps to ensure that data held by the subprocessor is returned or destroyed.

4.4 Legal Hold

In circumstances where data is subject to a legal hold, regulatory inquiry, or active dispute, normal deletion schedules are suspended for the affected data until the hold is lifted. Data under legal hold is segregated and access is restricted to authorized personnel only.


5. Account Termination and Data Export

Upon termination of a client account, whether initiated by the client or by Xylexthord, clients are provided with a defined window during which they may request export of their service data. This window is specified in the applicable service agreement. After this window closes, data deletion proceeds in accordance with the schedule set out in Section 3.

Clients are encouraged to export all necessary data prior to account termination. Xylexthord does not guarantee the availability of data for export after the defined window has elapsed.


6. Data Minimization

Xylexthord applies the principle of data minimization throughout its operations. We collect and retain only the data that is necessary for the stated purpose. Where data can be anonymized or aggregated without losing its utility for operational or analytical purposes, we apply such techniques to reduce the retention of identifiable personal data.


7. Access Controls During Retention

Data retained within our systems is protected by access controls that restrict availability to personnel with a legitimate operational need. Access to retained data is logged and periodically reviewed. Retained data is not used for any purpose other than those specified at the time of collection, except where required by law or as described in this policy.


8. Individual Rights Regarding Retained Data

Individuals whose personal data we retain may have rights in relation to that data, including the right to request access, correction, or deletion. Requests to exercise these rights can be submitted to us using the contact details provided at the end of this policy. We will respond to all valid requests within a reasonable timeframe.

Where deletion is requested and the data is not subject to a legal hold or mandatory retention obligation, we will carry out deletion within 30 days of receiving a valid request and will confirm completion to the requester.


9. Retention of Anonymized Data

Anonymized and aggregated data from which no individual can reasonably be identified is not subject to the retention periods set out in this policy and may be retained indefinitely for product improvement, analytics, and service development purposes.


10. Policy Review and Updates

This policy is reviewed at least annually and updated as necessary to reflect changes in our services, data processing practices, or applicable legal requirements. The date of the most recent revision is displayed at the top of this document. Continued use of our services following the publication of a revised policy constitutes acceptance of the updated terms.

Material changes to this policy will be communicated to active clients through the contact information associated with their account prior to the changes taking effect.


11. Contact Information

For questions, concerns, or requests relating to this Data Retention Policy, or to exercise any rights you may have in relation to data we hold, please contact us using the following details:

Xylexthord

Bazova St, 17, Odesa, Odessa Oblast, Ukraine, 65033

Email: contact@xylexthord.com

Phone: +380462231383

Website: xylexthord.com