# Record Retention Policy

**Record Retention Policy**

Outlines the guidelines and procedures for managing customer records to ensure compliance with legal, regulatory, and operational requirements. We are committed to maintaining transparency, data security, and efficient record-keeping practices.

**Scope** This policy applies to all customer records, whether physical or digital, that are created, received, maintained, or disposed of by Clever Ideas. This includes but is not limited to:

- Contracts and agreements
- Correspondence (emails, letters, etc.)
- Financial records (invoices, payments, etc.)
- Customer feedback and support tickets
- Project documentation

**Retention Periods**

<table id="bkmrk-type-of-record-reten"><tbody><tr><td>**Type of Record**

</td><td>**Retention Period**

</td><td>**Reason**

</td></tr><tr><td>Contracts and Agreements

</td><td>5 years after termination

</td><td>Legal compliance and audits

</td></tr><tr><td>Financial Records (Invoices, etc.)

</td><td>5 years

</td><td>Tax and regulatory requirements

</td></tr><tr><td>Customer Correspondence

</td><td>3 years

</td><td>Operational reference and support

</td></tr><tr><td>Project Documentation

</td><td>2 years after completion

</td><td>Knowledge retention

</td></tr><tr><td>Customer Feedback and Support Tickets

</td><td>2 years

</td><td>Service improvement

</td></tr><tr><td>Marketing and Promotional Data

</td><td>1 year

</td><td>Privacy compliance and relevance

</td></tr></tbody></table>

**Record Storage**

1. **Digital Records**: Stored in secured cloud storage systems with encryption and role-based access controls.
2. **Physical Records**: Kept in locked file cabinets within restricted areas.
3. **Backup**: Regular backups are performed for all critical digital records to ensure recoverability in case of data loss.

**Access and Security**

- Access to customer records is limited to authorized personnel only, based on the principle of least privilege.
- Regular audits will be conducted to ensure compliance with security standards.
- Confidential information is safeguarded against unauthorized access, alteration, and deletion.

**Disposal of Records**

- **Digital Records**: Secure deletion methods, such as data shredding or overwriting, will be used.
- **Physical Records**: Shredding or incineration to prevent unauthorized access.

**Compliance and Monitoring**

- This policy complies with relevant data protection laws and applicable local regulations.
- A review of this policy will be conducted to ensure alignment with changes in legal or operational requirements.
- Non-compliance with this policy may result in disciplinary action.

**Policy Ownership**

The IT Manager is responsible for:

- Ensuring the implementation and enforcement of this policy
- Providing training to employees on record retention practices
- Monitoring compliance and addressing any concerns promptly