Smartsoochi – Data Retention Policy

Effective Date, 01 January 2020
Last Updated, 22 November 2025

This Data Retention Policy (“Policy”) defines how Smartsoochi, a unit of Smart 24×7 Response Private Limited  (“Smartsoochi,” “we,” “our,” or “us”) collects, stores, manages, and deletes customer and user data generated through the Smartsoochi Platform (“Platform”). The Policy ensures compliance with applicable data protection laws, information security standards, and contractual obligations.

Smartsoochi recognizes the importance of protecting operational and personal information while maintaining data availability for legitimate business, audit, and regulatory purposes.

1. Purpose and Objective

1.1 The purpose of this Policy is to establish a transparent framework for retaining data collected and processed by Smartsoochi.
1.2 The objectives include,

• Defining clear timelines for data retention and deletion.
  
  
• Ensuring compliance with applicable laws and client contracts.
  
  
• Maintaining business continuity and traceability for audits.
  
  
• Protecting sensitive and personal data from unauthorized access or misuse.

1.3 This Policy applies to all users, organizations, partners, employees, and contractors accessing the Smartsoochi Platform or handling its data.

2. Scope

2.1 This Policy covers all categories of data collected, processed, or stored within the Smartsoochi ecosystem, including but not limited to,

• Personal data of registered users and administrators.
  
  
• Operational and checklist data generated through Platform use.
  
  
• Photos, videos, and other multimedia evidence captured during tasks or inspections.
  
  
• System logs, device metadata, and audit trails.
  
  
• Customer configuration data, workflows, and integrations.
  
  

2.2 The Policy applies to all storage media, including databases, cloud servers, backups, logs, and data exports.

3. Guiding Principles

Smartsoochi follows these principles when managing data retention,

• Lawfulness and Transparency, Data is retained only for legitimate business and legal purposes.
  
  
• Data Minimization, Only necessary data is retained, redundant information is periodically purged.
  
  
• Security, Retained data is encrypted and protected using industry-grade standards.
  
  
• Accountability, Data retention and deletion actions are logged and auditable.
  
  
• Customer Control, Clients can request data exports, extensions, or deletion as per contract terms.
  
  

4. Types of Data and Retention Periods

The following retention durations define the standard lifecycle of data within Smartsoochi systems. Custom durations may apply based on client agreements or regulatory mandates.

4.1 User Account Data

Includes user profiles, credentials, contact details, and authentication logs.

• Retention, Active during the subscription period.
  
  
• Post-Termination, Retained for 90 days after subscription end to enable account reactivation or data export.
  
  
• Deletion, After 90 days, user records and credentials are permanently deleted, except where legal obligations require extended retention.
  
  

4.2 Operational Data

Includes checklists, audits, task updates, and workflow records.

• Retention, Retained for the duration of the active contract plus 90 days post-termination.
  
  
• Deletion, Automatically purged after the retention period through a secure erasure process.
  
  
• Exception, Extended retention may be provided under enterprise agreements or government mandates.
  
  

4.3 Multimedia and Evidence Files

Includes photographs, videos, audio clips, and digital signatures captured as proof of task completion.

• Retention, Stored for 90 days post-contract termination unless otherwise requested.
  
  
• Deletion, Permanently deleted from primary and backup storage after expiry.
  
  
• Customer Option, Clients may request earlier deletion or retention extension by submitting a written request.
  
  

4.4 System Logs and Audit Trails

Covers login logs, API usage, configuration history, and system performance data.

• Retention, Maintained for 180 days to support security audits, troubleshooting, and compliance reviews.
  
  
• Deletion, Automatically deleted after the defined retention window.
  
  

4.5 Backup Data

Includes full system and database backups stored in secure, encrypted repositories.

• Retention, 30 days rolling backup retention policy.
  
  
• Deletion, Backups exceeding 30 days are automatically overwritten or destroyed.
  
  
• Access, Limited strictly to authorized infrastructure engineers under monitored conditions.
  
  

4.6 Financial and Transactional Records

Includes invoices, payment confirmations, and billing history.

• Retention, Retained for seven (7) years to comply with financial and taxation regulations.
  
  
• Deletion, Purged after legal compliance requirements expire.
  
  

4.7 Customer Communication Data

Includes support tickets, chat transcripts, and email communications.

• Retention, Stored for two (2) years from the date of closure for quality assurance and legal reference.
  
  
• Deletion, Securely deleted or anonymized after the retention period.
  
  

5. Secure Storage and Encryption

5.1 All data within Smartsoochi systems is protected through,

• AES-256 encryption for data at rest.
  
  
• TLS 1.3 encryption for data in transit.
  
  
• Role-based access control (RBAC) and multi-factor authentication (MFA).
  
  
• Periodic vulnerability assessments and audit trails.
  
  

5.2 Data stored on user devices (mobile applications) is encrypted locally and automatically synchronized with the cloud when connectivity is restored.

6. Data Deletion and Disposal

6.1 Upon reaching the end of the retention period, data is permanently deleted through cryptographic wiping or secure overwrite mechanisms.
6.2 Deletion actions are logged in the audit register to ensure traceability.
6.3 Deleted data cannot be recovered after final confirmation.
6.4 Clients may request proof of deletion in the form of a Data Deletion Certificate.

7. Data Retention for Legal and Regulatory Compliance

7.1 Smartsoochi may retain certain information beyond standard retention periods when required to,

• Comply with applicable laws or government regulations.
  
  
• Fulfill contractual or audit obligations.
  
  
• Respond to ongoing disputes or investigations.

7.2 Such data is archived in a restricted environment with limited access until the retention obligation expires.

8. Customer Rights and Requests

8.1 Clients have the right to,

• Request access to retained data.
  
  
• Export data in standard formats (CSV, Excel, or PDF).
  
  
• Request early deletion of specific datasets.
  
  
• Extend the retention period for compliance or audit purposes.

8.2 All requests should be sent to privacy@smartsoochi.com or the assigned Account Manager.
8.3 Smartsoochi will process valid requests within thirty (30) days of receipt.

9. Roles and Responsibilities

9.1 Data Protection Officer (DPO), Oversees data retention compliance and approves deletion processes.
9.2 Infrastructure Team, Ensures secure backup, encryption, and timely deletion of expired data.
9.3 Client Administrator, Responsible for managing user accounts, data exports, and organization-specific retention configurations.
9.4 End Users, Must follow organizational guidelines and avoid storing unnecessary personal or confidential information in open text fields.

10. Monitoring and Compliance

10.1 Smartsoochi conducts periodic audits to verify adherence to this Policy.
10.2 Automated scripts monitor retention timelines and trigger deletion workflows.
10.3 Non-compliance incidents are reported to the DPO for immediate review and corrective action.
10.4 Smartsoochi complies with the Information Technology (Reasonable Security Practices and Procedures) Rules 2011 and adheres to GDPR-aligned retention standards where applicable.

11. Exceptions

11.1 In exceptional cases, specific data types may be retained longer if,

• Mandated by law enforcement or regulatory authorities.
  
  
• Required for legal defense or dispute resolution.
  
  
• Necessary for long-term contractual obligations with clients.

11.2 Any exceptions are documented, justified, and reviewed periodically.

12. Policy Review and Updates

12.1 This Policy is reviewed annually or whenever significant technological, legal, or operational changes occur.
12.2 Updated versions will be published on the Smartsoochi website with the revised effective date.
12.3 Clients will be notified of major amendments via email or in-platform announcements.

13. Contact Information

For questions, clarifications, or to exercise data retention rights, contact,
Data Protection Officer (DPO)
Smartsoochi Technologies Private Limited
New Delhi, India
Email, privacy@smartsoochi.com

14. Governing Law and Jurisdiction

This Data Retention Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising hereunder shall be subject to the exclusive jurisdiction of the courts in New Delhi, India.