1. Purpose
This Data Retention & Secure Disposal Policy ("Policy") establishes the principles and procedures followed by ServerSage CloudTech Pvt. Ltd. ("ServerSage", "Company", "we", "our", or "us") for retaining, protecting, archiving, and securely disposing of customer, business, operational, and technical information.
The purpose of this Policy is to:
- Protect customer information
- Meet contractual obligations
- Support legal and regulatory compliance
- Enable business continuity
- Reduce unnecessary data retention
- Ensure secure destruction of obsolete information
2. Scope
This Policy applies to:
- Customers
- Resellers
- Partners
- Vendors
- Employees
- Contractors
- Consultants
- Managed Service Customers
- Customer Portals
- Backup Systems
- Email Systems
- Cloud Infrastructure
- Physical Records
- Electronic Records
3. Information Covered
This Policy applies to information including:
- Customer Accounts
- Contact Information
- KYC Records
- PAN Information
- Aadhaar Verification Records (where applicable)
- Billing Records
- GST Information
- Invoices
- Contracts
- Purchase Orders
- Support Tickets
- Email Communications
- Backup Files
- Server Logs
- Security Logs
- Firewall Logs
- VPN Logs
- Authentication Logs
- Infrastructure Monitoring Data
- Customer Configuration Information
4. Retention Principles
ServerSage retains information only for legitimate business purposes, including:
- Service delivery
- Security monitoring
- Customer support
- Regulatory compliance
- Taxation
- Contract enforcement
- Dispute resolution
- Fraud prevention
- Business continuity
- Audit requirements
Information that is no longer required will be securely disposed of in accordance with this Policy.
5. Standard Retention Periods
Record Type
Typical Retention Period
- Customer Account Records
- Duration of relationship + legal retention period
- Billing Records
- As required under applicable tax laws
- GST Records
- As required under GST regulations
- Contracts & Agreements
- Contract term + limitation period
- KYC Records
- As required by law or business necessity
- Support Tickets
- Up to 7 years
- Security Logs
- Based on operational and security requirements
- Backup Metadata
- According to purchased backup plan
- Email Communications
- Based on operational requirements
- Website Logs
- As required for security and diagnostics
Retention periods may be extended where required by investigations, litigation, audits, or legal obligations.
6. Customer Data
Customer data stored on ServerSage infrastructure remains the responsibility of the customer.
Customers are encouraged to:
- Maintain independent backups where managed backup services have not been purchased.
- Download required information before requesting service termination.
- Verify restoration procedures periodically.
Following termination, ServerSage may delete customer data after the applicable retention period unless otherwise agreed or required by law.
7. Backup Retention
Where Backup as a Service has been purchased, retention periods will be governed by the customer's selected backup plan or applicable service agreement.
Customers are responsible for selecting backup schedules and retention periods appropriate to their operational and regulatory requirements.
8. Secure Disposal
When information reaches the end of its retention period, ServerSage will take commercially reasonable steps to securely dispose of it.
Methods may include:
- Secure deletion of electronic records
- Cryptographic erasure where appropriate
- Physical destruction of storage media where required
- Secure disposal of paper records
- Removal from active production systems
- Decommissioning of retired storage devices
9. Legal Holds
Where information becomes subject to:
- Litigation
- Government investigation
- Court order
- Regulatory inquiry
- Internal investigation
ServerSage may suspend normal disposal processes until the matter has been resolved.
10. Information Security
Information retained by ServerSage is protected using reasonable administrative, technical, and physical safeguards including:
- Role-Based Access Controls (RBAC)
- Multi-Factor Authentication
- Encryption where appropriate
- Access logging
- Security monitoring
- Backup protection
- Physical security controls
11. Customer Requests
Customers may request deletion of personal information where permitted by applicable law.
ServerSage may decline deletion requests where information must be retained to:
- Comply with legal obligations
- Complete contractual obligations
- Resolve disputes
- Prevent fraud
- Maintain security
- Exercise or defend legal claims
12. Policy Review
This Policy will be reviewed periodically and updated where necessary to reflect changes in:
- Applicable laws
- Business operations
- Technology
- Security practices
- Customer requirements
Updated versions will be published with a revised effective date.
13. Contact Information
Privacy & Compliance
ServerSage CloudTech Pvt. Ltd.
- HD-102, 13th Floor
- WeWerk 247 Park
- Lal Bahadur Shastri Road
- Gandhi Nagar
- Vikhroli West
- Mumbai – 400079
- Maharashtra
- India
Privacy: privacy@serversage.com
Legal: legal@serversage.com
Support: support@serversage.com
Website: https://www.serversage.com
14. Governing Law
This Policy shall be governed by the laws of India.
Any disputes arising under or relating to this Policy shall be subject to the exclusive jurisdiction of the competent courts located in Mumbai, Maharashtra.