eXpress badging® is committed to protecting sensitive data throughout its lifecycle. This policy outlines how customer information is retained, managed, and securely deleted (“obliterated”) when accounts are closed or not renewed.
Data Retention
-
Active Accounts: Customer badge records, photos, and related files are retained for the duration of the subscription or service agreement.
-
Inactive / Non-Renewal: Data is flagged for removal upon account termination or non-renewal.
-
Retention Periods: Unless otherwise contractually specified, data is retained only as long as necessary to meet service obligations or legal/regulatory requirements.
Secure Deletion (“Obliteration”)
When records are deleted due to non-renewal, eXpress badging® follows industry-recognized standards to ensure data is permanently unrecoverable.
-
Application Layer: Badge records, photos, and uploaded files are deleted from production databases and storage systems.
-
NIST Alignment: Deletion methods follow the guidance of NIST SP 800-88 Rev. 1 (Guidelines for Media Sanitization), ensuring records cannot be reconstructed.
-
Backups: Data residing in encrypted system backups is automatically overwritten during the scheduled backup rotation cycle, ensuring full removal across all storage layers.
-
Verification: Deletion processes are logged and verified internally as part of compliance oversight.
Compliance Alignment
Our data retention and deletion controls align with:
-
SOC 2 Trust Services Criteria: Confidentiality and Privacy principles.
-
ISO 27001 Annex A:
-
A.8 – Asset Management
-
A.9 – Access Control
-
A.12 – Operations Security
-
A.18 – Compliance
-
Customer Assurance
Through these policies, customers can be confident that:
-
Data is not retained beyond its useful or contractual purpose.
-
All deletions follow recognized secure methods.
-
Records cannot be restored once the obliteration process is complete.
📌 Related Resources