Data Retention Policy

Protecting and preserving customer data and its integrity is a critical element of Leading2Lean’s solution and delivery. Leading2Lean uses standard industry best practices regarding backups (including nightly full backups and incremental "up to the second" hot backups) and offsite storage to assure recovery is available and provides the appropriate controls to ensure the backup's integrity and to restrict access to only appropriate users. Leading2Lean safeguards and preserves customer data for the length of their subscription to the service.

Data records, uploaded content, and links can be modified by the customer during normal use of the subscription. These modifications are tracked for auditing purposes to help customers comply with a broad range of industry and regulatory record-keeping requirements.

Retention of live customer data records available in the service as well as within data backups is provided to assure access as needed during the subscription. Customer data is maintained for the duration of the Subscription, or up to 20 years, whichever occurs first, as part of our standard service offering, unless a mutually agreed duration is defined in the customer's subscription agreements.

We perform nightly full backups to ensure data is protected. These backups are stored in multiple locations including offsite storage for disaster recovery purposes. We keep nightly backups for 4 weeks, after which we keep weekly backups for 52 weeks, and then finally after one year, we keep monthly backups. Data integrity and security are extremely important to us. Additionally, we perform incremental "up to the second" hot backups that ensure the maximum (theoretical) data loss time to be measured in seconds. As part of our SOC 2 Type 2 compliance program, we regularly perform test restores from these backups to verify they work correctly.

Should the subscription be terminated, regardless of the reason, customer data is returned under the terms of the subscription. After verification of returned customer data, all copies of live records and all backup copies are destroyed within 30 days of the customer's acknowledged receipt of data or per the terms of the customer's subscription agreements.

Customer data is stored and processed in our secure data center environments. Customer data is encrypted both in transit and at rest. Customer data is not stored or processed locally on employee laptops, except for incidental customer support use as requested or in support of service delivery, and then promptly removed. Company laptops & desktops maintain full hard drive encryption, regularly updated antivirus software, firewalls, and appropriate password complexity settings.