Data Policy

Effective – January 1st, 2019
Last Modified – January 1st, 2019

Purpose, Scope, and Applicable Roles

This “Data Policy” sets the minimum required standards for management, retention of the data, minimum and/or maximum duration for retention and/or deletion of the data within available and/or manageable infrastructure of setup and/or availed by BluSynergy, LLC. (referred as “Company” here after) from third party providers.

This policy applies to all business units, processes, and systems in a limited scope of geographies in which the company conducts business.

The policy applies to all employees, agents, affiliates, contractors, consultants, and advisors that may collect, process, or have access to data.

Data Security and Storage

Company’s applications and/or services have v3 SSL certificates installed. Connections of client side applications to company’s servers are encrypted via SHA-256 with RSA encryption. All the data transmitted or received by the company’s servers/applications is over such encrypted and secured connections. Sensitive data such as passwords are stored in encrypted format.

Company provisions for disaster recovery and business continuity by employing mechanisms that safeguard against data loss and application unavailability. Company’s applications and/or services are hosted in a Tier 1 data center that employs redundant power, cooling, and network infrastructure. The data center is SAS70/SS8016 certified, located within the territorial confines of the USA, and complies with the standards and regulations specified by the Payment Card Industry’s Data Security Standards (PCI DSS).

Company enforces access levels to the data for safeguarding the data ensuring that only the right people have access to right data in case of manual access. Automated access to data such as via API are limited vai authentication mechanisms.

Data Retention and Backup

In general, the maximum retention period of any data is 7 years. The Company may delete data older than this (unless deemed required by the company). Company performs continuous backups at a frequency not less than once per hour on a daily basis. After cancellation of company’s services and/or product subscription by the customer, the customer’s data is retained for maximum 30 days from the time cancellation. In such an event customers can request backup of their data within these 30 days.  

In case of advance needs of the customer regarding data backup (subject to availability of the data), the customer has to submit such a request to the company pre approving the billing cost of the time and material of the company.

Data Deletion

Any data older than 7 years is deleted (unless deemed required by the company). The Company on periodic basic conducts audits and reviews to find redundant and disposable data (including but not limited to data generated via suspended and/or expired accounts, customers, etc.) Customer data is deleted after 30 days from the time of cancellation.

Request for Deletion

The customer or an individual can request the company to permanently delete his/her data from the company’s possession and/org from storage. In such an event (unless the data and/or the related information is required by the application law and/or requested by any law enforcing agency) the company will permanently delete the request data via secure electronic deletion process.

Amendments and Cooperation with the Authorities

Company holds the right to make changes to this policy. Changes to this policy will be made in accordance to the purpose, scope, and applicable roles and by the means of defined procedure for the amendment of the policy.

In case of undergoing any certification, the Company will cooperate with the responsible audit companies and/or agencies.