Last updated: May 31, 2026
This Data Retention Policy outlines how NYOXA LABS handles the retention and eventual secure disposal of client and assessment-related information. Our policy is designed to comply with legal and regulatory requirements, client agreements, and operational needs, while minimizing the storage of sensitive data.
1. Principles of Data Retention
NYOXA LABS adheres to the following principles regarding data retention:
- Necessity: We retain data only for as long as it is necessary to fulfill the purposes for which it was collected, provide services, or meet legal obligations.
- Minimization: We strive to minimize the amount and duration of data retained.
- Security: All retained data is protected with appropriate security measures as outlined in our Confidentiality Policy.
- Transparency: We aim to be transparent about our data retention practices.
2. Retention Periods
Retention periods for different categories of information may vary based on service type, legal and regulatory requirements, client agreements, and operational needs. General retention guidelines are as follows:
- Contact Inquiries: Information submitted through general contact forms or initial inquiries may be retained for up to two (2) years for business follow-up and relationship management, unless a formal engagement proceeds.
- Proposals and Invoices: Financial and contractual records, including proposals, statements of work, and invoices, will be retained for a minimum of seven (7) years to comply with accounting and tax regulations.
- Assessment Reports: Final assessment reports and retest reports will be retained for the duration of the client engagement and for a period of five (5) years thereafter, to provide a historical record of services and for potential future reference.
- Limited Technical Evidence: Specific technical evidence, such as redacted screenshots or proof-of-concept data necessary for the integrity and validation of assessment reports, may be retained for a period of one (1) year after the final report delivery. This evidence will be minimized and anonymized where possible.
- Client Agreements: Signed contracts and service agreements will be retained for the duration of the contract term plus seven (7) years after termination or expiration.
3. Sensitive Evidence Handling
NYOXA LABS aims to minimize the collection of sensitive client data. Where sensitive data (e.g., credentials, personally identifiable information) is temporarily collected during an assessment, it will be immediately redacted or securely purged upon completion of the assessment and report generation, unless its retention is explicitly required by the client agreement or legal obligations.
4. Data Deletion and Disposal
Upon expiration of the applicable retention period, or upon a valid client deletion request, data will be securely deleted or destroyed using methods consistent with industry best practices (e.g., NIST SP 800-88 Guidelines for Media Sanitization). This ensures that data cannot be reconstructed or recovered.
5. Deletion Requests
Clients may request the deletion of certain assessment materials or personal information. Such requests will be honored where legally and operationally possible, provided they do not conflict with our legal or regulatory obligations. Requests for deletion should be submitted in writing to the contact provided below.
6. Legal Holds
Notwithstanding the above, NYOXA LABS reserves the right to retain data for longer periods if required by a legal hold, court order, governmental investigation, or to protect our legal rights.
7. Changes to This Policy
NYOXA LABS reserves the right to update this Data Retention Policy at any time. Any changes will be posted on our website with a revised "Last updated" date.
8. Contact Us
For any questions regarding this Data Retention Policy or to submit a data deletion request, please contact us at:
