1. Purpose
This Records Retention Policy establishes guidelines for managing, retaining, and disposing of records at Speak AI Inc. in compliance with legal, regulatory, and contractual obligations. It ensures that records are retained for appropriate periods to support operational needs, mitigate risks, and facilitate business continuity.
2. Scope
This policy applies to all records created, received, or maintained by Speak AI Inc., including electronic, paper, and other media formats. It covers all departments, employees, contractors, and third parties handling company records.
3. Responsibilities
Management: Ensures compliance with this policy and provides resources for proper records management.
Employees: Follow retention schedules and properly store, archive, or dispose of records.
IT & Security Team: Maintain electronic records in accordance with data security protocols and ensure secure disposal.
Legal & Compliance Team: Review and update retention schedules based on evolving legal requirements.
4. Retention Periods
Records shall be retained based on the following general guidelines, unless otherwise specified by law or contractual obligations:
Record Type | Retention Period |
Financial records (invoices, tax filings) | 7 years |
Employee records (HR files, payroll) | 7 years after termination |
Customer records | As required by contract or 5 years post-engagement |
Contracts & agreements | Duration of contract + 5 years |
IT system logs | 1 year |
Audit logs & compliance reports | 5 years |
Marketing materials & communication | 3 years |
Legal & regulatory documents | Permanent, unless otherwise specified |
5. Storage & Security
Electronic Records: Must be stored in secure cloud-based or on-premise environments with access controls.
Physical Records: Should be stored in locked, access-restricted areas.
Confidential Information: Requires encryption and restricted access.
6. Disposal of Records
Electronic Records: Must be permanently deleted using secure deletion methods.
Paper Records: Must be shredded or disposed of securely to prevent unauthorized access.
Backup Copies: Retired according to IT security procedures to prevent data breaches.
7. Legal & Regulatory Compliance
This policy aligns with applicable laws and industry standards, including:
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
General Data Protection Regulation (GDPR) (if applicable to EU customers)
Local provincial and federal data retention laws
8. Policy Review & Updates
This policy will be reviewed annually or as required by regulatory changes. Any updates must be approved by the compliance team and communicated to relevant stakeholders.
9. Contact Information
For questions or concerns regarding this policy, contact [email protected].
10. References
Speak AI Business Continuity Plan: Business Continuity Plan
Speak AI Data Classification Policy: Data Classification Policy