Version: 1.0

Approved By: Richard D’Lonesteen

Created at: 12/08/2023

1. Purpose and Scope

This Data Retention Policy outlines the principles and guidelines for retaining personal data collected by ChattyAI from its users. The policy is designed to ensure compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. The scope of this policy covers all personal data processed and stored by ChattyAI, including data collected through our website, mobile applications, and other services.

2. Principles

ChattyAI is committed to ensuring the privacy and protection of all personal data we process. In alignment with GDPR requirements, we adhere to the following principles regarding data retention:

• Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and transparently.
• Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data Minimization: Only data that is necessary for the purposes of processing is retained.
• Accuracy: Stored data is kept accurate and up-to-date.
• Storage Limitation: Personal data is kept in a form that permits identification of data subjects for no longer than necessary for the purposes for which the personal data is processed.
• Integrity and Confidentiality: Data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

3. Data Retention Periods

ChattyAI applies the following data retention periods:

• User Account Information: Retained for the duration of the user’s account being active and for a period of two years after the account is closed or last activity to comply with legal obligations, resolve disputes, and enforce our agreements.
• Candidate data: Retained for a period of 6 months or as specified by the client. After this period data will be obfuscated or securely deleted.