1. Overview

This policy outlines the procedures for the immediate deletion of data that is no longer required for Trellis to perform the requested service.

2. Purpose

The purpose of this policy is to:

  • Protect sensitive data from unauthorized access.

  • Ensure compliance with regulatory requirements.

  • Minimize the risk of data breaches.

  • Promote efficient data management practices.

3. Definitions

  • Zero-Day Retention: The practice of deleting data immediately after it is no longer needed.

  • Highly Sensitive Data: Data that poses a significant risk if exposed or retained.

  • Sensitive Data: Data that requires protection but can be retained for a short period.

  • Non-Sensitive Data: Data that can be retained for longer periods as per business needs.

4. Scope

This policy applies to all data handled by Trellis as requested by you, including but not limited to:

  • Customer data

  • Financial documents

  • Call and email records

5. Policy Statements

5.1 Data Classification

All data collected and processed by Trellis must be classified according to its sensitivity and retention requirements. The classifications are:

  • Highly Sensitive: Data that requires immediate deletion after use.

  • Sensitive: Data that can be retained for a short period (up to 24 hours) before deletion.

  • Non-Sensitive: Data that can be retained as per business needs and compliance requirements.

5.2 Data Handling

  • Highly Sensitive Data: Deleted immediately after processing.

  • Sensitive Data: Deleted within 24 hours of processing.

  • Non-Sensitive Data: Reviewed regularly and deleted as per the defined retention schedule (specified by the customer).

5.3 Data Deletion Procedures

  • Automated Deletion: Trellis systems can be configured to automatically delete data classified as Highly Sensitive immediately after processing.

  • Manual Deletion: For data that cannot or requested not to be deleted automatically, manual deletion procedures are followed to ensure timely removal.