Last updated: April 2026
Data Security and Retention Policy
This Policy describes how Gritscape approaches security, storage, and retention of personal information and sensitive business information collected during our engagements. It complements our Privacy Policy.
1. Security principles
- Restrict access to personal data to authorised people who require it.
- Use secure tooling and transmission practices where feasible.
- Monitor for anomalies and suspected security issues.
2. Data storage
Information may be stored in hardened cloud environments, encrypted workstations, or approved third-party processors selected for appropriate security posture.
3. Retention periods
We retain data for durations aligned with active or prospective engagements, legal or regulatory mandates, auditing, disputes, and reasonable operational archive needs. When retention is complete, we delete, anonymise, or archive securely.
4. Incident response
If we become aware of a suspected or confirmed incident involving your information, we investigate, contain where possible, and notify you—and authorities where legally required—in line with our obligations.