Information Governance

Data Retention & Deletion Policy

Effective Date: May 19, 2026

This Data Retention & Deletion Policy explains how WorkHex, a product operated by Brandstrek, retains, archives, deletes, and manages customer data across its services. By using WorkHex, you acknowledge and agree to this policy.

1About WorkHex

WorkHex is a SaaS business management platform. We provide integrated corporate applications:

CRM

HRM

Payroll

ATS

Finance

Projects

2Purpose of this Policy

This policy outlines our procedures for database storage lifecycle management. It defines:

✦What data WorkHex retains in active databases.

✦Specific retention cycles per database classification.

✦Our timeline for permanent data deletion.

✦Data recovery limitations and procedures.

✦Compliance with legal and taxation guidelines.

3Categories of Data Retained

Depending on activated modules, we may store:

A. Account & Subscription Data

Company registries, owner names, billing ledgers, and subscription activity.

B. CRM Data

Client pipelines, contact interaction histories, calls, quotes, and files.

C. HRM & Employee Data

Worker registries, selfie logins, GPS location entries, leaves, and documents.

D. Recruitment / ATS Data

Candidates resumes, scoring metrics, hiring evaluations, and status pipelines.

E. Financial & Accounting Data

General ledger, company expenses, taxes, invoices, and accounting reports.

F. Project & Operational Data

Work logs, assignees, milestones, tasks, and team collaborations.

G. Audit & Security Logs

Administrative changes, payroll overrides, IP logs, and system modifications.

🤖 H. AI Interaction Data

Temporary inputs used to drive CV matching, smart chat prompts, and system automations.

Security Guarantee: Private corporate databases are never fed into open-source or public training LLMs.

4Standard Retention Periods

Standard data lifetimes are structured below:

Data Category	Retention Period
Active customer data	During active subscription
Audit logs	As reasonably necessary for security
Billing records	As legally required
Backups	Temporary retention
Support communications	As reasonably required
Suspended account data	Limited retention
Cancelled account data	Up to 90 days

5Account Cancellation & Data Retention

🚫 Immediate Effects

Dashboard logins are restricted.
Active AI workflows and tasks are halted.
API integrations will be disabled.

⏱️ 90-Day Grace Period

Wiped accounts are kept inside secure recovery folders for up to 90 days. This safeguards against accidental deletions and satisfies security audit requirements.

6Data Recovery During Retention

During the active 90-day archive stage, company owners may request database extraction.

Please note that data recovery cannot be guaranteed, may depend on infrastructure states, and does not include single-record rollbacks. WorkHex may refuse requests that are technically impossible.

7Permanent Deletion

Once the 90-day archive period expires, your database files are permanently deleted.

🚨 Wiped databases are completely unrecoverable. Information cannot be restored under any circumstances.

8Customer Responsibilities Before Deletion

To avoid operational disruption, subscribers must export critical records before subscription expiry, including:

Export CRM lists

Export payroll files

Save staff documents

Export ledgers

WorkHex assumes no liability for loss of business records that were not exported before deletion.

9Employee Monitoring Data

WorkHex saves GPS check-in lists, selfie timecards, and login logs solely for corporate records. The customer is solely responsible for establishing the legal basis for time monitoring and complying with labor laws.

10Payroll & Financial Data Retention

Certain bookkeeping logs, corporate tax computations, and staff salary ledgers must be preserved for extended legal periods. The customer is responsible for maintaining legally compliant off-site records.

11Legal Holds & Regulatory Requirements

WorkHex may retain data beyond normal deletion schedules when necessary to comply with legal holds, resolve active disputes, prevent fraud, enforce contracts, or respond to valid law enforcement requests.

12Security & Audit Log Retention

To protect system integrity, identify potential abuse, and support safety investigations, specific network security and administrative logs may be retained indefinitely.

13Third-Party Services & Data

Data synced with external services (such as Google Calendar, Meta channels, Voxbay telephony logs, or billing pathways) is governed by their respective retention terms. WorkHex is not responsible for third-party storage.

14Customer Data Deletion Requests

Corporate administrators may submit deletion requests for eligible data sets by writing to our compliance desk:

📬 Contact Compliance & Retention Desk

Email: support@workhex.com

Deletion requests require strict owner validation, corporate resolution checks, and administrative approval to execute.

15Data Security During Retention

While archived during the 90-day grace period, we enforce strict security protocols, including role-based access filtering (RBAC), end-to-end data encryption, and network monitoring.

16Changes to This Policy

WorkHex reserves the right to modify this Retention Policy. Updates will be published here with an updated **Effective Date**.