RockyChimp Digital Cards Data Retention And Security Policy

1. Purpose

The purpose of this policy is to keep personal data only as long as needed, reduce unnecessary risk, and ensure the digital card service is run securely.

2. Scope

This policy applies to personal data handled through RockyChimp digital cards, including customer records, public card data, account data, analytics, NFC tap events, QR scans, vCard downloads, support messages, lead capture data, and physical product order information.

3. Retention Principles

• Collect only data needed for the service.
• Keep data accurate and up to date where practical.
• Delete or anonymise data when no longer needed.
• Avoid retaining raw analytics longer than necessary.
• Avoid storing sensitive data unless genuinely needed.
• Document retention choices and review them periodically.

4. Starter Retention Schedule

• Active card data: while card/account is active.
• Cancelled card data: delete or anonymise after 90 days.
• Customer account data: while account is active, then delete/anonymise after 90 days unless needed.
• Billing/invoice records: up to 6 years.
• Support emails/messages: up to 2 years unless needed for an active issue.
• Raw view/tap/click analytics: 90 to 180 days.
• Aggregated analytics: up to 2 years, or longer if anonymised.
• Security logs: 90 to 180 days, longer if investigating misuse.
• Lead capture data: 12 months by default, or customer-controlled where applicable.
• NFC tag assignment records: while tag/card is active, then delete/anonymise after 90 days.
• Backups: expire according to backup cycle.

5. Lead Data

Lead data is higher risk than ordinary card data because it relates to visitors and potential customers. Lead forms should clearly explain who receives the data and why.

Marketing opt-in should be separate from a general contact request. Lead data should not be kept indefinitely unless there is a clear reason.

6. Analytics Data

• Store aggregate counts rather than detailed profiles where possible.
• Avoid invasive fingerprinting.
• Truncate, hash, or avoid long-term storage of IP addresses where possible.
• Keep raw events for a limited period.
• Separate security logs from customer-facing analytics.

7. Access Control

• Unique accounts.
• Strong passwords.
• Multi-factor authentication for critical services where practical.
• Role-based permissions.
• Separate admin and customer access.
• Regular review of who has access.

8. Technical Security Measures

• HTTPS.
• Secure authentication.
• Password hashing.
• HTTP-only secure cookies or equivalent secure session handling.
• Input validation.
• Protection against common web vulnerabilities.
• Database permission controls.
• Environment variable protection.
• Rate limiting on login and lead forms.
• Backups.
• Dependency updates.
• Monitoring and error logging.

9. Domain And NFC Security

NFC tags should ideally use RockyChimp-controlled redirect URLs rather than writing final customer URLs directly to tags.

This allows RockyChimp to update destinations, disable lost or stolen tags, record basic tap analytics, reassign cards where appropriate, and avoid reprinting when a domain changes.

10. Incident Response

• Contain the issue.
• Identify what data is affected.
• Assess the risk to individuals.
• Document the incident.
• Notify affected customers where required.
• Consider whether the ICO or individuals must be notified.
• Take steps to prevent recurrence.

11. Deletion Process

• Deactivate public cards if requested.
• Remove or anonymise card data after the retention period.
• Delete or anonymise related NFC/tag assignments where appropriate.
• Keep billing records where legally required.
• Allow backups to expire according to the backup cycle.

12. Review

This policy should be reviewed at least annually or when the service materially changes, such as adding customer accounts, lead capture, app features, CRM integrations, or third-party analytics.