Data retention policy
Data Retention
Common Paper, Inc. shall retain data as long as the company has a need for its use, or to meet
regulatory or contractual requirements. Once data is no longer needed, it shall be securely
disposed of or archived. Data owners, in consultation with legal counsel, may determine
retention periods for their data.
Personally identifiable information (PII) shall be deleted or de-identified as soon as it no longer
has a business use.
Data archiving and removal policy
Customers may submit requests to exercise your right to information, access or deletion via email to
[email protected].
Common Paper, Inc.'s engineering team is responsible for setting and enforcing the data
retention and disposal procedures for Common Paper, Inc. managed accounts and devices.
Customer Accounts:
Customer accounts and data shall be deleted within 60 days of customer request through
manual data deletion processes, unless otherwise required by applicable law or regulation.
Data storage policy
Common Paper, Inc. classifies data and information systems in accordance with legal
requirements, sensitivity, and business criticality in order to ensure that information is given the
appropriate level of protection. Data owners are responsible for identifying any additional
requirements for specific data or exceptions to standard handling requirements.
Information systems and applications shall be classified according to the highest classification
of data that they store or process.
Data center location(s)
United States
Data hosting details
Cloud hosted
Data hosting company
Heroku, AWS
App/service has sub-processors
yes
Guidelines for sub-processors