SJM Labs Ltd is committed to the principles of data minimization and storage limitation as mandated by the UK GDPR. This policy outlines the specific lifecycles for all data types processed by the SJM Voice Intelligence Engine, ensuring that data is not held for longer than is necessary.

1. Purpose & Scope

This policy applies to all electronic data, including but not limited to voice recordings, transcripts, database entries, and email communications, stored on SJM Labs' servers (including third-party processors like Google Cloud Platform and Twilio).

The Goal: To reduce legal liability and security risks by securely deleting data that is no longer operational.

2. Data Classification

SJM Labs classifies data into four categories to determine appropriate protection and retention levels:

Level	Description	Examples
Public	Non-sensitive data approved for external release.	Marketing brochures, Pricing tables on website.
Internal	Data for employee use only, low risk if leaked.	Employee directories, internal memos, sales scripts.
Confidential	Sensitive business data requiring authorization.	Client lists, Call Transcripts, Sales Contracts.
Restricted	Highly sensitive PII or Biometric data.	Raw Audio Recordings, Credit Card Tokens, Passwords.

3. Retention Schedules

The following retention periods are mandatory. Automated scripts run nightly to purge data exceeding these limits.

A. Voice & Biometric Data

Data Type	Retention Period	Justification
Raw Audio (.wav/.mp3)	30 Days	Used for immediate quality assurance disputes only. High storage cost and privacy risk.
Voice Biometric Signatures	Active + 1 Year	Used for VIP recognition. Deleted 1 year after client churn.
Sentiment Analysis Logs	3 Years	Retained for long-term reporting trends (e.g., "Customer satisfaction is up 10%").

B. Operational & Financial Data

Data Type	Retention Period	Justification
Call Transcripts (Text)	12 Months	Used for AI model training and detailed dispute resolution.
Invoices & Billing Records	7 Years	Strict requirement by HMRC (UK Tax Authority).
System Access Logs	90 Days	Security auditing and intrusion detection.

4. Data Destruction Standards

When data reaches the end of its retention period, it must be destroyed irreversibly. SJM Labs adheres to NIST SP 800-88 Guidelines for Media Sanitization.

Digital Destruction Methods

• Database Records: Executed via cryptographic erasure (crypto-shredding) where the encryption key is deleted, rendering the data unreadable, followed by database row deletion.
• File Storage (Audio): Files are deleted from cloud storage buckets (AWS S3 / Google Cloud Storage) with versioning disabled to prevent recovery.
• Physical Media: Defective hard drives containing Restricted data are physically shredded by certified disposal vendors.

5. Backup & Disaster Recovery

Backups are necessary for business continuity but pose a risk if they retain data longer than intended.

• Backup Frequency: Database snapshots are taken every 6 hours.
• Backup Retention: Backups are retained for 30 days on a rolling basis.
• The "Backup Gap": If a deletion request is processed today, the data will remain in our cold storage backups for up to 30 days until the backup cycle overwrites it. This is standard industry practice and is compliant with GDPR, provided the data is not restored and processed during that time.

6. Right to Erasure (DSAR)

Under GDPR Article 17, clients and end-users have the "Right to be Forgotten."

The Deletion Workflow

1. Request: A Data Subject Access Request (DSAR) is submitted to legal@sjmlabs.com.
2. Verification: We verify the identity of the requester to prevent social engineering attacks.
3. Execution: Our engineering team runs the purge_client_data script.
   • All audio files are scrubbed immediately.
   • Database rows are anonymized (names replaced with "REDACTED").
4. Confirmation: A certificate of deletion is emailed to the requester within 30 days.

7. Compliance & Audits

This policy is reviewed annually by the SJM Labs Legal & Compliance team. Random spot checks are conducted quarterly to ensure that audio files older than 30 days are indeed being deleted by the automated systems.

Any employee found manually archiving Restricted data outside of the secure environment (e.g., saving client audio to a personal laptop) will face disciplinary action up to and including termination.