Stableridge|Systems
Login
Trust Centre

Data Retention & Deletion Policy

How Stableridge retains and deletes platform, audit, support, and commercial records across a multi-tenant SaaS operating model.

Last updated: 24 February 2026

This document provides a general overview and does not constitute legal advice.

1. Overview

This policy outlines Stableridge's approach to data retention and deletion across customer platform services, operational processes, and commercial workflows. It is designed to support governance transparency and procurement due diligence.

This page should be read with our Privacy Policy, which describes how personal information is collected, used, and disclosed in APP-aligned operating practice.

2. Categories of Data

Stableridge may retain the following categories:

  • Account data: tenant user and staff account records used for identity, role, and access management.
  • Customer content: uploaded artefacts and related content metadata in governed storage workflows.
  • Audit events: access logs, policy decisions, evidence events, and security-relevant operational telemetry.
  • Support case data: case records, threaded messages, and operational support context.
  • Billing and subscription records: plan status, commercial events, and reconciliation references.
  • Marketing contact submissions: enquiry details provided through marketing forms.

3. Retention Principles

  • Data is retained for as long as necessary to provide services, operate controls, and support lawful business operations.
  • Retention is aligned to contractual commitments and legal obligations where applicable.
  • Data minimisation and controlled access are applied to reduce unnecessary retention.
  • Security-relevant logs may be preserved to support incident investigation, forensic analysis, and control assurance.

4. Customer Content Retention

Customer content is generally retained while an active subscription or agreed service arrangement is in place, subject to configured tenant controls and platform operating requirements.

  • Post-termination handling follows controlled workflows that may include staged archival, restricted access, and deletion processing.
  • Deletion may be initiated through account closure pathways or validated customer request.
  • Deletion is managed as a controlled process and is not represented as instantaneous destruction across all systems.

5. Audit & Evidence Retention

Audit and evidence records are retained in a manner designed to support governance, traceability, and evidentiary review needs.

  • Evidence bundles and related metadata are retained consistent with governance and contractual expectations.
  • Integrity attributes (such as snapshot and verification context) are preserved to support evidentiary trustworthiness.

6. Support & Operational Logs

Support records and operational logs are retained for service continuity, incident response, and security operations.

  • Operational logs may be archived under access-controlled conditions.
  • Access to archived operational data is limited to authorised personnel with relevant responsibilities.

7. Billing & Financial Records

Billing, subscription, and financial records are retained in accordance with accounting, tax, contractual, and legal obligations that apply to commercial operations.

8. Deletion & Erasure Process

Requests for data deletion or erasure can be submitted through our contact page.

  • Identity and authority verification is required before request execution.
  • Deletion or erasure may be restricted where legal hold, regulatory obligations, dispute management, or fraud investigation requirements apply.
  • Where full deletion is not immediately available, access restrictions or de-identification controls may be applied as an interim control.

9. Backup & Recovery Considerations

Backup and recovery systems can temporarily retain data that has been deleted from primary systems.

  • Deleted data may persist in backup media until overwritten through normal backup lifecycle operations.
  • Backup access is restricted and used for recovery and resilience operations.

10. Cross-Border Storage

Stableridge is designed around Australian-region operational posture. Some supporting services may involve limited cross-border processing in specific circumstances.

Where cross-border handling occurs, it is managed through contractual and operational safeguards designed to support privacy and security obligations.

11. Changes to Policy

We may update this policy from time to time. Changes are published on this page with an updated “Last updated” date.

12. Contact

For retention and deletion questions, contact Stableridge via /contact.

Disclaimer

This policy provides a high-level operational summary. Specific retention and deletion obligations may vary by contract, legal requirement, and incident context.