1. Purpose
This Data Retention Policy explains how TriLinkr retains, archives, deletes, anonymises, or aggregates data processed through the Platform. It supports privacy, security, operational continuity, legal compliance, recruitment workflows, and responsible data minimisation.
2. Scope
This policy applies to personal data, business data, candidate data, employer data, consultant data, job data, admin data, files, logs, communications, backups, and operational records processed through the Platform. It applies to production systems, databases, cloud storage, logs, backups, exports, support tools, and authorised admin workflows.
3. Retention Principles
Keep data only for as long as needed for the purpose collected, unless a longer period is required for legal, security, audit, accounting, dispute, or legitimate business reasons.
Apply stricter access controls to sensitive recruitment records, resumes, uploaded files, and admin tools.
Delete, anonymise, aggregate, or archive data when it is no longer needed.
Respect verified user deletion, correction, and withdrawal requests subject to legal and operational limits.
Maintain backup retention windows to support disaster recovery while avoiding indefinite retention.
Document exceptions such as legal holds, security investigations, unpaid invoices, disputes, or regulatory requirements.
4. Standard Retention Schedule
The following schedule is a recommended default for TriLinkr. Before publishing, confirm these periods with legal counsel and align them with actual product configuration, contracts, and database jobs.
| Data category | Examples | Default retention period | Deletion or archival action |
|---|---|---|---|
| Candidate account profile | Name, email, mobile, gender, DOB, profile picture URL, preferences, account ID. | Active account duration plus 24 months after last activity or account closure, unless deletion is requested earlier. | Delete or anonymise profile data; retain limited audit references where required. |
| Resumes and candidate files | Resume PDFs, profile images, certificates or attachments if enabled. | Active account duration plus 12 months after last application activity or account closure. | Delete files from cloud storage and invalidate signed URLs; remove file references from database. |
| Job applications | Candidate-job relationship, status, timestamps, employer review status, application metadata. | 36 months after application closure or last activity. | Anonymise candidate identifiers for analytics or delete where no longer needed. |
| Consultant-submitted candidates | Candidate details submitted by consultant, resume URL, education, work experience, preferred locations, job ID, consultant UID. | 36 months after submission closure or last recruitment activity. | Delete/anonymise after retention period; process candidate deletion requests subject to dispute/audit needs. |
| Employer/business partner account | Business partner UID, profile type, contact details, hiring type, consultant type, company ID. | Active relationship duration plus 36 months after termination. | Archive for audit or delete/anonymise personal contact fields when no longer needed. |
| Company profile and job posts | Company name, logo, description, addresses, social links, job descriptions, job status, job stats. | Active relationship duration plus 36 months after company or job inactivity. | Archive inactive jobs; anonymise admin/contact fields where appropriate. |
| Consultant job requests | Job request status, consultant UID, business partner UID, timestamps. | 36 months after request closure or last activity. | Delete/anonymise after retention period unless dispute or audit need exists. |
| Admin user records | Admin role, email, name, active status, UID, access events. | Active admin tenure plus 36 months after role removal. | Deactivate immediately on exit; retain access audit trail for security. |
| Authentication/session records | Login status, session cookies, OTP/onboarding verification records, failed login attempts. | Session to 90 days, depending on security need. | Expire automatically; retain security-relevant events in logs. |
| Security, audit, and server logs | IP address, device/browser, access logs, errors, abuse signals, admin actions. | 12 to 24 months depending on risk and infrastructure settings. | Delete or aggregate logs; retain incident logs longer if investigation is ongoing. |
| Support and grievance records | Support tickets, privacy requests, complaint correspondence, resolution notes. | 36 months after closure. | Archive securely; delete or anonymise after retention period unless needed for legal defence. |
| Transactional emails and notifications | Delivery events, bounce logs, onboarding emails, service alerts. | 12 to 24 months. | Delete provider logs where controllable; retain minimal records for compliance and troubleshooting. |
| Newsletter/marketing consent | Email, consent timestamp, unsubscribe status, campaign preferences. | Until unsubscribe or withdrawal plus 24 months for suppression/audit records. | Stop marketing immediately; retain suppression record to avoid re-contact. |
| Payment, invoice, and tax records | Invoices, subscription records, payment status, tax details, payment processor references. | As required by applicable tax/accounting law; recommended 8 financial years unless counsel advises otherwise. | Archive securely; do not retain full card/bank details unless legally and contractually permitted. |
| Backups and disaster recovery copies | Database backups, storage backups, system snapshots. | 30 to 90 days rolling retention unless incident recovery requires longer. | Rotate and overwrite automatically; restore only under controlled access. |
| Aggregated analytics | Aggregated job trends, usage metrics, non-identifying statistics. | Indefinite if anonymised and not reasonably re-identifiable. | Keep aggregated data without direct personal identifiers. |
5. User Deletion Requests
When a verified user requests deletion, TriLinkr should:
Verify the identity and authority of the requester.
Identify the relevant account role and data sets, including candidate profile, consultant submissions, employer records, jobs, applications, uploaded files, and communications.
Delete or anonymise data that is no longer needed for the Platform purpose.
Retain only limited data where required for law, dispute resolution, fraud prevention, security, accounting, audit, or enforcement of Terms.
Confirm completion or explain any lawful retention exception within applicable timelines.
6. Candidate Deletion and Recruitment Workflow Impact
Candidate deletion may affect job applications, resume access, application history, recruiter notes, and consultant submissions. Where an employer or consultant has already accessed candidate information outside the Platform, TriLinkr may not be able to delete copies independently controlled by those parties. TriLinkr should notify relevant parties where appropriate and feasible, subject to legal and operational constraints.
7. Consultant-Submitted Candidate Data
Consultants must obtain candidate permission before submission. If a candidate requests deletion or correction of consultant-submitted information, TriLinkr should verify the candidate and take reasonable steps to update, delete, restrict, or anonymise the information where applicable. The consultant may be notified where necessary to prevent re-submission of unauthorised data.
8. Employer, Company, and Job Data
Company records and job postings may need to be retained for business continuity, audit, dispute resolution, contractual compliance, tax, and recruitment history. When a company account is terminated, TriLinkr should deactivate access, archive relevant records, and delete or anonymise personal contact details after the retention period unless legally required.
9. Backups
Deleted data may remain in encrypted or access-controlled backups for a limited period until backup rotation completes. Backup data should not be restored except for disaster recovery, security investigation, or operational continuity. If restored, deletion requests should be re-applied where feasible.
10. Legal Holds and Exceptions
TriLinkr may suspend normal deletion or extend retention where necessary for legal claims, regulatory inquiries, security incidents, fraud prevention, unpaid invoices, audit requirements, contractual obligations, tax/accounting law, or to protect users and the Platform. Exceptions should be documented and reviewed periodically.
11. Deletion Methods
Hard deletion from active databases where no retention exception applies.
Soft deletion or deactivation where immediate removal would disrupt workflows or legal records.
Anonymisation or aggregation for analytics and reporting.
File deletion from cloud storage and invalidation of signed URLs or access references.
Log expiry through automated retention rules where technically supported.
Backup rotation according to the backup retention window.
12. Ownership and Review
The product, engineering, legal/compliance, and operations owners should review this policy at least annually and whenever there is a material change to Platform architecture, Firebase/hosting/storage configuration, payment providers, analytics tools, recruitment workflows, legal requirements, or user roles.
13. Contact
| Item | Details |
|---|---|
| Policy owner | [Insert internal owner/team] |
| Platform operator | [Insert legal entity name operating TriLinkr] |
| Privacy or grievance email | [Insert privacy/grievance email, for example privacy@trilinkr.com] |
| Registered address | [Insert registered office address] |
| Grievance Officer | [Insert Grievance Officer name and designation] |