Retention rules for visitor operations and compliance records.

• We keep personal data only for as long as needed for the service, customer instructions, safety, security, legal compliance, and legitimate operational needs.
• We avoid keeping data simply because it may be useful later. Retention should support a defined operational, security, legal, or customer purpose.
• Customer organizations should define their own visitor log retention policy and communicate it to residents, staff, visitors, and security teams.
• Where customer instructions conflict with legal or security obligations, we may retain limited records as required to protect rights, safety, compliance, or accountability.

Customer account and organization records

Kept while the customer account is active and for a reasonable period after closure to support offboarding, legal claims, accounting, security, and dispute handling.

Visitor and visit records

Kept according to the customer agreement, customer instructions, legal requirements, and operational security needs. Customers should choose a retention period that fits their estate, school, office, or institution policy.

Audit logs and security records

Kept for security accountability, investigation, export history, access review, and legal compliance. These records may be retained longer than ordinary visitor display records where needed.

User invites

Invite links expire by design. Pending, accepted, revoked, and expired invite records may be retained for auditability and abuse prevention.

Password reset records

Reset tokens expire quickly and are stored only as hashes. Reset records may be retained for security investigation, abuse prevention, and account recovery audit history.

Push subscriptions and device data

Kept while the user keeps that device subscribed or while needed to deliver notifications. Inactive or invalid subscriptions may be disabled or deleted.

Website, booking, and support records

Kept while needed to respond to inquiries, manage consultations, improve service quality, keep business records, and comply with legal obligations.

On customer request, we can support export or deletion of customer-controlled data subject to identity checks, administrator authority, system integrity, legal holds, backups, security obligations, and customer agreement terms.

Deletion may not immediately remove every copy from encrypted backups or provider recovery systems, but backup copies are protected and should age out according to the relevant backup cycle or provider process.

• Before ending a pilot or subscription, the customer should decide whether it needs visitor history, audit exports, user lists, and operational reports.
• Customer administrators should remove live access for users who no longer need the system.
• After offboarding, we may suspend or delete the organization environment according to agreement terms and lawful retention needs.

For retention, export, deletion, or offboarding questions, contact lnykbridgetechnologies@gmail.com. Please include the organization name, request type, and a contact person authorized to act for the organization.