Data Retention Policy

This Data Retention Policy describes how long ServiceSmartOS retains different categories of data, and the conditions under which data is deleted. This policy is part of our commitment to responsible data management under the New Zealand Privacy Act 2020 and the Australian Privacy Principles.

We retain data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, to resolve disputes, and to enforce our agreements.

While your account is active and your subscription is current, we retain all data you create or upload to the platform, including:

• Account and user profile information
• All SWMS, ARCP, SOP, and other safe work documents
• Toolbox Talk records and attendance lists
• Incident reports and corrective actions
• Audit, inspection, and compliance records
• Worker profiles and competency records
• Timesheet and site attendance records
• Environmental and waste management records
• AI generation history and outputs
• Subscription and billing records

Active account data is accessible to you at any time through the platform. We recommend regularly exporting or downloading critical compliance documents, as operational and legal obligations may require you to retain these records independently of your ServiceSmartOS subscription.

Notwithstanding the retention periods above, where data is subject to a legal hold — such as a court order, regulatory investigation, or a dispute in which ServiceSmartOS is a party — we may retain affected data beyond the standard retention periods. Legal holds are released and normal retention procedures resume when the hold is lifted.

If your account is suspended due to non-payment or a breach of our Terms of Service, your data is preserved during the suspension period in the same manner as active account data. If the suspension is resolved (payment made or breach remedied), your data is accessible as normal.

If a suspended account is not reactivated within 90 days of the suspension date, we may treat it as a cancelled account and apply the post-cancellation retention periods above.

We maintain automated daily backups of platform data through Supabase's backup infrastructure. Backup retention periods are:

• Daily backups: retained for 7 days
• Weekly backups: retained for 4 weeks
• Monthly backups: retained for 3 months

Backups are encrypted and stored in geographically distributed locations. Backup data is used only for disaster recovery and is not accessible to individual customers directly.

Following the deletion of customer data in accordance with this policy, residual copies may remain in encrypted backups for up to the maximum backup retention period above. These are not accessible in normal operations and are overwritten as part of the backup rotation cycle.

ServiceSmartOS includes offline functionality that allows certain features to be used when an internet connection is unavailable. When offline features are used:

• Records created or modified while offline are temporarily stored on the user's device in local storage until connectivity is restored.
• On reconnection, locally stored records are automatically synchronised to the ServiceSmartOS platform and follow the same retention rules as records created online.
• Once successfully synchronised, offline records are subject to the standard retention periods described in this policy.

Users are responsible for ensuring that devices used to access ServiceSmartOS are appropriately secured, particularly where those devices may hold unsynchronised records temporarily. ServiceSmartOS is not responsible for data loss arising from device loss, damage, or failure before synchronisation occurs.

You have the right to request deletion of your personal information in accordance with the New Zealand Privacy Act 2020 and the Australian Privacy Principles. To submit a deletion request:

1. Email support@servicesmartos.com with the subject line "Data Deletion Request"
2. Include the email address associated with your account and a description of the data you wish to have deleted
3. We will verify your identity before processing the request
4. We will acknowledge your request within 5 working days and aim to complete deletion within 20 working days

Note that we may be unable to delete certain data where retention is required by law, where deletion would adversely affect another person's rights, or where the data is required to resolve an unresolved dispute. We will inform you of any such limitations when processing your request.

Account closure through the platform settings initiates the 90-day post-cancellation retention period described above. If you wish to request immediate deletion, please submit a formal deletion request as described above.

Certain types of records created through ServiceSmartOS may be subject to minimum retention requirements under applicable legislation. Examples include:

• New Zealand: Health and Safety at Work Act 2015 and associated regulations may require certain safety records to be retained for specified minimum periods (e.g. notifiable event records, hazardous substance records).
• Australia: Work Health and Safety Act 2011 (Cth) and state/territory equivalents, as well as industry-specific regulations (e.g. asbestos regulations), may impose minimum record-keeping obligations.
• Employment records: Timesheet and attendance records may be subject to retention requirements under employment legislation.

You are responsible for ensuring that your retention practices comply with all applicable laws. We recommend maintaining your own copies of critical compliance records independently of your ServiceSmartOS subscription.

We may update this Data Retention Policy from time to time. Material changes will be notified in accordance with our Privacy Policy. Questions about data retention can be directed to support@servicesmartos.com.