Matthew Strahan 17 Jul 2025
Overview
This policy governs the length of time data is retained at Volkis. These retention lengths will direct secure deletion at Volkis. The times of deletion may vary depending on when archiving and deletion is scheduled.
Retention length may differ based on client and contractual requirements.
Data retention lengths
| Data type | Retention length |
|---|---|
| Data marked as Personally Identifiable Information collected during client engagements | Not retained |
| Penetration testing data | 3 months after archiving |
| Client compliance supporting documentation | 2 years |
| Security testing Reports | 2 years |
| Compliance reports Reports | 2 years |
| Client contact information | Indefinite |
| Project management data | Indefinite |
| Client and partner signed legal documentation | Indefinite |
| Client proposal acceptance | Indefinite |
| Tax and superannuation records for employees | 5 years |
Archiving is performed following the conclusion of all testing activities including retesting, debriefs, and direct testing follow-ups.