1. PURPOSE & SCOPE

This policy defines the lifecycle of all Intelligence Assets (data) processed by DarieX Systems. It establishes the strict timelines for the Retention (storage) and Destruction (deletion) of Client data to ensure operational security and legal compliance. The Principle of Minimal Existence: Data is a liability. We retain it only as long as necessary to execute the mission, then we destroy it.

2. DATA CLASSIFICATION LEVELS

To determine retention schedules, all incoming data is automatically assigned a Security Classification Level:

• LEVEL 1 (ADMINISTRATIVE): Invoices, Account Settings, Service Contracts.

• LEVEL 2 (INTELLIGENCE PRODUCT): The final PDF Reports generated by DarieX.

• LEVEL 3 (RAW SIGINT): The original raw text logs, audio files, and screenshots uploaded by the Client.

3. RETENTION SCHEDULES

A. Raw Data (Level 3 - High Risk)

• Standard Retention: 30 Days after Report Delivery.

  Reasoning: To allow for Client review or correction of the report.

• Action: On Day 31, data enters the "Burn Queue" for permanent deletion.

B. Final Reports (Level 2 - Medium Risk

• Standard Retention: 1 Year.

  Reasoning: Clients often need to re-download reports for court dates or HR meetings months later.

Action: On Day 366, reports are purged

C.Administrative & Financial (Level 1 - Low Risk)

Standard Retention: 7 Years.

• Reasoning: Mandated by the Canada Revenue Agency (CRA) for tax and audit purposes.

• Constraint: This data is strictly financial (Name, Amount, Date). It contains NO chat logs or analysis details.

4. DESTRUCTION PROTOCOLS ("THE BURN")

When data reaches its expiration date, it is not merely "deleted" (which leaves digital ghosts); it is Sanitized.

• Digital Sanitization: We utilize NIST 800-88 Guidelines for media sanitization. Storage sectors are overwritten with random binary data to render recovery impossible.

• Physical Destruction: Any hard drives or physical servers decommissioned by DarieX are physically shredded or degaussed prior to disposal.

5. "RIGHT TO BE FORGOTTEN" (IMMEDIATE PURGE)

A Client may request an Immediate Purge of their data before the standard 30-day window.

• Process: Client must submit a ticket with the subject line [PURGE REQUEST].

• Verification: To prevent malicious deletion by hackers, we verify identity via email confirmation.

• Execution: Upon verification, all Level 2 and Level 3 data is destroyed within 24 hours. Level 1 (Tax) data remains for legal reasons.

6. LEGAL HOLDS

It is DarieX policy to thoroughly inspect all Subpoenas and other valid legal requests for data in our possession to ensure proper legal compliance by the officials request the data.

It is further Policy of DarieX to challenge the Subpoenas and other legal requests for dat in our possession, when a request appears to not have legal standing in Ontario. Canada, it’s provinces and territories have strict privacy laws and requests from any government body, including their legal system, must comply with the privacy laws of Canada, its provinces, and territories.

In the event of a valid Court Order or Subpoena served in the Province of Ontario:

• The automatic destruction timer is PAUSED for the specific Case ID named in the warrant.

• Data is moved to a "Legal Hold" container.

• No data is modified or destroyed until the Hold is lifted by legal counsel.

DATA RETENTION & DESTRUCTION POLICY (DRDP)

CLASSIFICATION: PUBLIC / COMPLIANCE AUTHORITY: DARIEX SECURITY DIRECTORATE JURISDICTION: ONTARIO, CANADA (PIPEDA COMPLIANT)

SEE WHAT THEY CAN'T HIDE

DARIEX 2026 ALL RIGHTS RESERVED

TM

TM