Data Retention Policy
Last updated on July 1, 2025
1. Introduction
This Data Retention Policy outlines the principles and guidelines for the retention, storage, and disposal of data by Manitou Research Inc. (hereinafter "the Company", "Manitou", or "articleOne"). Our goal is to ensure that user data is managed responsibly, securely, and in compliance with applicable laws and regulations while supporting our business operations and service delivery.
2. Scope
This policy applies to all employees, contractors, and third-party service providers who handle or manage data on behalf of Manitou Research Inc. anywhere we operate. Manitou Research operates exclusively within the United States and stores all user data on servers physically located within the United States.
3. Roles and Responsibilities
All Manitou Research personnel are responsible for implementing and adhering to this Data Retention Policy. This includes ensuring appropriate data collection, use, retention, and disposal practices in accordance with applicable laws and company policies.
4. Data Retention Principles
- Purpose Limitation: Data is retained only for as long as necessary to fulfill the specific business purposes for which it was collected.
- Legal Compliance: Retention periods comply with applicable legal obligations and regulatory requirements.
- Minimization: We collect and retain only the minimum amount of data necessary to provide our services effectively.
- Security: All retained data is protected using appropriate technical and organizational security measures.
- Transparency: Users are informed about our data retention practices through our privacy policies and terms of service.
5. Data Retention Periods
Company Data is only retained for as long as necessary to fulfill the purposes for which it was collected (i.e. to provide services to the user or organization), comply with legal obligations, address system performance and technical issues, analyze trends, and generally improve the service.
Typically, most Personal Information is retained in an identifiable and attributable form for no more than twelve months. After twelve months, Manitou Research strips identifying metadata unless the user has indicated or otherwise caused continuing retention in an identifiable format, such as through sending a new message to a thread that contains message history that is older than twelve months, thereby resetting the rolling twelve-month period of retention.
Where we have effectively de-identified data we may retain it for various purposes indefinitely.
| Data Type | Description | Retention Period |
|---|---|---|
| Anonymous | Information that neither Manitou nor any other entity is reasonably able to link to a specific individual, regardless of whether it is combined with additional information. | Indefinitely |
| Pseudonymous | Information that has been stripped of identifiers and is unable to be linked to a specific individual on its own. Manitou may be able to link it to a specific individual when combined with additional information held separately. | Indefinitely |
| Personal Information | Information that can reasonably be linked to an identified or identifiable natural person. | 12 months |
6. The Retention Lifecycle
Our data retention process follows a structured lifecycle approach:
- Identify Business Purpose: Typically, Manitou collects information from a user or organization for the express business purpose of providing services to the user or organization, to improve the platform, and to perform aggregated analysis.
- Collection: We only collect data from a user or organization required to fulfill the business purpose as identified in the previous step.
- Use: We only use the information for the business purpose for which we collected it or for related purposes. Where Manitou would like to use Personal Information for secondary uses, we must issue notice of the new use and obtain the consent of the data subject.
- Review: Data is regularly reviewed to determine if it still serves its original business purpose and whether retention remains necessary.
- Disposal: When data is no longer needed, it is securely disposed of in accordance with our data disposal procedures.
7. Security
All retained data is protected using industry-standard security measures, including:
- Encryption in transit and at rest
- Access controls and authentication
- Regular security audits and monitoring
- Secure backup and recovery procedures
- Employee training on data protection practices
8. Storage Location
All Manitou Research user data is stored on servers physically located in the United States. We maintain appropriate safeguards to protect data throughout its lifecycle, from collection through disposal.
9. Data Disposal
When data reaches the end of its retention period or is no longer needed for business purposes, it is securely disposed of using methods appropriate to the data type and storage medium. This includes secure deletion of electronic data and physical destruction of paper records where applicable.
10. Compliance and Monitoring
This policy is regularly reviewed and updated to ensure continued compliance with applicable laws and regulations. All data retention activities are monitored and audited to ensure adherence to this policy and relevant legal requirements.
11. Contact Information
For questions about this Data Retention Policy or to request information about data retention practices, please contact our Data Protection Officer at the Chief Operating Officer level within Manitou Research.
12. Policy Updates
This Data Retention Policy may be updated from time to time to reflect changes in our practices, applicable laws, or regulatory requirements. Any material changes will be communicated to affected users in accordance with our Privacy Policy and Terms of Service.