Asgard Forensics
Digital Intelligence
Initializing security check…
ACCESS GRANTED
VPN / Proxy detected — disable VPN and reload to continue
Secure · Verified · Protected
📄 Best experienced on desktop — for full case management, evidence uploads, and portal access we recommend a web browser on PC or tablet.

Data Retention Policy

Last updated: June 2026

1. Purpose and Principles

This Data Retention Policy sets out how long ASG Forensics retains different categories of data related to clients, engagements, and business operations. Our retention approach is governed by two competing obligations: (a) the need to retain data long enough to meet legitimate business, legal, and regulatory requirements; and (b) the obligation to dispose of data when it is no longer needed, in order to minimise risk and honour the privacy of individuals whose information we hold. Retention periods are set to reflect these considerations and are reviewed periodically. Data is never retained beyond the applicable retention period unless a specific legal or operational reason exists.

2. Categories of Data We Retain and Retention Periods

The following table describes the primary data categories held by ASG Forensics and their applicable retention periods:

  • Client contact and identity information (name, email address, organisation, contact number): Retained for the duration of the engagement plus seven (7) years from the date of the final invoice or the date the engagement was formally closed, whichever is later. This period reflects standard commercial record-keeping obligations and the limitation period applicable to most contract disputes.
  • Submitted evidence files (uploaded files, images, transaction records, device images): Retained for twelve (12) months following delivery of the final forensic report. Clients will be notified prior to disposal. Extended retention is available on request and may be subject to additional fees.
  • Forensic reports and associated appendices: Retained for five (5) years following delivery. Reports constitute primary business records and may be required for legal proceedings or client reference within this period.
  • Case notes and analyst working files: Retained for three (3) years following case closure. Working files are internal records used for quality assurance and are not client-facing.
  • Chain of custody logs: Retained for five (5) years following case closure, reflecting the potential for legal proceedings to arise after the initial engagement period.
  • Communication records (portal messages, email correspondence relating to an engagement): Retained for three (3) years following case closure.
  • Payment and billing records: Retained for seven (7) years from the date of the transaction, in compliance with financial record-keeping obligations applicable in our operating jurisdiction.
  • Portal authentication logs (login timestamps, IP addresses, session events): Retained for twelve (12) months from the date of the event for security and audit purposes.
  • Intake form submissions that did not result in an engagement: Retained for ninety (90) days from submission, after which they are deleted unless the submitting party subsequently commences an engagement.
  • Abuse reports and policy violation records: Retained indefinitely where they relate to a confirmed policy violation or a matter reported to law enforcement. Otherwise retained for two (2) years.

3. Why Retention Periods Exist

Retention periods are set to serve specific, identifiable purposes:

  • Legal obligations: Certain categories of records — particularly financial records — must be retained for defined periods under legislation such as the Companies Act and tax law. Failure to retain these records would be unlawful.
  • Dispute resolution: In the event of a dispute about the scope or findings of an engagement, retention of case records, communications, and reports allows both parties to refer to the documented history of the engagement. Retention periods that align with limitation periods serve this purpose.
  • Quality assurance: Retaining working files and methodology records for a period after case closure allows ASG Forensics to conduct internal reviews of analytical quality.
  • Security monitoring: Authentication logs retained for twelve months allow ASG Forensics to investigate security incidents that may not be identified immediately.
  • Client reference: Clients may contact us within the retention period to request re-delivery of a report or to provide supplementary evidence for an existing matter. Retained case records allow us to service these requests.

4. Data That Is Deleted After Engagement Closure

Certain categories of data are deleted promptly following the conclusion of an engagement and are not retained beyond that point:

  • Temporary working files created during analysis that are not part of the final evidentiary record
  • Duplicate copies of evidence files created for processing purposes where the hash-verified original is retained
  • Intermediate analytical outputs that have been superseded by final findings
  • Browser or session data from portal sessions
  • Any data that was determined to be out of scope and was not incorporated into the analysis

5. Secure Deletion Practices

When data reaches the end of its retention period, ASG Forensics performs secure deletion in accordance with NIST SP 800-88 guidance. For data held on standard solid-state or magnetic storage, the Clear method (overwriting with a recognised pattern) is applied as a minimum. For data held on storage media that is to be decommissioned, the Purge method (cryptographic erasure or physical destruction, as appropriate to the media type) is used. Simple file deletion, which leaves data recoverable, is not used as the sole disposal method for any category of retained data. Secure deletion events are logged with a timestamp, data category, and confirmation of the method used.

6. Backup and Archive Approach

ASG Forensics maintains encrypted backups of case data for business continuity purposes. Backups are subject to the same retention periods as the primary data they contain — a backup copy does not extend the retention period of the underlying data. When the retention period for a category of data expires, that data is removed from both primary storage and all backup sets before the retention period is considered closed. Backup media that has been decommissioned is subject to the same secure disposal process as primary storage.

7. Client Requests for Early Deletion

Clients may submit a written request for the early deletion of their data, or a specified subset of their data, by contacting ASG Forensics at the support email address on our Contact page. Requests will be assessed against the following criteria:

  • Whether any legal obligation prevents deletion (for example, a legal hold, a court order, or a mandatory minimum retention period under financial law)
  • Whether the data is required for the resolution of a current or reasonably anticipated dispute
  • Whether the data is subject to a legitimate business need that cannot be met by anonymisation or partial deletion

Where a request for deletion can be fulfilled in whole or in part, ASG Forensics will do so within thirty (30) days and will confirm the deletion in writing. Where deletion cannot be fulfilled, we will explain the reason and indicate when deletion will occur.

8. Legal Holds

Where ASG Forensics is notified of active or reasonably anticipated legal proceedings that involve data it holds, or where a court order or other legal instrument requires the preservation of specific data, normal retention schedules are suspended for the affected data. Data subject to a legal hold will not be deleted until the hold is lifted by the relevant authority or the proceedings are concluded. Clients who become aware of proceedings that may affect their case data held by ASG Forensics should notify us promptly so that the appropriate hold can be applied.

9. Changes to This Policy

Retention periods and practices will be reviewed at least annually and may be revised in response to changes in applicable law, regulatory guidance, or business requirements. Material changes to this policy will be published on this page with an updated date. Where a change shortens the retention period for a data category, ASG Forensics will apply the new period to data held at the time of the change, subject to any legal hold or legal minimum retention obligation that prevents earlier deletion.

Open Case