Data Retention This section is designed to function both as a public-facing retention notice and as an internal baseline policy for configuration, support, and contracting. Exact periods should be aligned with actual product behavior, backup architecture, legal obligations, and customer-specific agreements.

1. Retention Principles SaraMedico retains data only for as long as reasonably necessary to provide the Services, meet legal and contractual obligations, support security and audit requirements, resolve disputes, and enforce agreements. Where product controls allow customers to configure shorter or longer retention periods, those configured settings will govern unless law or contract requires otherwise.

2. Customer Responsibility Customers are responsible for selecting a plan and configuration suitable for their recordkeeping obligations, exporting information they need to preserve, and ensuring that their own regulatory retention requirements are met. Unless expressly agreed in writing, SaraMedico does not act as the customer's designated legal record archive.

3. Deletion Requests When a customer deletes content, SaraMedico may remove it from active systems promptly but retain limited copies in backups, logs, or legally required archives for a defined period before final purge. Illustrative Retention Schedule Data Category Default Retention Customer Controls Notes Account profile and organization settings For life of account plus up to 90 days after termination Limited May be retained longer for billing, audit, or legal needs. Uploaded documents and OCR source files Until deleted by customer or end of subscription; purge window up to 30 days from active storage Yes Customer-specific retention options may apply by plan. Generated transcripts, summaries, and draft notes Until deleted by customer or end of subscription; purge window up to 30 days from active storage Yes May remain in backups for limited additional period. Visit audio recordings Configurable by plan; suggested default 30 to 180 days Yes Sensitive category; customers should configure according to consent and recordkeeping policies. Audit logs and access history At least 12 months; longer for enterprise plans Limited Retained to support security, compliance, and investigations. Support tickets and implementation correspondence Up to 24 months after closure No/limited May be retained longer if needed for ongoing account issues. Billing and tax records As required by law, commonly 7 years No Maintained separately from clinical workflows where possible. Backups and disaster recovery copies Rolling backup cycle, commonly 30 to 90 days No Backups are purged according to infrastructure lifecycle. De-identified analytics and telemetry As long as reasonably necessary for product improvement and security Limited Must not identify patients or customers contrary to contract.

4. Terminated Accounts · After cancellation or non-renewal, customer access may remain available for a short export window if included in the applicable plan or enterprise agreement. · After the export window ends, SaraMedico may disable access and begin deletion workflows for customer data from active systems. · Certain records may be retained longer where necessary for payment collection, fraud prevention, security, dispute resolution, or legal compliance.

5. Legal Holds and Exceptions · SaraMedico may suspend deletion where necessary to comply with law, court order, subpoena, government inquiry, or a documented legal hold. · Where a customer requests preservation for litigation, investigation, or transition support, additional fees or a separate statement of work may apply.

6. Backups and Residual Copies · Deleted data may remain in encrypted backups or replicated systems until those media are overwritten in the ordinary course. · Backup copies are not intended for day-to-day retrieval of individual deleted records except where needed for disaster recovery, security analysis, or legal obligations.

7. Public-Facing Short Version · SaraMedico retains customer data for the duration of the subscription and for a limited period afterward to support account closure, security, legal, and backup obligations. · Customers can request or configure shorter retention for selected data types where supported by their plan. · Until a signed agreement states otherwise, customers should export needed data before cancellation becomes effective.