Data Security & Retention Policy

Policy quick links:
Privacy Policy
End-User License Agreement (EULA)
Data Security & Retention Policy (this page)

Data Security & Retention Policy - Les Industries Royalty Inc.

This document describes how Les Industries Royalty Inc. (“Company”, “we”, “us”, or “our”) secures, processes, and retains data within the GR Two-Way Communications integration service (the “Service”).

Last Updated: March 24, 2026

1. DATA PROCESSING ARCHITECTURE

The Service operates as an integration and automation layer between authorized software systems.

Its primary function is to:

  • transfer data between APIs
  • transform data formats when required
  • ensure reliable synchronization between systems

The Service does not operate as a primary data storage platform.

2. DATA MINIMIZATION

The Service is designed using data minimization principles, meaning it processes only the data required to complete authorized integrations.

Whenever possible, the Service processes data in transit only, without persistent storage.

3. TYPES OF DATA STORED

The Service may store the following limited types of information:

3.1 API Activity Logs

These logs support system monitoring and debugging.

They may include:

  • timestamps
  • endpoint identifiers
  • request status
  • error messages

API logs are retained for a minimum of one year.

3.2 Temporary Transaction Retry Storage

If a synchronization request fails, the Service may temporarily store transaction payloads to retry the transfer or diagnose errors.

This data:

  • is encrypted
  • has restricted access
  • is automatically deleted after 30 days

3.3 Integration Configuration Data

To maintain system connections, the Service may store:

  • integration settings
  • system identifiers
  • authentication tokens

These are stored securely and used only for maintaining authorized integrations.

4. SECURITY CONTROLS

Security measures implemented in the Service include:

  • encrypted communication (HTTPS/TLS)
  • secure cloud infrastructure
  • role-based access controls
  • restricted administrative access
  • automated monitoring and logging

Only authorized personnel may access system administration tools.

5. INFRASTRUCTURE SECURITY

The Service operates on secure cloud infrastructure designed to meet modern security standards, including:

  • network isolation
  • automated security patching
  • system monitoring
  • infrastructure-level encryption

6. DATA DELETION

Data stored temporarily within the Service is automatically deleted once it is no longer required for operational purposes.

Deletion timelines include:

  • temporary transaction data: removed after 30 days
  • logs: retained for at least 1 year
  • inactive integrations: removed upon account termination or service deactivation where applicable


7. INCIDENT RESPONSE

If a security issue affecting the Service is detected, the Company will take reasonable steps to:

  • investigate the incident
  • contain the issue
  • restore secure operation of the system


8. POLICY UPDATES

This policy may be updated as the Service evolves or as security practices improve.

The most recent version will always be available at the same public URL where this policy is published.