H$
Hardline
Software · Not a lender
Pre-launch draft — pending licensed attorney review.
These documents are working drafts based on research synthesis. Hardline has not yet recorded counsel sign-off or verified final entity status in this codebase. Do not rely on these documents for live paid lending activity until counsel review, entity verification, effective dates, and archived document hashes are complete.

Document Retention and Destruction Policy

Operational policy governing how long Hardline retains records of each category, how those records are destroyed, who is responsible, and how the policy yields to a litigation hold when one is in place.

Version 1.0-draft · Last updated: 2026-05-10 · Effective: Pending counsel sign-off

Plain English summary.This policy tells Hardline how long to keep each kind of record before deleting it, and how to delete it. Most user-facing records are kept for the life of your account plus six years. Corporate, tax, and HR records follow longer statutory periods. Security and incident records run ten years. If a litigation hold is in place, deletion pauses on anything covered by the hold. The Qualified Individual is the custodian, the CEO signs off, and outside counsel weighs in before any destruction in a category tied to active litigation or a regulator. Read alongside the Privacy Policy, the Litigation Hold Policy, and the WISP. The detailed terms below control if there’s any conflict with this summary.

1.Purpose and Scope

This Policy establishes the period for which Hardline retains records of each category in its possession or control, the procedure by which records are destroyed at the end of that period, and the exceptions that suspend or extend retention. The Policy applies to records in any form: electronic files, emails, instant messages, Notion pages, code-repository contents, database rows, document-storage objects, log records, voicemails, recordings, and physical documents.

The Policy applies to every Hardline employee, contractor, officer, director, intern, and vendor who creates or holds Hardline records. Hardline expects vendors to follow at least the retention rules in this Policy with respect to Hardline records they process; vendor obligations are documented in Data Processing Addenda.

Goals: (a) compliance with statutory and regulatory retention obligations, (b) operational efficiency through disciplined disposal, and (c) data-protection minimization.

2.Roles and Responsibilities

  • Custodian. The Qualified Individual under the WISP (“QI”) is the records custodian, responsible for executing destruction on schedule, maintaining destruction logs, and ensuring vendor compliance.
  • Ultimate decisionmaker. The Chief Executive Officer is the ultimate decisionmaker on retention exceptions, destruction holds, and disputes.
  • Legal counsel. Outside counsel under Matter No. 005 of the Counsel Engagement Letter is consulted before any litigation hold is implemented, lifted, or modified, and before any record destruction in a category subject to active litigation, regulatory inquiry, or dispute.
  • All personnel. Do not retain Hardline records on personal devices, in personal cloud accounts, or in unmanaged tools; do not delete records ad hoc when in doubt; route retention questions to the QI.

3.Retention Schedule

The retention periods below are minimums. Records may be retained longer where a litigation hold, an active investigation, an open contract, an active engagement, or a regulatory requirement so requires. Where two periods conflict, the longer governs.

3.1User-Facing Records (Privacy Policy §11 alignment).
  • Account data (name, email, hashed password, account preferences): life of account + 6 years after closure.
  • Deal data (listing facts, deal metadata, transaction state machine): life of deal + 6 years.
  • Deal documents (LOIs, term sheets, loan documents): life of deal + 6 years; sensitive documents subject to enhanced minimization on Hardline’s side — redacted copies retained, originals deleted at 6 years unless hold attaches.
  • In-app messages between counterparties: life of deal + 6 years.
  • Lender preferences: life of account + 1 year.
  • Stripe Identity verification result (pass/fail/manual-review, no underlying documents): life of account + 6 years.
  • Biometric data: not retained by Hardline. Stripe Identity is the controller.
  • Session logs: 90 days.
  • Access logs: 13 months.
  • Email delivery logs (Resend metadata): 13 months.
  • Privacy-rights request records: 24 months minimum.
3.2Corporate Records.
  • Formation documents (Certificate of Incorporation, bylaws): permanent.
  • Stock records (cap table, stock-issuance ledger, option grants, 83(b) elections, exercise records): permanent.
  • Board minutes and written consents: permanent.
  • Stockholder consents and meeting records: permanent.
  • Annual reports, franchise-tax filings, foreign-qualification filings: permanent.
  • Corporate insurance policies: life of policy + 10 years.
  • D&O indemnification agreements: life of officer’s service + 10 years.
3.3Tax and Accounting.
  • Federal tax returns and supporting workpapers: 7 years from filing.
  • State tax returns: 7 years.
  • Sales / use / franchise tax records: 7 years.
  • 1099s: 7 years.
  • General ledger, AP, AR, bank statements, expense reports: 7 years.
  • Records of capital transactions: permanent.
3.4Human Resources (triggered on first hire).
  • Personnel files: term of employment + 7 years.
  • I-9 forms: later of 3 years from hire or 1 year from termination.
  • Payroll records, W-2s, W-4s: 7 years (FLSA + IRS).
  • Benefit-plan records, ERISA filings: 6 years from filing.
  • Workers’ comp claim files: 30 years.
  • OSHA logs: 5 years.
  • EEO-1 filings: 2 years.
  • Discrimination / harassment investigation files: 7 years post-resolution.
  • Resumes of non-hired applicants: 1 year.
3.5Contracts and Vendor Records.
  • Commercial contracts: life of contract + 6 years.
  • Data Processing Addenda: life of vendor relationship + 6 years.
  • Vendor due-diligence files: 6 years from termination.
  • Negotiation drafts and term sheets: 3 years from execution (or contract not executed).
3.6Security, Privacy, and Incident Records.
  • WISP, IRP, Breach Matrix, Privacy Policy: perpetual archive of all versions; diff between versions retained.
  • Risk assessments: 10 years.
  • Pen-test reports, vulnerability scans, bug-bounty submissions: 10 years.
  • Security-training records: 7 years.
  • Incident records (P0–P3, including no-impact false positives): 10 years.
  • Forensic-investigation reports: 10 years.
  • Breach-notification records and proof of delivery: 10 years.
  • DPIAs: life of processing activity + 6 years.
3.7Regulatory and Litigation.
  • Regulatory correspondence: 10 years from closure.
  • Subpoenas and responses: 10 years from response.
  • Regulatory filings: permanent.
  • Litigation files: subject to hold; 10 years post-resolution.
  • Settlement and consent agreements: permanent.
  • Demand letters received: 10 years.
3.8Intellectual Property.
  • Trademark / copyright registrations: permanent.
  • Source code (Git history): permanent for production branches; 5 years for feature branches after merge or abandonment.
  • Invention disclosures and assignments: permanent.

4.Litigation-Hold Override

When the Litigation Hold Policy is triggered, the destruction schedule in Section 3 is suspended for records within the scope of the hold. Records subject to a hold are not destroyed, anonymized, or modified until the hold is released by the CEO in writing in consultation with outside counsel.

Auto-deletion features in third-party tools (Slack message retention, Gmail trash auto-purge, Notion auto-archive, Supabase log rotation, Vercel log retention) are suspended for matters under hold. See Litigation Hold Policy §6 for auto-delete suspension procedures.

5.Destruction Methodology

5.1Digital records.
  • Database rows hard-deleted (DELETE not soft-delete); corresponding audit/backup rows deleted same schedule.
  • Document-store objects deleted with version-history purge.
  • Backups roll forward through retention windows; records deleted in production exit backups within 90 days.
  • Crypto-shredding may be used for at-rest-encrypted records when media cannot be reliably wiped.
  • Email archives purged from Google Vault upon retention expiration.
  • Disposed devices wiped using NIST SP 800-88 Rev. 1 Clear or Purge; SSDs require Purge (cryptographic erase).
5.2Physical records.

Cross-cut shredding (DIN 66399 level P-4 or higher; P-5 or higher for PI), or bonded shredding vendor with certificate of destruction.

5.3Vendor destruction.

Vendors instructed to destroy Hardline records (e.g., DPA termination) must provide written certificate of destruction within 30 days. Hardline retains certificates 10 years.

5.4Destruction log.

QI maintains destruction log recording: date, category and volume, method, executor, hold-screening evidence. Log retained permanently.

6.Audit and Certification

The QI conducts an annual audit reviewing (a) sampled categories from the schedule, (b) the destruction log, (c) the active-holds list against ongoing matters known to outside counsel, (d) vendor destruction-certificate completeness, and (e) exceptions granted. Audit summarized in written report to the CEO; retained permanently.

The CEO certifies annually, in writing, that this Policy is being followed. Certification retained permanently.

7.Exceptions

  • Business-need exception: extends retention for a defined purpose beyond the standard period.
  • Legal-hold exception: automatic upon hold attachment.
  • Regulatory-requirement exception: extends retention for a regulator-specific requirement not anticipated.
  • Anonymization in lieu of deletion: permitted for aggregate analytics where personal identifiers are irreversibly removed; counsel consulted on adequacy.

Exceptions reviewed annually; lapse on stated end date unless re-granted.

8.Policy Maintenance

This Policy is reviewed annually and amended as necessary. QI proposes amendments; CEO approves. Each version archived under the perpetual-retention category for security policies.