Data Policy
Data Policy — Caz Brain
This page explains how business, client, and website data is handled, stored, retained, protected, and reviewed.
Data categories
We may handle enquiry data, client data, internal workflow data, CRM data, communications, project documents, analytics data, and operational data required for service delivery.
Purpose limitation
Data is handled only for defined operational, contractual, support, security, analytics, and compliance purposes.
Access controls
Access to data should be limited on a need-to-know basis and supported by role-based controls where applicable.
Retention and deletion
Data should be retained only for as long as required for delivery, accounting, security, legal, and compliance purposes, then archived or deleted in a controlled manner.
Security practices
We aim to use appropriate safeguards such as access controls, audit visibility, restricted sharing, secure hosting, and reasonable protection against unauthorised disclosure or misuse.
Incident response
If a material data incident occurs, it should be reviewed and handled in line with applicable legal and operational obligations.
This page is a practical website policy template and should be reviewed by compliance and legal advisors before production use.