Our policy is aligned with global data protection regulations (e.g., GDPR, CCPA). PII is encrypted at rest and in transit. Data retention follows client-defined or regulatory-mandated periods, after which it is securely and permanently destroyed, with a detailed audit trail of the destruction process.