Summit Digital Innovations Policies
Last Updated: January 1, 2025
Welcome to our policy center. At Summit Digital Innovations, we are committed to transparency about how we protect your data, maintain security, and comply with legal and regulatory requirements. Below you'll find all of our policies in one place.
Privacy Policy
Effective Date: January 1, 2025
Our Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your personal data. We are committed to protecting your privacy and complying with GDPR, CCPA, and other data protection laws.
Topics covered: Data collection, use of information, third-party sharing, user rights, cookies, GDPR compliance, CCPA compliance
Information Security & Incident Response Policy
Effective Date: January 1, 2025
Our Security Policy describes the technical and organizational measures we use to protect your data from unauthorized access, loss, or corruption. It also outlines how we detect, respond to, and recover from security incidents.
Topics covered: Encryption, access control, monitoring, vulnerability management, incident response, penetration testing, compliance certifications
Data Retention & Deletion Policy
Effective Date: January 1, 2025
Our Data Retention Policy explains how long we keep your data, the legal reasons for retention, and how we securely delete data when retention periods expire. Financial records are retained for 7 years per IRS requirements; other data is deleted within 90 days of account closure.
Topics covered: Retention periods by data type, legal basis for retention, data deletion procedures, user-requested deletion, GDPR right to erasure
Audit Log Retention Policy
Effective Date: January 1, 2025
Our Audit Log Retention Policy describes what user and system activities we log, how audit logs are used for security and compliance, and how long logs are retained. Audit logs are kept for 1 year and include authentication events, financial record changes, and permission modifications.
Topics covered: What we log, authentication events, financial record changes, security events, access to logs, immutability, 1-year retention
Backup Retention Policy
Effective Date: January 1, 2025
Our Backup Retention Policy explains how we back up your data, how long backups are retained, and how we restore data in the event of loss or corruption. Continuous backups with 30-day point-in-time recovery, daily snapshots retained for 90 days, and 4-hour disaster recovery guarantee.
Topics covered: Backup types and frequency, continuous backups, daily snapshots, 90-day retention, disaster recovery, restoration procedures, RTO/RPO
Compliance Summary
Summit Digital Innovations is committed to compliance with the following regulations and standards:
- GDPR (General Data Protection Regulation): Data protection and privacy for EU users
- CCPA (California Consumer Privacy Act): Privacy rights for California residents
- GLBA (Gramm-Leach-Bliley Act): Financial data protection requirements
- IRS Regulations: 7-year retention of financial records for tax compliance
- SOX (Sarbanes-Oxley Act): Financial recordkeeping and audit trail requirements (for applicable customers)
- PCI DSS: Payment card security (via Stripe, our PCI-certified payment processor)
Certification Roadmap
We are actively working toward the following security certifications:
- SOC 2 Type II: Planned for 2026 — Independent audit of security controls
- ISO 27001: Planned for 2027 — Information security management system certification
Questions or Concerns?
If you have questions about any of our policies, need clarification, or want to exercise your data rights (access, correction, deletion), please contact us:
Summit Digital Innovations
Privacy & Compliance: privacy@summit-di.com
Security Team: security@summit-di.com
General Support: support@summit-di.com
Website: www.summit-di.com
Policy Updates
Our policies are reviewed and updated periodically to reflect changes in our practices, legal requirements, and industry standards. When material changes are made, we will notify active users via email and in-app notification. The effective date at the top of each policy indicates when it was last updated.