StandardCard Security & Compliance

Data Deletion & Vendor Offboarding Standard

Requirements for deleting RPC data — including indexes, embeddings, logs and backups — once a vendor engagement, pilot or PoC concludes.

v1.0effective 2025-04-30

Purpose

This standard defines what a third-party vendor must do with RPC data once an engagement, trial or proof-of-concept ends, so that no residual copy of RPC data remains outside RPC's control.

Scope of deletion

Deletion obligations cover every derived artifact created from RPC source data, not only the original files: this includes search indexes, vector embeddings, model fine-tuning data, cached query logs, analytics events and backups, wherever they reside.

Timeline

Vendors must complete deletion within 30 calendar days of engagement end, and backups containing RPC data must be purged on their next rotation cycle and no later than 90 days after primary deletion.

Certificate of destruction

The vendor must provide a signed certificate of destruction listing each data store, index or backup purged, the deletion method used, and the date completed. Card Security & Compliance retains the certificate for the standard audit-evidence period of 7 years.

Retention holds

If RPC has issued a legal hold covering any of the data shared with the vendor, deletion of the held items is suspended until the hold is lifted in writing by RPC Legal, even if the standard 30-day timeline has elapsed.