Data Use

Last Updated: Feb 17, 2025

1. Purpose

This Data Retention, Storage, and User Agreement ("Agreement") establishes the policies governing the collection, storage, retention, and disposal of data at OcuTrap Inc. ("Company") in compliance with applicable laws, industry regulations, and best practices. It also outlines the responsibilities of users handling Company data, including image and location-based data collected through OcuTrap Inc. products.

2. Scope

This Agreement applies to all employees, contractors, vendors, and third-party service providers who access, store, or process Company data. It covers all forms of data, including but not limited to electronic records, images, videos, GPS location data, metadata, system logs, and communication records.

3. Definitions
  • Company Data: All data generated, stored, and processed by OcuTrap Inc., including but not limited to customer information, operational data, images, videos, GPS data, metadata, system logs, and communication records.
  • User: Any individual or entity interacting with OcuTrap Inc. data, including employees, contractors, customers, and third-party service providers.
  • Authorized Access: Only authorized OcuTrap personnel are permitted to access and process Company Data. Unauthorized access or distribution of Company Data is strictly prohibited.
  • Data Disposal: While OcuTrap Inc. does not currently have a specific data deletion protocol, all data that exceeds its retention period shall be securely deleted in compliance with industry best practices and applicable laws.

4. Data Classification and Retention Periods
  • Critical Data: Essential business records such as financial statements, legal documents, and customer contracts. (Retention: 7 years or as required by law)
  • Confidential Data: Employee records, proprietary business information, security logs, and product-related source code. (Retention: 6 years after termination or as required by applicable regulations)
  • Image and Video Data: Photos, videos, and metadata captured by OcuTrap Inc. products. (Retention: 1 year unless required for ongoing service agreements, product enhancement, or legal compliance)
  • Location Data: GPS-based data collected by OcuTrap Inc. products. (Retention: 6 months unless required for compliance, analytics, or product development)
  • General Business Data: Internal communications, project files, and routine business documentation. (Retention: 2 years)
  • Temporary Data: Drafts, duplicates, and transitory communications. (Retention: 90 days)

5. Data Storage and Security

All Company data, including images and location-based data, must be stored securely using industry-standard security measures, including encryption and access controls. The Company employs secure cloud storage with multi-factor authentication for access.
Sensitive and confidential data shall be stored only in authorized locations, with role-based access permissions enforced. Location data and images must be anonymized and protected against unauthorized access, unless explicitly required for operational functionality.

6. Data Breach and Incident Response

In the event of a data breach, OcuTrap Inc. shall notify affected users as soon as possible and take immediate corrective actions. Customers will be notified in the event their data has been compromised.
Data breach mitigation efforts will follow security best practices, including isolating affected systems, assessing risks, and implementing preventive measures.

7. User Responsibilities and Acceptable Use
  • Use data only for authorized business purposes.
  • Maintain the confidentiality of sensitive information, including images and location data.
  • Not disclose, share, or transmit Company data outside approved channels.
  • Follow proper authentication and security protocols to prevent unauthorized access.
  • Report security incidents or data breaches immediately to the OcuTrap support team at support@ocutrap.com.
  • Ensure compliance with all location-based and image data handling policies as required by regulatory bodies.

8. Data Disposal and Destruction

Data that has exceeded its retention period shall be securely deleted or destroyed. Data disposal activities must be documented, and any exceptions must receive written approval from the Compliance Officer.

9. Data Subject Rights

Users have the right to request the deletion of their personal data. Requests for data deletion should be submitted via email to support@ocutrap.com.
For image and recognition-related data, refer to the OcuTrap Animal Image Recognition Policy for specific details on retention and deletion procedures.

10. Legal and Regulatory Compliance

OcuTrap Inc. complies with all applicable data protection regulations, including but not limited to relevant state and federal laws. In the event of litigation or government investigation, data subject to legal hold shall not be destroyed until the matter is resolved.

11. Policy Review and Updates

This Agreement shall be reviewed annually by OcuTrap Inc.’s team and updated as necessary to reflect changes in legal, business, or technological requirements.

12. Governing Law and Dispute Resolution

This Agreement shall be governed by and interpreted in accordance with the laws of the State of Texas. Any disputes arising under this Agreement shall be resolved in accordance with Texas state law.

13. Enforcement and Violations

Failure to comply with this Agreement may result in disciplinary action, including termination of employment or contract, legal penalties, and financial liability.

14. Acknowledgment

By using OcuTrap Inc. systems and services, you acknowledge that you have read, understood, and agree to comply with the terms of this Data Retention, Storage, and User Agreement.