Data Retention Policy
Last updated: April 2026 · Applies to all Hibiscus HR customers
Overview
Hibiscus HR manages your employee data through a three-tier retention model designed to balance your operational needs, privacy obligations under PIPEDA, and Canadian regulatory requirements (CRA, ESA, OHSA/WSIB).
Tier 1 — Active Subscription
While your subscription is active, all data is retained in full. You have complete access to all employee records, payroll history, compliance documents, and platform data. Data is stored in Microsoft Azure's Canada Central region, encrypted at rest and in transit.
- Full data access via the Hibiscus HR platform
- On-demand data export (JSON) available in Settings > Billing
- AES-256-GCM field-level encryption for SINs and banking data
- Automated daily database backups with 7-day point-in-time recovery
Tier 2 — After Cancellation
When you cancel your subscription:
- Days 1–90: Your data remains accessible. You can log in, export data, and use the platform in read-only mode. No charges are applied.
- Days 91–120: Your data is queued for deletion. During this window, regulated records (see Tier 3) are extracted and archived to long-term immutable storage.
- Day 120+: Non-regulated data is permanently and irreversibly deleted. The tenant database schema is dropped. User accounts are removed. A Deletion Certificate is generated documenting what was deleted and what was archived.
We recommend exporting all data before cancellation. Once deleted, non-regulated data cannot be recovered.
Tier 3 — Regulated Data Archive
Canadian law requires certain employment and financial records to be retained beyond the end of the business relationship. Before deleting your tenant data, we extract and archive the following categories to immutable (WORM — Write Once Read Many) storage:
| Data Category | Retention | Legal Basis |
|---|---|---|
| Payroll records | 7 years | CRA Income Tax Act s.230 |
| T4 / tax filings | 7 years | CRA Income Tax Act |
| ROE filings | 6 years | Service Canada |
| Benefits enrollment | 7 years | CRA taxable benefit reporting |
| Workplace incidents | 7 years | OHSA / WSIB |
| Employee records | 3 years after termination | ESA employment standards |
| Leave records | 3 years | ESA employment standards |
| Timesheets | 3 years | ESA employment standards |
| Performance reviews | 3 years | Employment standards |
Immutable Storage (WORM)
Regulated data is archived to Azure Blob Storage with a time-based immutability policy. This means:
- Once written, data cannot be modified or deleted by anyone — not Hibiscus HR staff, not the customer, not even the storage administrator — until the retention period expires.
- This provides tamper-proof, CRA audit-ready record keeping.
- Archives are encrypted at rest by Azure Storage Service Encryption (SSE).
- SINs within the archive remain encrypted with AES-256-GCM at the field level.
- Archives are stored in Azure Canada Central — data never leaves Canada.
Backup Retention
- Database backups: Azure Flexible Server provides automated daily backups with 7-day point-in-time recovery for active tenants.
- Post-deletion: After a tenant's schema is dropped, data may persist in database backups for up to 7 additional days. After this window, the data is irrecoverable.
- Document storage: Uploaded files (compliance documents, onboarding documents) are stored in Azure Blob Storage. These are deleted when the tenant schema is dropped and are not separately backed up beyond Azure's built-in redundancy.
Deletion Certificates
When your non-regulated data is permanently deleted, Hibiscus HR generates a Deletion Certificate documenting:
- Date and time of deletion
- What data categories were permanently deleted
- What data categories were archived for regulatory retention (with retention periods)
- Number of records in each category
- Confirmation that deletion is permanent and irreversible
Deletion Certificates are sent to the platform administrator and stored in our audit system. You may request a copy by contacting privacy@hibiscushr.ca.
Your Rights
As a customer, you can:
- Export all data at any time via Settings > Billing > Export Data
- Request individual employee data deletion by contacting our Privacy Officer (subject to regulatory retention obligations)
- Request a Deletion Certificate after your data has been purged
- Request access to archived regulatory data if needed for a CRA audit or legal proceeding
Contact
Questions about data retention? Contact our Privacy Officer at privacy@hibiscushr.ca.
This policy is effective as of April 2026. We may update it periodically — changes will be posted on this page with an updated date.