Legal, Risk & Compliance
The formal policies that keep TechAbout and its people protected — confidentiality, intellectual property, anti-bribery, whistleblowing, data privacy, and responsible use of AI.
Records Management & Retention
This policy explains what business records TechAbout keeps, how long we keep them, and how we dispose of them safely. It applies to everyone who creates or handles company records; clients and candidates may read it to understand how we manage the information we hold about them.
Purpose
Good records let us meet our tax, legal, and contractual obligations, answer questions from auditors and regulators, and protect our people and clients if a dispute ever arises. Keeping the right records for the right length of time — and securely destroying what we no longer need — reduces both legal risk and privacy exposure.
Scope / Who This Applies To
This policy covers all business records created or received in the course of TechAbout's work, in any format: documents, emails, spreadsheets, contracts, invoices, ERPNext/Frappe data, design files, code, and paper. It applies to all employees and to anyone acting on TechAbout's behalf. It does not change your day-to-day security habits for devices and passwords — see Data Security, Devices & Passwords.
The Policy
Record categories
We group records so retention is predictable:
- Financial & tax — invoices, receipts, ledgers, payroll and tax filings, bank records (kept in ERPNext and supporting stores).
- Employment & HR — offer letters, contracts, personnel files, attendance, and payroll data. Personal data is held on a need-to-know basis.
- Client & commercial contracts — signed agreements, statements of work, change orders, and key deliverables.
- Correspondence & operational records — business emails, meeting decisions, project documentation, and support records.
How long we keep records
- We keep each record for at least the statutory minimum retention period that applies under Pakistan law — including obligations under the Companies Act 2017 and applicable tax rules — and, where relevant, longer to cover the period a claim could reasonably be brought.
- For international-client work, we also respect contractual retention terms and align toward recognised standards such as GDPR data-minimisation and ISO/IEC 27001 practices where they apply.
- The exact minimum periods depend on the record type and are subject to review by qualified local counsel and our auditors and to current law. When in doubt, keep the record and ask before deleting.
Secure disposal
- Records that have passed their retention period and are not under legal hold should be disposed of securely, not simply left lying around.
- Paper: shred confidential documents; do not put them in ordinary rubbish or recycling intact.
- Digital: delete from primary systems and backups where feasible, empty deleted-item stores, and use secure wiping for devices being retired, reassigned, or disposed of. Coordinate with admin@techabout.com before wiping any device.
Legal hold
If records may be relevant to a dispute, claim, audit, or investigation, you must not alter, delete, or destroy them — even if their normal retention period has ended.
- A legal hold pauses routine disposal. It takes effect as soon as you become aware a matter is reasonably anticipated, and stays in force until it is lifted in writing by the team that manages ethics and compliance.
- Destroying records under hold can amount to spoliation and may carry legal consequences. Where the records are electronic, tampering or deletion may also fall under the Prevention of Electronic Crimes Act 2016 (PECA); how any specific law applies is subject to review by qualified local counsel. Preserve everything and route questions through the mailbox below.
What To Do / How To Report
- Unsure how long to keep something, or asked to delete records you suspect are relevant to a matter? Stop and email ethics@techabout.com before acting.
- Received a legal hold notice? Acknowledge it, preserve the records, and do not discuss the underlying matter outside the hold.
- For questions about backups, restoration, and business continuity, contact security@techabout.com and read this policy alongside our information-security guidance.
Consequences
Improper destruction, tampering, or ignoring a legal hold is a serious matter and may lead to disciplinary action up to termination, and can expose TechAbout and individuals to legal liability. Honest mistakes reported promptly are treated very differently from concealment.
Questions? Contact ethics@techabout.com.
Have a compliance question?
When in doubt, ask before you act. Email ethics@techabout.com for anything sensitive.