Security and Data Handling Overview

Respondy handles Client compliance records in a controlled environment designed to support secure storage, organized recordkeeping, and readiness for export or review when needed.

This page provides a plain English overview of how Respondy manages Client records used for ongoing compliance support. It is intended to help a prospective Client understand how records are handled before files are shared.

What This Page Covers

This page applies to Client compliance data and related records, including BOM data, supplier declarations, Technical File records, supporting evidence, and related compliance documentation.

Secure Handling

Client records are handled using encryption in transit and encryption at rest, along with protected storage. Respondy maintains version tracking and controlled retention practices so document history can be managed consistently over time.

Access Controls

Access to Client records is restricted and controlled, with MFA used to help protect access. The handling model is designed to limit unnecessary access and keep records available only to those who need them for the managed compliance process.

Record Retention and Continuity

Respondy maintains retained records to support continuity, document history, and export when needed.

10 year retention by default unless the Client requests earlier deletion in writing, subject to audit or legal retention needs.

Backups and Recoverability

Versioned storage and backups are used to support continuity and record recovery.

EU Data Residency Option

EU data residency can be supported for Clients who require it.

Client Access and Export Rights

The Client can access, export, retain, and produce the Technical File if needed.

Respondy's recordkeeping approach is intended to keep compliance materials organized so the Client can retrieve and use its records when responding to internal needs, customer requests, or regulatory review.

Role Boundary

Respondy manages the recordkeeping and document handling process, but the Client remains the legal manufacturer and signatory where applicable.

Respondy is not a law firm or notified body.

Incident Handling

If Respondy identifies a security issue affecting Client records, affected Clients will be notified promptly and provided with relevant information about the issue and the response being taken.