DOCUMENT RETENTION POLICY V8
DOCUMENT RETENTION POLICY
VERSION 8.0 | MARCH 2026
GROOVY COMPANY, INC. DBA OTCM PROTOCOL
Wyoming Corporation | CIK: 1499275 | OTC: GROO | 12 Daniel Rd East, Fairfield, NJ 07004
SEC Category 1 Model B | Release No. 33-11412 | BOARD APPROVED | CONFIDENTIAL
|
Field |
Value |
|
Document ID |
OTCM-POL-DRP-001 |
|
Version |
8.0 (supersedes V1.0) |
|
Effective Date |
March 2026 |
|
Approved By |
Board of Directors |
|
Legal Entity |
Groovy Company, Inc. dba OTCM Protocol |
|
Governing Law |
Federal Securities Law, Wyoming Business Corporation Act, and New Jersey State Law |
Article I: Purpose and Scope
Section 1.1 — Purpose
This Document Retention Policy (the “Policy”) establishes standards and procedures for the retention, preservation, and destruction of Company records. The Policy ensures compliance with legal and regulatory requirements, protects the Company in litigation, supports business operations, protects sensitive information, manages storage costs, and preserves blockchain records appropriately.
Section 1.2 — Regulatory Framework
|
Regulation |
Retention Impact |
|
Securities Exchange Act of 1934 |
Broker-dealer and transfer agent records |
|
SEC Rules 17a-3, 17a-4 |
Books and records requirements |
|
SEC Rules 17Ad-6, 17Ad-7 |
Transfer agent recordkeeping (Empire Stock Transfer) |
|
Sarbanes-Oxley Act |
Audit workpapers, financial records |
|
IRS Code Section 6001 |
Tax records |
|
ERISA |
Employee benefit records |
|
Wyoming Business Corporation Act |
Corporate records |
|
Release No. 33-11412 |
Category 5 Digital Securities records (March 17, 2026, binding) |
|
Bank Secrecy Act |
KYC/KYW/AML/OFAC records (5-year minimum) |
Section 1.3 — Scope
This Policy applies to all records created, received, or maintained by the Company, including paper documents, electronic files, blockchain records (smart contracts, transaction logs, wallet data on Solana), media, communications, and cloud data.
Article II: Definitions
“Record” — any information, regardless of form, created, received, or maintained by the Company, including documents, data, and blockchain entries.
“Blockchain Record” — any data stored on the Solana blockchain, including smart contract code, transaction signatures, wallet addresses, token transfers, and metadata associated with ST22 Digital Securities or OTCM Utility Tokens.
“Litigation Hold” — a directive to preserve all documents and records potentially relevant to pending, threatened, or reasonably anticipated litigation, government investigation, or audit.
“Record Custodian” — the department or individual responsible for maintaining specific categories of records.
“Destruction” — the permanent elimination of records through shredding, incineration, secure deletion, or other means rendering the record unreadable and unrecoverable.
“Permanent Record” — a record retained indefinitely due to legal requirements, historical significance, or ongoing business value.
Article III: Document Retention Schedule
Section 3.1 — Corporate Records
|
Record Type |
Retention |
Notes |
|
Articles of Incorporation |
Permanent |
Including all amendments |
|
Bylaws |
Permanent |
Including all amendments |
|
Board / Committee Minutes |
Permanent |
All board and committee meetings |
|
Shareholder Meeting Minutes |
Permanent |
Annual and special meetings |
|
Stock Ledger |
Permanent |
All ownership records |
|
Board/Committee Resolutions |
Permanent |
All formal resolutions including Common B authorizations |
|
DBA Filings |
Permanent |
OTCM Protocol assumed name certificates |
|
Annual Reports to State |
Permanent |
All jurisdictions (Wyoming, NJ) |
Section 3.2 — Financial Records
|
Record Type |
Retention |
Notes |
|
Annual Financial Statements |
Permanent |
Audited statements |
|
Quarterly Financial Statements |
7 years |
Internal and external |
|
General Ledger |
Permanent |
All entries |
|
AP/AR Records |
7 years |
Invoices, payments, collections |
|
Bank Statements / Reconciliations |
7 years |
All accounts including stablecoin wallets |
|
Audit Reports / Workpapers |
Permanent / 7 years |
Reports permanent; workpapers 7 years per SOX |
Section 3.3 — Tax Records
|
Record Type |
Retention |
Notes |
|
Income Tax Returns |
Permanent |
Federal and state |
|
Tax Workpapers |
7 years |
Supporting documentation |
|
Payroll Tax Returns / W-2s |
7 years |
All filings and wage statements |
|
1099 Forms Issued |
7 years |
Information returns |
|
Property Tax / Tax Exemptions |
Permanent |
Assessments, certificates, rulings |
Section 3.4 — Employment Records
|
Record Type |
Retention |
Notes |
|
Personnel Files |
7 years after termination |
General employment records |
|
I-9 Forms |
3 years after hire or 1 year after termination (longer) |
Immigration verification |
|
Payroll Records |
7 years |
Wages, deductions, hours |
|
Benefits Records |
7 years after plan termination |
ERISA requirement |
|
Background Checks |
5 years |
Per FCRA |
|
OSHA Records |
5 years |
Injury/illness logs |
Section 3.5 — Contracts and Legal
|
Record Type |
Retention |
Notes |
|
Executed Contracts |
10 years after expiration |
All material contracts |
|
Real Estate Documents |
Permanent |
Deeds, leases, mortgages |
|
Intellectual Property |
Permanent |
Patents, trademarks, copyrights, IP assignments |
|
Litigation Files |
10 years after resolution |
All legal matters |
|
NDAs / Confidentiality |
10 years after expiration |
Global NDA and all issuer NDAs |
|
Insurance Policies / Claims |
Permanent / 10 years |
Policies permanent; claims 10 years after settlement |
|
Legal Opinions |
Permanent |
All Legal Counsel opinions |
Section 3.6 — Securities and Regulatory Records
|
Record Type |
Retention |
Notes |
|
SEC Filings (10-K, 10-Q, 8-K) |
Permanent |
All forms filed with SEC EDGAR |
|
Form D Filings |
Permanent |
Reg D exemption notices |
|
Private Placement Memoranda |
Permanent |
PPM V8 and all prior versions |
|
Subscription Agreements |
Permanent |
All investor subscriptions |
|
Accredited Investor Verification |
7 years |
Empire Stock Transfer verification documentation |
|
Cap Table Records |
Permanent |
All ownership records including Common B register |
|
Insider Trading Records |
7 years |
Pre-clearance, blackout, wallet registrations |
|
Related Party Transaction Records |
7 years |
Approvals, documentation, questionnaires |
|
Section 16 Filings |
Permanent |
Forms 3, 4, 5 |
|
SEC Crypto Task Force Correspondence |
Permanent |
All regulatory engagement materials |
|
No-Action Letter Materials |
Permanent |
Consolidated no-action letter and all drafts |
Article IV: Blockchain and Digital Asset Records
Blockchain records are inherently immutable and cannot be deleted. This Policy addresses retention of related off-chain records and metadata.
Section 4.1 — Immutable Blockchain Records
|
Record Type |
Retention |
Notes |
|
Smart Contract Source Code |
Permanent |
All deployed Transfer Hook and CEDEX contracts |
|
Smart Contract Audits |
Permanent |
Quantstamp, Halborn, Certora formal verification reports |
|
Deployment Records |
Permanent |
Transaction signatures, program addresses on Solana |
|
Contract Upgrade History |
Permanent |
All Transfer Hook and CEDEX modifications |
Section 4.2 — ST22 Digital Securities Records
|
Record Type |
Retention |
Notes |
|
Custody Agreements |
Permanent |
Empire Stock Transfer tripartite agreements |
|
Common B / Series S Share Documentation |
Permanent |
Certificates of Designation, board resolutions, CUSIP assignments |
|
Token Minting Records |
Permanent |
Issuance documentation, Ledger Enterprise logs |
|
Transfer Hook Configurations |
Permanent |
All 42 control settings and parameter changes |
|
Custody Oracle Data |
7 years |
Ed25519 attestation logs (~400ms frequency) |
|
Token Holder Registry |
Permanent |
Off-chain holder information linked to Empire MSF |
|
Transaction Logs |
7 years |
Off-chain transaction records and analytics |
Section 4.3 — OTCM Utility Token Records
|
Record Type |
Retention |
Notes |
|
STO / Offering Documents |
Permanent |
All offering materials |
|
Token Purchase Agreements |
Permanent |
SAFT and subscription agreements |
|
Token Distribution Records |
Permanent |
All distributions and allocations |
|
Vesting Schedules |
7 years after full vesting |
Locked token records |
|
Staking Records |
7 years |
Staking activity and reward logs |
Section 4.4 — Wallet and Key Management
|
Record Type |
Retention |
Notes |
|
Company Wallet Addresses |
Permanent |
OTCM Protocol Solana Treasury, Staking Pool, all controlled wallets |
|
Key Generation / Ceremony Records |
Permanent |
Ledger Enterprise key ceremony documentation |
|
Multi-Sig Configurations |
Permanent |
3-of-5 and 5-of-9 signer requirements and changes |
|
Wallet Access Logs |
7 years |
Access and transaction logs |
|
Key Rotation Records |
7 years |
Key changes and justifications |
Section 4.5 — Platform Operations
|
Record Type |
Retention |
Notes |
|
Issuer Onboarding Records |
Permanent |
All issuer KYB documentation, board resolutions, Certificates |
|
CEDEX Trading Volume Data |
7 years |
Historical platform data |
|
Global Unified CEDEX Liquidity Pool Records |
7 years |
Pool configurations, balances, LP token burn records |
|
CPMM Parameters |
Permanent |
Historical bonding curve and AMM configurations |
|
Platform Incident Reports |
7 years |
Security incidents, outages, Transfer Hook failures |
Section 4.6 — Transfer Agent Records (Empire Stock Transfer)
Per SEC Rules 17Ad-6 and 17Ad-7:
|
Record Type |
Retention |
Notes |
|
Master Securityholder File |
Permanent |
DLT-based records under UCC Article 8 |
|
Transfer Journals |
6 years |
All transfers including on-chain ST22 transfers |
|
Stop Transfer Orders |
6 years |
Stop orders and releases |
|
Holder Correspondence |
6 years |
Written communications with securityholders |
|
Reconciliation Records |
6 years |
Daily on-chain vs. off-chain reconciliations |
Section 4.7 — Compliance Records
|
Record Type |
Retention |
Notes |
|
KYC/KYB/KYW Records |
5 years after account closure |
Bank Secrecy Act — Empire Stock Transfer onboarding |
|
AML Transaction Monitoring |
5 years |
Chainalysis KYT + TRM Labs screening logs |
|
SAR/CTR Filings |
5 years from filing |
BSA requirement — confidential |
|
OFAC Screening Records |
5 years |
Three-layer screening results and match resolution |
|
Accreditation Verification |
7 years |
Reg D / Reg S verification documentation via Empire |
Article V: Electronic Records Management
Section 5.1 — Email Retention
|
Category |
Retention |
Notes |
|
Business Critical |
Per subject matter schedule |
Contracts, legal, financial, regulatory |
|
Operational |
3 years |
Day-to-day business communications |
|
Transitory |
1 year |
Scheduling, routine inquiries |
|
Litigation Hold |
Until hold released |
All emails within hold scope |
Section 5.2 — Messaging and Collaboration
|
Platform |
Retention |
Notes |
|
Slack/Teams (Business) |
3 years |
Business channels |
|
Project Channels |
Life of project + 3 years |
Project-specific |
|
Confidential Channels |
7 years |
Legal, HR, Finance, Compliance |
|
Business SMS/Text |
3 years |
Business-related text messages |
Section 5.3 — Database and Backup Records
|
Type |
Retention |
Notes |
|
User Account Data |
7 years after closure |
Platform user records |
|
Transaction History |
7 years |
All CEDEX platform transactions |
|
Security/Audit Logs |
7 years |
Authentication, authorization, system access |
|
Daily Backups |
30 days rolling |
Rolling daily |
|
Monthly Backups |
24 months rolling |
Rolling monthly |
|
Annual Backups |
7 years |
Year-end snapshots |
|
Blockchain Node Data |
Permanent |
Full Solana node archives |
Article VI: Litigation Hold Procedures
Section 6.1 — Triggering Events
A Litigation Hold must be implemented upon: lawsuit filed (immediate), demand letter received (immediate), government investigation (immediate), reasonably anticipated litigation, regulatory inquiry (SEC, CFTC, FinCEN, OFAC), or internal investigation as directed by Legal Counsel.
Section 6.2 — Process
• Step 1: Legal Counsel identifies triggering event
• Step 2: Legal Counsel defines scope of hold
• Step 3: Legal Counsel + CTO identify custodians and systems
• Step 4: Legal Counsel issues written hold notice
• Step 5: All custodians suspend destruction of affected records
• Step 6: CTO + custodians collect and preserve relevant records
• Step 7: Legal Counsel documents preservation efforts
• Step 8: Legal Counsel monitors compliance with hold
• Step 9: Legal Counsel releases hold when appropriate
Section 6.3 — Hold Notice Requirements
All notices must include: effective date, general matter description, categories of records subject to hold, relevant date range, clear prohibition on destruction, contact person for questions, and requirement to acknowledge receipt.
Section 6.4 — Blockchain Records and Holds
On-chain data is immutable and requires no action. Standard hold procedures apply to off-chain metadata, wallet access logs, smart contract modification records, and platform analytics. Export and preserve relevant CEDEX data as needed.
Section 6.5 — Consequences of Non-Compliance
Non-compliance with litigation holds may result in: court-imposed spoliation sanctions, adverse inference instructions, monetary sanctions and cost-shifting, personal liability for individuals who destroy records, and employment termination for intentional destruction.
Article VII: Document Destruction
Section 7.1 — Conditions for Destruction
Records may only be destroyed when: minimum retention period has expired, no active or anticipated litigation hold exists, no pending audit requires the records, required approvals have been obtained, and destruction is properly documented.
Section 7.2 — Destruction Methods
|
Record Type |
Method |
|
Confidential Paper |
Cross-cut shredding or incineration |
|
Non-Confidential Paper |
Recycling acceptable |
|
Electronic Media |
Secure wiping (DoD 5220.22-M or NIST 800-88 equivalent) |
|
Hard Drives / SSDs |
Degaussing and physical destruction |
|
Cloud Data |
Certified deletion with written confirmation from provider |
|
Blockchain Data |
CANNOT be destroyed — document off-chain records only |
Section 7.3 — Documentation and Annual Cycle
All destruction must be documented with date, description of records, date range, method, authorizing person, performing person/vendor, and certificate of destruction. Annual cycle: January (identify eligible records), February (verify no holds/audits), March (obtain approvals), April (execute destruction), May (document and file certificates).
NEVER destroy records subject to a Litigation Hold, requested by regulators or auditors, before retention period has expired, without proper authorization, or that may be relevant to anticipated litigation.
Article VIII: Responsibilities
|
Role |
Key Responsibilities |
|
Board of Directors |
Approve Policy and material amendments; oversee compliance; review annual report |
|
CEO |
Set tone at top; allocate resources; hold departments accountable |
|
Legal Counsel |
Implement and manage litigation holds; advise on retention; monitor legal compliance; recommend updates |
|
CTO |
Oversee blockchain record retention; implement technical controls; manage backups; ensure secure storage and destruction |
|
Compliance Officer |
Day-to-day administration; conduct training; monitor compliance; prepare reports |
|
Department Heads |
Ensure proper retention within departments; train staff; authorize destruction; implement holds |
|
All Employees |
Comply with Policy; complete training; comply with litigation holds; report potential violations |
Article IX: Compliance and Enforcement
Section 9.1 — Training
|
Type |
Frequency |
Audience |
|
Initial Training |
Upon hire |
All employees |
|
Annual Refresher |
Annually |
All employees |
|
Blockchain-Specific |
Upon assignment |
Technical staff, CTO team |
|
Litigation Hold |
As needed |
Affected custodians |
Section 9.2 — Auditing
|
Audit Type |
Frequency |
Scope |
|
Compliance Audit |
Annually |
Policy compliance across all departments |
|
Systems Audit |
Annually |
Technical controls, backup integrity |
|
Blockchain Audit |
Quarterly |
On-chain / off-chain alignment, Transfer Hook logs |
|
Destruction Audit |
Annually |
Destruction practices and documentation |
Section 9.3 — Violations
Violations may result in verbal warning (minor/first-time), written warning (repeated/serious), termination (intentional destruction or serious violations), personal legal liability for spoliation, or regulatory penalties for non-compliance.
Section 9.4 — Reporting
Report violations to: Compliance Officer (compliance@otcm.io), Ethics Hotline (ethics@otcm.io), direct supervisor, or Legal Counsel (frank@otcm.io). The Company prohibits retaliation against anyone who reports a good faith concern.
Article X: Administration
Legal Counsel is the owner of this Policy. Annual review by Legal Counsel covers legal changes, technology changes, business changes, audit findings, and industry best practices. Administrative changes may be approved by Legal Counsel; retention schedule changes require CEO + Legal Counsel; material policy changes require Board approval.
Questions: compliance@otcm.io or frank@otcm.io.
Acknowledgment and Certification
I acknowledge that I have received and read the Groovy Company, Inc. dba OTCM Protocol Document Retention Policy. I understand its contents and agree to comply with all of its terms and conditions.
I understand that I am responsible for retaining records in accordance with this Policy and the applicable retention schedules. I agree to comply with any Litigation Hold notices and understand that failure to preserve records may result in serious consequences for the Company and for me personally.
|
Field |
|
|
Signature |
_________________________________ |
|
Date |
_________________________________ |
|
Printed Name |
_________________________________ |
|
Title / Position |
_________________________________ |
|
Department |
_________________________________ |
Document Information
|
Field |
Value |
|
Document ID |
OTCM-POL-DRP-001 |
|
Version |
8.0 |
|
Effective Date |
March 2026 |
|
Legal Entity |
Groovy Company, Inc. dba OTCM Protocol |
|
Entity Type |
Wyoming Corporation |
|
Governing Law |
Federal Securities Law, Wyoming Business Corporation Act, and New Jersey State Law |
|
Approved By |
Board of Directors |
© 2026 Groovy Company, Inc. dba OTCM Protocol | All Rights Reserved | CONFIDENTIAL