Giddings Consulting Group
Organized nonprofit records management system
Back to Insights
Board Development

Nonprofit Document Retention Policy: Template and Guide

Drew Giddings
Drew GiddingsFounder & Principal Consultant
April 11, 2026
13 min read

Every nonprofit needs a document retention policy. This guide covers legal requirements, retention periods for common documents, and a customizable template.

Key Takeaways

Form 990 asks whether your organization has a written document retention and destruction policy
Keep permanently: articles of incorporation, bylaws, board minutes, IRS determination letter, audited financials
Keep 7 years: tax returns, financial records, donor acknowledgments, personnel files, contracts
When litigation is threatened, immediately suspend destruction of related records (legal hold)
Electronic records are subject to the same retention requirements as paper records

Why Document Retention Policies Matter

Every nonprofit should maintain a written document retention policy. It serves three purposes:

  • Legal compliance — Federal and state laws require certain records to be kept for specific periods
  • Operational efficiency — Prevents both premature destruction of important records and unnecessary accumulation
  • Governance requirement — Form 990 asks whether your organization has a written document retention and destruction policy

    • Without a written policy, organizations often either keep everything forever (creating storage problems and liability risks) or destroy documents inconsistently (creating compliance problems and audit difficulties).

    Document Retention Periods

    The following retention schedule reflects common best practices. Your specific requirements may vary based on state law and funder requirements.

    Permanent Records (Keep Forever)

    • Articles of incorporation and all amendments
    • Bylaws and all amendments
    • IRS determination letter and 501(c)(3) application (Form 1023)
    • Tax-exempt status correspondence with IRS
    • Board meeting minutes
    • Board resolutions
    • Annual financial statements (audited or reviewed)
    • Annual reports to membership or public
    • Strategic plans and major policy documents
    • Trademark registrations and intellectual property filings
    • Real estate deeds and property records
    • Endowment gift agreements and restricted fund documentation

    10+ Years

    • Grant files (typically 7 years after grant close, but 10+ for federal grants)
    • Tax returns (Form 990 and supporting documents)
    • Workers' compensation records
    • Employee benefit plan records
    • Pension and retirement records

    7 Years

    • Bank statements and canceled checks
    • Accounts payable and receivable records
    • General ledgers
    • Expense reports
    • Payroll records
    • Donor acknowledgment letters
    • Credit card statements
    • Financial software backup data
    • Legal contracts (7 years after expiration or termination)
    • Insurance policies (7 years after expiration)
    • Personnel files (7 years after termination)

    3-4 Years

    • Employment applications (not hired)
    • Form I-9 immigration records (3 years after hire or 1 year after termination, whichever is later)
    • Training records
    • Time sheets
    • Vendor invoices
    • Purchase orders

    1-2 Years

    • General correspondence without legal significance
    • Internal memoranda
    • Routine administrative records
    • Subscription receipts
    • Non-essential reports

    Document Retention Policy Template

    [ORGANIZATION NAME]

    Document Retention and Destruction Policy

    Effective Date: [Date]

    #### 1. Purpose

    This policy provides guidelines for the retention and destruction of organizational records to ensure compliance with legal requirements, protect institutional memory, and manage information resources efficiently.

    #### 2. Scope

    This policy applies to all records created, received, or maintained by [Organization Name], regardless of format (paper, electronic, audio, video).

    #### 3. Responsibility

    The [Executive Director / Operations Manager / designated Records Officer] is responsible for:

    • Implementing this policy
    • Training staff on retention requirements
    • Coordinating annual record review and destruction
    • Maintaining the retention schedule
    • Suspending destruction in response to legal holds
    #### 4. Retention Schedule

    [Insert the retention schedule from the sections above, customized for your organization]

    #### 5. Electronic Records

    Electronic records are subject to the same retention requirements as paper records. The organization will:

    • Maintain electronic backup systems for all critical records
    • Ensure electronic records remain accessible despite software or format changes
    • Apply retention schedules to email, documents, databases, and cloud-stored files
    • Implement secure destruction procedures for electronic records
    #### 6. Email Retention

    Email messages should be managed according to their content, not their format:

    • Routine correspondence: 1-2 years
    • Business decisions and transactions: 7 years
    • Legal matters: as specified in the retention schedule
    • Personnel matters: as specified in personnel record requirements
    • Board communications: 7 years (or as board minutes)
    Personal email accounts should not be used for organizational business.

    #### 7. Legal Hold

    In the event of actual or threatened litigation, government investigation, audit, or other legal proceeding, all document destruction must be immediately suspended for records related to the matter. The legal hold remains in effect until the matter is resolved and written authorization to resume destruction is received.

    Failure to preserve records during legal holds can result in sanctions, adverse inferences, and criminal liability.

    #### 8. Destruction Procedures

    When records reach the end of their retention period, they will be destroyed as follows:

  • Confidential paper records (financial, personnel, donor): Shredded on-site or by bonded destruction service
  • Non-confidential paper records: Recycled or disposed
  • Electronic records: Permanently deleted, with backup copies overwritten or destroyed
  • Physical media (CDs, DVDs, hard drives): Physically destroyed

    • A destruction log will be maintained documenting:

    • Type of records destroyed
    • Date of destruction
    • Method of destruction
    • Name of person authorizing destruction
    #### 9. Annual Review

    The [Records Officer] will conduct an annual review of organizational records to:

    • Identify records eligible for destruction
    • Update the retention schedule based on legal or business changes
    • Train new staff on retention requirements
    • Report compliance to the Board
    #### 10. Policy Modifications

    This policy will be reviewed by the Board annually and modified as needed to reflect changes in laws, regulations, or organizational practices.

    Electronic Records Management

    Most nonprofit records today are electronic. Consider:

    Storage Systems

  • Cloud storage (Google Drive, Dropbox, OneDrive) — Accessible but requires backup strategy
  • Document management systems — Better for version control and access tracking
  • Local servers — Full control but requires IT infrastructure

    • Backup Strategy

  • 3-2-1 rule: 3 copies of important data, on 2 different media, with 1 copy off-site
    • Regular automated backups
    • Periodic restoration testing
    • Disaster recovery plan

    Access Controls

    • Role-based permissions (not everyone needs access to everything)
    • Password policies and multi-factor authentication
    • Audit logs showing who accessed what and when
    • Regular access reviews when staff changes

    Special Considerations

    Donor Records

    Donor records contain sensitive information and have specific retention considerations:

    • Maintain donor history permanently for recognition and stewardship purposes
    • Retain gift acknowledgment letters for 7 years (supporting donor tax deductions)
    • Store sensitive donor information (credit cards, bank accounts) securely or not at all
    • Follow PCI DSS requirements for any payment card data

    Grant Records

    Federal grant records have strict retention requirements:

    • Retain for 3 years after final expenditure report (standard Uniform Guidance requirement)
    • Extend retention during any audit or investigation
    • Include all documentation of grant activities, expenditures, and outcomes
    • Maintain proof of program eligibility and participant outcomes

    Personnel Records

    Personnel records have overlapping federal and state requirements:

    • Basic employment records: 7 years after termination
    • Form I-9: 3 years after hire or 1 year after termination (whichever is later)
    • FLSA payroll records: 3 years minimum
    • OSHA records: 5 years
    • Benefits records: 6 years after plan ends
    • Medical records: 30 years after termination (OSHA)

    Donor-Restricted Funds

    Records supporting donor restrictions on charitable gifts should be maintained permanently:

    • Gift agreements and correspondence establishing restrictions
    • Documentation of how restrictions were met
    • Records of any modifications to restrictions
    • Evidence of compliance with donor intent

    Frequently Asked Questions

    Do we really need to keep records permanently?

    Some records, yes. Articles of incorporation, bylaws, board minutes, and IRS determination letters should be kept permanently because they establish the organization's legal existence and governance history. These records may be needed decades later.

    Can we scan paper records and destroy originals?

    Yes, for most records. Scanned copies are generally legally equivalent to originals if the scanning process preserves accuracy. Exceptions include records requiring original signatures (some contracts) and documents with specific original retention requirements.

    What happens if we destroy records we should have kept?

    Consequences range from inability to defend against audits, to legal sanctions during litigation, to loss of tax-exempt status in severe cases. The cost of unnecessarily keeping records is almost always lower than the cost of missing critical records.

    How long should we keep Form 990?

    Form 990 and supporting documents should be kept for at least 7 years from the filing date. Some advisors recommend permanent retention given the ease of storage and the IRS's ability to audit indefinitely in cases of fraud.

    Governance Support

    A document retention policy is one of several governance documents every nonprofit should maintain. Giddings Consulting Group helps organizations develop comprehensive governance frameworks including retention policies, conflict of interest policies, and whistleblower procedures.

    Contact us for governance consulting support.

    document retention policynonprofit recordsrecords managementnonprofit governancecompliance
    Share this article
    Drew Giddings

    About the Author

    Drew Giddings

    Founder & Principal Consultant

    Drew Giddings brings more than two decades of experience working with mission-driven organizations to strengthen their capacity for equity and community impact. His work focuses on helping nonprofits build sustainable strategies that center community voice and create lasting change.

    Ready to Transform Your Organization?

    Let's discuss how equity-centered strategic planning can strengthen your mission and community impact.

    Schedule a Consultation

    Stay Connected

    Get nonprofit leadership insights delivered to your inbox. Practical tools, real examples, and sector updates you can use right away.

    Join nonprofit leaders who get practical strategy, governance tips, and sector updates every month.

    Subscribe to Newsletter

    We respect your privacy. Unsubscribe anytime.

    Schedule a 60-minute strategy session.

    Explore more insights and resources.