Data Retention Policy

Last updated:February 18, 2024

Our Data Retention Policy aims to balance the need for data for business insights and regulatory compliance with the importance of data security and efficiency. Here’s why we believe in optimizing and minimizing data storage:

  • Enhanced Security: By storing less data, we reduce the risk of sensitive information being compromised.
  • Business Insights: We retain essential data to provide valuable insights and historical analysis.
  • Regulatory Compliance: Our data practices align with compliance and regulatory requirements.
  • Legal and Audit Needs: We ensure we meet legal and audit requirements without compromising on business needs.
  • Efficiency: Our practices promote high payment throughput in a stable environment.
  • Emergency Preparedness: Regular backups ensure we can recover quickly from any emergencies.
  • Improved User Experience: By expediting searches, we enhance the user experience.

We retain various types of data, including card, non-card, token, and file data, for a specific period during which customers can access, interact with, or audit the data.

Transaction Retention Policy

Payment Data

14 months

Includes:

  • Card or Bank
  • Wallet or Pre-payments
  • Direct Debits or Credit Transfers

Example:

  • Payment on 1-Feb-Y1
  • Chargeback on 1-Mar-Y1
  • Chargeback reversal on 5-Mar-Y1
  • All retained till 5-May-Y2

Risk Data

14 months

Includes:

  • 3D Secure
  • Exemptions
  • Any fraud management risks

Example:

  • Payment with risk on 1-Feb-Y1
  • Refund on 14-Feb-Y1
  • All retained till 14-Apr-Y2

Card Token Data

14 months post-card expiry

Includes:

Example:

  • Card expiry: Dec-Y1
  • Tokenized card during payment on 1-Feb-Y1
  • New token payment on 1-Mar-Y1
  • New token payment on 1-Apr-Y1
  • Token retained till 1-Mar-Y3
  • All payments retained 14 months

Non-Card Token Data

14 months

Includes:

Example:

  • Tokenized wallet during payment on 1-Feb-Y1.
  • New token payment on 1-Mar-Y1
  • New token payment on 1-Apr-Y1
  • Token retained till 1-Jun-Y2
  • All payments retained 14 months

Subscription Data

14 months post-card expiry

Includes:

  • Subscription scheduling
  • Subscription cancelling

Example:

  • Tokenized card on 1-Feb-Y1 (Expiry: Dec-Y1)
  • Token subscription on 1-Feb-Y1
  • Automatic scheduled payment on 1-Mar-Y1
  • Automatic scheduled payment on 1-Apr-Y1
  • Token and subscription retained till 1-Mar-Y3
  • All scheduled payments retained 14 months

Helper Account Data

14 months

Includes:

  • Account updater & BNPL discovery
  • Installment plans & Network tokens

Example:

  • Card network tokenized, payment initiated on 1-Feb-Y1
  • Network token and payment retained till 1-Apr-Y2

Any follow-up transaction extends the retention of the original payment with another 14 months.
Any other transaction type not covered above is retained 14 months.

File Retention Policy

Bank Files

3 months

SEPA files sent via EBICS for processing.

Clearing Files

3 months

Files sent to acquirer for offline processing.

Batch Files

3 months

Files (captures, chargebacks, etc.) sent for processing.

Reconciliation Files

3 months

Raw data files received from acquirers or providers.

Settlement Files

3 months

Files unifying reconciliation records.

Transaction Files

28 days

Data files exported to client’s SFTP account.

Token Import Files

3 months

Token files received from provider’s SFTP.

Backup Files

1 month

Secured database backups for business continuity.

Monitoring Files

1 month

Daily exported files containing user/system activity events (audit logged events) sent to the customer’s SFTP.

User and System Activity Retention Policy

Inactive user contacts

36 months

Inactive users of type SEND or MOTO who have not attempted to log in for the past 36 months.

Audit logged events

14 months

Records of actions performed by users, APIs, or applications, used for auditing and verifing changes within the system.