Data Retention and Deletion Policy
This draft policy explains how long Nodal Pay plans to keep different categories of data once the platform launches, and how deletion requests and account closure are expected to work.
1. Purpose and principles
This Data Retention and Deletion Policy is issued by [LEGAL ENTITY NAME] ("Nodal Pay", "we", "us"). It describes how long we plan to retain personal data and platform records once the Nodal Pay application launches, and how we plan to delete or anonymise that data when it is no longer needed. It should be read together with our Privacy Policy, which explains what data we plan to collect and why.
Our approach is designed around a small set of principles:
- Retain only as long as needed. We plan to keep data only for as long as it is required for the purpose it was collected, running your account, processing protected payments, resolving disputes, and meeting legal obligations.
- Law may require longer retention. Records connected to payments, identity verification, and financial transactions are expected to be subject to statutory retention periods under applicable law, including the Information Technology Act 2000, the Digital Personal Data Protection Act 2023, and applicable RBI regulations as they apply to our regulated payment partners. Where the law requires a longer period, the legal requirement will prevail over a deletion request.
- Delete or anonymise at the end. When a retention period ends, data is planned to be deleted, or irreversibly anonymised so that it no longer identifies any person.
- Partner requirements apply. The final payment and fund handling structure will depend on applicable law and the regulated payment partners we work with, and their record keeping obligations may shape the retention periods that apply to transaction data.
Because Nodal Pay is currently under development, all retention periods described below are indicative. A finalised schedule, reviewed against applicable law and partner requirements, will be published before launch.
2. Planned retention schedule
The table below sets out our indicative retention approach for each major category of data. None of these periods are final, and none should be read as a commitment to a specific duration until this policy is finalised.
| Data category | Indicative retention approach | Notes |
|---|---|---|
| Account and profile data | For the life of the account, plus a limited wind down period after closure to complete outstanding matters. | Includes name, contact details, and profile settings. Basic closure records may be kept longer where applicable law requires. |
| KYC and verification data | For the life of the account plus a statutory period required under applicable law. | Identity verification records are expected to carry mandatory retention obligations. See the KYC and Verification Policy. |
| Deal records and Deal Cards | For as long as the deal and any related dispute or claim remains open, plus a period sufficient to meet legal and audit requirements. | Deal Cards form the agreed record of a transaction, so both parties may rely on them in a dispute. See the Dispute Resolution Policy. |
| Safe Deal Room messages and media | For the duration of the deal and any dispute window, after which content is planned to be deleted or anonymised on a scheduled basis. | Messages and media may be preserved longer where they are evidence in an open dispute, complaint, or legal matter. |
| Transaction and settlement records | For the life of the account plus a statutory period required under applicable law and by our regulated payment partners. | Financial records typically carry the longest mandatory retention periods and are generally not deletable on request. |
| Device and log data | For a short rolling period appropriate for security monitoring, fraud prevention, and troubleshooting. | Logs connected to a security incident or investigation may be preserved for the duration of that matter. |
| Support and grievance records | For a period after the ticket or grievance is closed, sufficient to meet legal, audit, and service quality needs. | Grievance records may be subject to specific retention expectations under applicable law. See the Grievance Redressal Policy. |
3. Deletion requests
Once the platform is live, we plan to offer two ways to request deletion of your personal data:
- In the app. A deletion request option is planned within the account settings of the Nodal Pay app.
- By email. You will be able to write to [SUPPORT EMAIL] from your registered email address, asking us to delete your data.
When we receive a valid request, we plan to verify your identity, confirm the scope of the request, and then delete or anonymise the data we are not required to keep. We expect to acknowledge requests promptly and to tell you what was deleted and what was retained, and why.
3.1 What may be retained despite a deletion request
Some data cannot be deleted immediately, or at all, even when you ask. We may retain data where:
- applicable law or a regulator requires us or our regulated payment partners to keep it, most commonly transaction, settlement, and KYC records;
- it is needed for an open deal, dispute, refund, chargeback, or grievance;
- it is reasonably required to establish, exercise, or defend legal claims, or to comply with a court or government order; or
- it is needed to prevent fraud or abuse, including records connected to suspended or banned accounts under the Acceptable Use Policy and the AML and Prohibited Activities Policy.
Data retained on these grounds is planned to be restricted from ordinary use, kept only for the specific legal or protective purpose, and deleted once that purpose ends.
4. Account closure
The planned account closure flow works as follows:
- You request closure in the app or by contacting support.
- We check for open deals, pending payments, unresolved disputes, and outstanding grievances. Closure is expected to be paused until these are completed, so that neither party to a deal loses access to records they may need.
- Once the account is clear, it is deactivated and no longer visible or usable.
- Personal data not subject to a statutory or protective retention ground is then queued for deletion or anonymisation in line with the schedule above.
Closing your account does not erase records that our regulated payment partners are independently required to keep under applicable law.
5. Backups and staged deletion
Like most platforms, Nodal Pay is expected to keep encrypted backups for resilience and disaster recovery. When data is deleted from live systems, copies may persist in backups for a limited further period until those backups expire and are overwritten on a rolling schedule.
Backup copies are planned to be protected by access controls, excluded from ordinary processing, and never restored for routine use. If a backup must be restored after you have requested deletion, we plan to re apply the deletion to the restored data.
6. Anonymised data
Instead of deleting some records outright, we may irreversibly anonymise them, removing or transforming anything that could identify you, and retain the anonymised result for purposes such as service analytics, fraud pattern research, and product improvement. Once data has been genuinely anonymised, it is no longer personal data and falls outside the scope of deletion requests.
7. Changes to this policy
This is a pre launch draft and will change. A finalised version, reviewed by qualified legal counsel against applicable law and the requirements of our regulated payment partners, will be published before launch. After launch, material changes are planned to be notified through the app or by email, with the "Last updated" date above revised accordingly.
8. Contact
Questions about this draft policy can be sent to [SUPPORT EMAIL]. For a full picture of how we plan to handle personal data, please read the Privacy Policy. Concerns that are not resolved through support can be escalated under our Grievance Redressal Policy.