- Get Started
- Guides
- Integrations
- References
- API Reference
- Basic Payment
- Forex
- Authentication
- Card Account
- Apple Pay
- Virtual Account
- Bank Account
- Token Account
- Customer
- Billing Address
- Merchant Billing Address
- Shipping Address
- Merchant Shipping Address
- Merchant
- Corporate
- Recipient
- Marketplace & Cart
- Airline
- Lodging
- Passenger
- Tokenization
- Recurring Migration
- 3D Secure
- Custom Parameters
- Async Payments
- Webhook notifications
- Job
- Risk
- Point of Sale
- Response Parameters
- Card On File
- Chargeback
- Result Codes
- Payment Methods
- Transaction Flows
- Regression Testing
- Data Retention Policy
- API Reference
- Support
Data Retention Policy
Last updated:October 24, 2024
Our Data Retention Policy aims to balance the need for data for business insights and regulatory compliance with the importance of data security and efficiency. Here’s why we believe in optimizing and minimizing data storage:
- Enhanced Security: By storing less data, we reduce the risk of sensitive information being compromised.
- Business Insights: We retain essential data to provide valuable insights and historical analysis.
- Regulatory Compliance: Our data practices align with compliance and regulatory requirements.
- Legal and Audit Needs: We ensure we meet legal and audit requirements without compromising on business needs.
- Efficiency: Our practices promote high payment throughput in a stable environment.
- Emergency Preparedness: Regular backups ensure we can recover quickly from any emergencies.
- Improved User Experience: By expediting searches, we enhance the user experience.
We retain various types of data, including card, non-card, token, and file data, for a specific period during which customers can access, interact with, or audit the data.
Transaction Retention Policy
Payment Data
14 months
Includes:
- Card or Bank
- Wallet or Pre-payments
- Direct Debits or Credit Transfers
Example:
- Payment on 1-Feb-Y1
- Chargeback on 1-Mar-Y1
- Chargeback reversal on 5-Mar-Y1
- All retained till 5-May-Y2
Risk Data
14 months
Includes:
- 3D Secure
- Exemptions
- Any fraud management risks
Example:
- Payment with risk on 1-Feb-Y1
- Refund on 14-Feb-Y1
- All retained till 14-Apr-Y2
Card Token Data
14 months post-card expiry
Includes:
- Registration tokens (eCommerce only)
Example:
- Card expiry: Dec-Y1
- Tokenized card during payment on 1-Feb-Y1
- New token payment on 1-Mar-Y1
- New token payment on 1-Apr-Y1
- Token retained till 1-Mar-Y3
- All payments retained 14 months
Non-Card Token Data
14 months
Includes:
- Registration tokens (eCommerce only) Retention adjustable for up to 24 months.
Example:
- Tokenized wallet during payment on 1-Feb-Y1.
- New token payment on 1-Mar-Y1
- New token payment on 1-Apr-Y1
- Token retained till 1-Jun-Y2
- All payments retained 14 months
Subscription Data
14 months post-card expiry
Includes:
- Subscription scheduling
- Subscription cancelling
Example:
- Tokenized card on 1-Feb-Y1 (Expiry: Dec-Y1)
- Token subscription on 1-Feb-Y1
- Automatic scheduled payment on 1-Mar-Y1
- Automatic scheduled payment on 1-Apr-Y1
- Token and subscription retained till 1-Mar-Y3
- All scheduled payments retained 14 months
Helper Account Data
14 months
Includes:
- Account updater & BNPL discovery
- Installment plans & Network tokens
Example:
- Card network tokenized, payment initiated on 1-Feb-Y1
- Network token and payment retained till 1-Apr-Y2
Any follow-up transaction extends the retention of the original payment with another 14 months.
Any other transaction type not covered above is retained 14 months.
Any other transaction type not covered above is retained 14 months.
File Retention Policy
Bank Files
3 months
SEPA files sent via EBICS for processing.
Clearing Files
3 months
Files sent to acquirer for offline processing.
Batch Files
3 months
Files (captures, chargebacks, etc.) sent for processing.
Reconciliation Files
3 months
Raw data files received from acquirers or providers.
Settlement Files
3 months
Files unifying reconciliation records.
Transaction Files
3 months
Data files exported to client’s SFTP account.
Token Import Files
3 months
Token files received from provider’s SFTP.
Backup Files
1 month
Secured database backups for business continuity.
Monitoring Files
1 month
Daily exported files containing user/system activity events (audit logged events) sent to the customer’s SFTP.
User and System Activity Retention Policy
Inactive user contacts
36 months
Inactive users of type SEND or MOTO who have not attempted to log in for the past 36 months.
Audit logged events
14 months
Records of actions performed by users, APIs, or applications, used for auditing and verifing changes within the system.