Data Retention Schedule
Effective: 30 June 2026
We keep personal data only as long as needed for the purpose it was collected, then delete or anonymize it. This schedule summarizes typical retention by data type; a legal hold or a regulatory duty may extend a period.
1.Account & profile
Kept while your account is active and for up to 12 months after a deletion request is completed (for audit and fraud-prevention), then removed.
2.Trust Mark & service applications
Kept for the engagement and up to 24 months afterward to support certificates, reports, and any disputes.
3.Uploaded documents
Stored in your private space; removed on account deletion or when no longer needed for the engagement. Reviewer access is logged.
4.Contact requests
Kept up to 12 months from the last contact to handle follow-ups, then removed.
5.Identity verification (KYC) status
Only a unified status and an applicant identifier are kept (never identity documents), for as long as required by the licensed verification partner and applicable AML duties.
6.Audit logs
Security and admin-action logs are kept up to 24 months for accountability and incident investigation.
7.Notifications
In-app notifications are kept up to 12 months.
8.Backups
Encrypted backups roll off on their normal cycle; deleted data persists in backups only until that backup expires.