Data Retention Period
This policy outlines how long DigiMudra retains your personal data and our secure deletion practices.
Last Updated: January 1, 2025
DigiMudra retains your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy and to comply with our legal obligations under Indian law. This page provides a comprehensive overview of our data retention practices, schedules, and your rights regarding the data we hold.
Retention Schedule
| Data Category | Retention Period | Reason |
|---|---|---|
| Account Registration Data | 5 years after account closure | Legal and regulatory compliance |
| Transaction Records | 7 years from transaction date | RBI and tax regulations |
| KYC Documents (PAN, Aadhaar) | 5 years from last transaction | AML/KYC regulatory requirements |
| Wallet & Balance History | 7 years | Financial audit and dispute resolution |
| Communication Logs (Email/SMS) | 2 years | Customer support and legal disputes |
| Login & Access Logs | 1 year | Security monitoring and fraud detection |
| Cookie & Analytics Data | 1 year | Platform improvement |
| Support Tickets & Chats | 3 years | Quality assurance and dispute resolution |
| Bank Account Details | 5 years from last transaction | Fraud prevention and regulatory compliance |
1. What Data We Retain
DigiMudra retains personal data that is necessary for:
• Providing ongoing services and maintaining your account • Complying with legal, regulatory, and tax obligations imposed by Indian law • Resolving disputes, enforcing agreements, and preventing fraud • Improving our services through anonymized analytics
We do not retain data beyond the periods specified in our Retention Schedule unless required by law or for legitimate business purposes. Data that is no longer needed is securely deleted or anonymized.
2. Legal Basis for Retention
Our data retention practices comply with the following Indian laws and regulations:
• Information Technology Act, 2000 and IT (Amendment) Act, 2008 • Prevention of Money Laundering Act, 2002 (PMLA) • Reserve Bank of India (RBI) guidelines on KYC and AML • Income Tax Act, 1961 – requiring financial records for 7 years • The Payment and Settlement Systems Act, 2007 • Applicable SEBI regulations for financial services
These regulations mandate minimum retention periods for financial and identity-related data, which DigiMudra strictly adheres to.
3. Data Deletion Process
When data reaches the end of its retention period or when a user requests deletion (where legally permissible), DigiMudra follows this secure deletion process:
1. Identification: Our system flags data that has reached its retention limit. 2. Review: A data review is conducted to confirm no legal hold or ongoing dispute exists. 3. Secure Deletion: Data is permanently deleted from active databases using industry-standard secure deletion methods. 4. Backup Purge: Data is removed from backup systems within 90 days of the primary deletion. 5. Audit Log: A deletion record is maintained (without personal data) for compliance purposes.
Users will receive a confirmation email upon successful deletion of their account data.
4. Your Rights Regarding Data Retention
Under applicable Indian data protection law, you have the right to:
Right to Erasure: Request deletion of personal data that is no longer necessary for the purpose it was collected, subject to legal retention requirements.
Right to Restriction: Request that we restrict processing of your data while a deletion request is being reviewed.
Right to Access: Request details of what data we hold and for how long it will be retained.
Right to Object: Object to retention of data used for direct marketing or profiling.
Please note that we cannot delete data that is required to be retained under applicable law, such as transaction records mandated by RBI or PMLA guidelines.
To exercise these rights, contact: privacy@digimudra.in
5. Data Storage & Security During Retention
During the retention period, all data is stored with the following security measures:
• AES-256 encryption for data stored at rest in our servers • Access controls limiting data access to authorized personnel only • Regular security audits and penetration testing • Data is stored in servers located within India, complying with data localization requirements • Backup data is encrypted and stored in geographically separate secure locations • Data access is logged and monitored for unauthorized access attempts
We periodically review our retention practices to ensure they remain appropriate and compliant with evolving regulations.
6. Changes to This Policy
DigiMudra may update this Data Retention Policy to reflect changes in legal requirements or business practices. We will notify you of material changes through:
• Email notification to your registered email address • A prominent notice on the DigiMudra platform • Updated "Last Updated" date on this page
For any questions about this policy or our data retention practices, please contact our Data Protection Officer at: dpo@digimudra.in
For data-related requests or concerns, contact our Data Protection Officer at dpo@digimudra.in