Legal Document
Data Retention Policy
This Data Retention Policy describes what personal and financial data PesaNet, Inc. collects, how long we retain it, the legal basis for each retention period, and how data is disposed of when the retention period expires. This policy applies to all data processed in connection with the PesaNet wallet, P2P transfer, virtual card, peer lending, and agent services.
PesaNet retains data only as long as necessary for the purpose for which it was collected, or as required by applicable law. We do not retain data for commercial purposes beyond what is described in this policy.
1. Retention Principles
Minimum Necessary
We retain data for the shortest period that satisfies our legal and operational obligations.
Purpose Limitation
Retained data is used only for the purpose for which it was originally collected, except where law requires otherwise.
Secured in Retention
Data in retention is subject to the same security controls as active data — encryption, access controls, and audit logs.
Documented Basis
Every retention period in this policy is supported by a specific legal, regulatory, or legitimate business basis.
Systematic Disposal
Expired data is deleted or anonymised on a scheduled basis. We do not accumulate data indefinitely.
Regulatory Priority
Mandatory retention requirements under the BSA, EFTA, IRS, and state law override any right-to-erasure requests.
2. Retention Schedule
The table below is the authoritative record of PesaNet's data retention periods. "Account closure" means the date on which the account was closed, whether by the user or by PesaNet. All periods begin from the stated reference date.
Identity & KYC
| Data Category | Retention Period | Disposal Action |
|---|---|---|
| Full legal name, date of birth, address, TIN | 5 years post-account closure | Deleted |
| Government-issued ID documents (passport, driver's licence, national ID) | 5 years post-account closure | Deleted |
| Biometric facial match scores (not raw biometric data) | 5 years post-account closure | Deleted |
| KYC tier / verification status history | 5 years post-account closure | Deleted |
Financial Transactions
| Data Category | Retention Period | Disposal Action |
|---|---|---|
| Wallet deposit, withdrawal, and transfer records | 5 years from transaction date | Deleted |
| P2P payment records (sender, recipient, amount, timestamp) | 5 years from transaction date | Deleted |
| ACH / bank transfer records (via Plaid) | 5 years from transaction date | Deleted |
| Virtual card transaction records (Visa network) | 5 years from transaction date | Deleted |
| Agent cash-in / cash-out records | 5 years from transaction date | Deleted |
Regulatory Filings
| Data Category | Retention Period | Disposal Action |
|---|---|---|
| Suspicious Activity Reports (SARs) and supporting documentation | 5 years from filing date | Archived (law enforcement access only) |
| Currency Transaction Reports (CTRs) | 5 years from filing date | Archived (law enforcement access only) |
| OFAC sanctions screening records and match/non-match logs | 5 years | Deleted |
Peer Lending Records
| Data Category | Retention Period | Disposal Action |
|---|---|---|
| Loan offer terms, accepted loan agreements | 5 years from loan closure | Deleted |
| Loan application data (income info, source-of-funds declarations) | 5 years from loan closure | Deleted |
| Repayment history and default records | 5 years from loan closure | Deleted |
Tax & Financial Reporting
| Data Category | Retention Period | Disposal Action |
|---|---|---|
| IRS Form 1099 (interest, miscellaneous income) filings | 7 years | Deleted |
| Annual income and fee summaries provided to users | 7 years | Deleted |
Disputes, Legal & Compliance
| Data Category | Retention Period | Disposal Action |
|---|---|---|
| Error / dispute submissions and resolution records | 5 years from resolution | Deleted |
| Chargeback records | 5 years from chargeback date | Deleted |
| Legal hold documents (court orders, subpoenas) | Duration of legal hold + 5 years | Archived (legal team only) |
| Regulatory examination records | 5 years post-examination | Archived |
Security & Access Logs
| Data Category | Retention Period | Disposal Action |
|---|---|---|
| Authentication logs (login events, failed attempts) | 2 years | Deleted |
| Device fingerprints and trusted device registrations | 2 years after device removed or account closure | Deleted |
| IP addresses (application-level logs) | 12 months | Deleted |
| Admin and staff access logs | 3 years | Deleted |
| Transaction monitoring alerts and investigation notes | 5 years | Archived (compliance team only) |
Personal & Operational Data
| Data Category | Retention Period | Disposal Action |
|---|---|---|
| Email address and phone number | Account lifetime + 30 days | Deleted |
| Payment methods (Plaid bank tokens, Stripe card tokens) | Account lifetime; tokens revoked on deletion | Deleted / Revoked |
| App usage analytics (anonymised, aggregated) | 24 months rolling | Anonymised |
| Customer support communications | 3 years from last communication | Deleted |
| Marketing consent and communication preferences | Until consent withdrawn or account deleted | Deleted |
3. Security of Retained Data
All data retained beyond account closure is subject to the same technical and organisational security measures as active account data:
- AES-256 encryption at rest; TLS 1.3 for all data in transit
- Strict role-based access controls — only compliance, legal, and designated engineering staff may access retained records
- Multi-factor authentication required for all staff accessing production data stores
- Audit logs of all access to retained records, retained for 3 years
- Annual third-party penetration testing of data storage infrastructure
- Archived regulatory records are stored in isolated, air-gapped storage partitions
4. Data Disposal Process
When a retention period expires, data is disposed of through the following certified processes:
Cryptographic erasure
Encryption keys for retained data are destroyed, rendering the data permanently unreadable without physical deletion of the underlying storage medium.
Secure deletion
Database records are overwritten using NIST 800-88 compliant techniques before storage deallocation.
Anonymisation
Where deletion is not technically feasible (e.g., aggregated analytics), data is irreversibly anonymised such that re-identification is not possible.
Certificate of destruction
For hardware disposal, we obtain certificates of destruction from our hardware destruction vendor.
5. Interaction with Your Privacy Rights
This Data Retention Policy should be read alongside our Privacy Policy. The right to erasure under GDPR and CCPA applies to data we hold voluntarily — it does not override our mandatory retention obligations under the Bank Secrecy Act, FinCEN regulations, IRS requirements, and other applicable law. Where a legal retention obligation exists, we will inform you of the specific legal basis and the earliest date on which deletion can occur.
To exercise your privacy rights or enquire about data we hold relating to your account, contact our Privacy Team at privacy@pesanet.app or review our Account Deletion Policy.
6. Policy Review and Updates
This policy is reviewed annually by the Chief Privacy Officer and updated as required by changes in applicable law, regulatory guidance, or our data processing practices. Material changes will be communicated via in-app notification at least 30 days before they take effect. The version history is maintained internally and available to regulators upon request.
Contact
Privacy enquiries
privacy@pesanet.appData Protection Officer
dpo@pesanet.appCompliance & legal
compliance@pesanet.app