GoldWalt

Data Retention Policy

Supplements the Privacy Policy. Describes how long GOLD WALT INDIA (OPC) PRIVATE LIMITED retains personal and transactional data.

Last Updated: 17 May 2026

1. Principles

  • Retain data only as long as needed for the purpose collected or as required by law.
  • Apply encryption and access controls during retention.
  • Delete or anonymize when no longer required.

2. Retention Schedule (Indicative)

Account profile

While account is active; after deletion request, removed after grace period except legal holds.

KYC records

While active and typically up to 7 years after last transaction or account closure as required by PMLA/tax/audit law (confirm with counsel).

Transactions & payments

Typically up to 7 years for financial and tax records.

Support tickets & uploads

For the duration of the ticket plus a reasonable period for disputes (internal policy).

OTP records

Short term (minutes to days) until used or expired.

API logs

Rolling retention per security policy; may contain encrypted request metadata.

Price-lock sessions

Purged after approximately 180 days when expired (configurable).

FCM tokens

Until logout, deletion, or token refresh.

3. Account Deletion Flow

  1. User requests deletion in-app or by email.
  2. Account marked deleted; sessions and SIPs cancelled.
  3. 14-day grace: recovery possible via OTP login.
  4. After grace: permanent deletion/anonymization except legally required records.
  5. Same mobile number may not be allowed to re-register.

4. Backups

Encrypted backups may retain deleted data until overwritten in rotation. Backups are not used to restore deleted accounts except for disaster recovery.

5. Processors

Partners (Cashfree, KYC vendors, AWS, Firebase, MSG91) retain data under their policies; we require deletion or return where contractually feasible.

6. Your Requests

Contact support@goldwalt.com for retention questions or correction requests. Grievance timelines apply per the Privacy Policy.