All Nigeria policiesUser policy

Data Retention Policy

Version: v1 draft Status: Draft for Nigerian counsel, privacy, security, and operations review

Retention Principles

ZenWave should keep personal data only as long as needed for product operation, safety, account security, verification, disputes, payment-provider requirements, fraud prevention, legal compliance, tax/accounting, audit logs, and legitimate business records.

Different data types need different retention periods. Before launch, counsel, privacy, security, finance, support, and operations should approve a written retention schedule and review it at least annually or after major product/legal changes.

Common Data Categories

  • Account and profile data.
  • Phone/email verification and OTP audit data.
  • Trust Passport and identity review data.
  • Support tickets and user reports.
  • Safety session and guardian data.
  • Community content and moderation records.
  • Payment provider references, ledger records, refunds, disputes, and reconciliation data.
  • Security logs, device/session records, fraud signals, and abuse evidence.
  • Seller, event, listing, order, delivery, payout, tax/accounting, chargeback, and consumer complaint records where enabled.

Retention Schedule Baseline

Product/legal owners should approve final periods before launch. Until then, use conservative defaults:

  • Active account/profile data: keep while the account is active.
  • Deleted account profile data: delete or de-identify user-facing profile data after account closure unless a legal, safety, fraud, payment, dispute, tax/accounting, or audit hold applies.
  • OTP/session/security logs: keep only as long as needed for account security, abuse prevention, and audit review.
  • Trust Passport and verification records: keep while verification is active and for a limited post-closure period needed for fraud, safety, dispute, legal, or provider review.
  • Payment, refund, chargeback, order, payout, ledger, and reconciliation records: retain for provider, accounting, dispute, audit, and legal limitation periods.
  • Safety reports, moderation evidence, support tickets, and law-enforcement records: retain according to severity, appeal windows, repeat-abuse prevention, legal holds, and safety risk.
  • Analytics and product logs: aggregate, anonymize, or de-identify wherever practical.

Deletion and Restriction

Users may request deletion or restriction, but ZenWave may retain some records where needed for legal obligations, fraud prevention, unresolved disputes, safety investigations, payment-provider rules, tax/accounting needs, audit logs, or legal claims.

When retention grounds expire, ZenWave should securely delete, destroy, or irreversibly de-identify unnecessary data.

Law Enforcement Requests

ZenWave should require lawful, specific, and appropriately authorized requests before disclosing user data to law-enforcement or government bodies, unless emergency disclosure is legally permitted and necessary to prevent serious harm.

Law enforcement contact: legal@zenwave.com

Emergency and Safety Requests

Emergency requests should be routed to trained staff. ZenWave should verify the request, preserve relevant records, minimize disclosure, and document the decision.

Review Notes

Counsel should confirm Nigerian data-protection, cybercrime reporting, payment-provider, consumer protection, and evidence-preservation requirements before launch.