Data Retention & Storage
This page explains general retention principles for Grosh-e. Some records may be retained for regulatory, security, audit, and dispute-resolution purposes.
Important: Financial services often require keeping certain records (such as transactions and verification records) for legally mandated periods. Retention is purpose-limited and access-controlled.
Retention Principles
- Purpose limitation: we keep information only for purposes related to providing the service, security, compliance, and support.
- Minimum necessary: we aim to collect and retain only what is needed for the stated purposes.
- Restricted access: access to retained records is limited to authorized personnel and systems.
- Deletion/anonymization: when retention is no longer needed, data may be deleted or anonymized, subject to legal obligations and technical constraints.
Retention by Category (Indicative)
| Category | Why we keep it | Retention approach | Deletion trigger (examples) |
|---|---|---|---|
| Account profile & identifiers | Account administration, customer support, security, and service delivery. | Kept while the account is active; some elements may be retained after closure where required for compliance, audit, or disputes. | Account closure + end of applicable legal/compliance retention. |
| Phone verification & OTP records | Authenticate users, prevent fraud, and protect accounts. | Kept as needed for security and compliance monitoring; certain records may be retained where required by law or for incident investigation. | Security investigation completion + end of applicable retention. |
| Transaction records | Execute, reconcile, and prove transactions; resolve disputes; comply with financial regulations. | Often retained for legally mandated periods applicable to financial records and audits. | End of regulatory retention period (where applicable). |
| Identity verification (KYC) records | Verify identity, prevent identity fraud, and comply with regulated financial service requirements. | May be retained for legally mandated compliance periods and auditability, depending on applicable regulations. | End of compliance retention; legal hold removal (if any). |
| Support communications | Provide support, investigate issues, and keep a record of requests. | Kept as needed to address the request and for quality/security/audit purposes where applicable. | Issue resolution + operational retention; longer retention if linked to disputes or compliance. |
| Device, security & fraud-prevention logs | Protect accounts, detect abuse, and maintain system integrity. | Kept as needed for security monitoring and investigations; some logs may be retained for audit and compliance. | Investigation completion + end of applicable retention. |
| Push notification token | Deliver service and security notifications. | Kept while notifications are enabled and the token remains valid; may be replaced/rotated by the device. | Notifications disabled, token invalidated, or account closure. |
| Optional permission data (contacts/location) | Enable user-requested features (for example, recipient selection or security checks). | Used only where you enable the feature/permission; retention depends on the feature and regulatory/security requirements. | Permission revoked + end of need; account closure. |
For related practices, see Privacy Policy and Account Deletion.
Device Storage
Some information may be stored on your device to help the app function (for example, preferences or cached content). You can remove local app data by logging out (where available), clearing app storage in your device settings, or uninstalling the app.