Data Retention Policy
This page outlines the general approach to retention, storage, deletion, and handling of operational records and related data within the Platform.
1. Retention approach
Operational data should be retained only for as long as reasonably necessary for operational, contractual, audit, legal, security, compliance, reporting, dispute-resolution, or legitimate business purposes.
2. Types of retained data
Retained data may include uploaded files, donation records, transaction identifiers, review notes, generated cases, audit history, evidence packs, reports, user activity records, exports, operational logs, and related metadata.
3. Retention periods
Retention periods may vary depending on operational requirements, legal obligations, processor requirements, contractual obligations, audit needs, internal governance practices, dispute handling, security investigations, or applicable regulatory expectations.
4. Deletion and removal
Data may be deleted, anonymised, archived, restricted, or removed where it is no longer required, where deletion is requested and appropriate, where retention obligations expire, or where removal is required for operational or legal reasons.
5. Backups and recovery systems
Certain records may continue to exist temporarily within backup, recovery, logging, archival, or disaster-recovery systems for operational continuity, security, integrity, or restoration purposes.
6. User responsibility
Organisations using the Platform remain responsible for determining appropriate retention periods for their own operational and legal obligations, including obligations relating to donor information, financial records, audit requirements, sanctions review, and compliance documentation.
7. Third-party systems
The Platform may rely on third-party infrastructure, storage, hosting, analytics, or operational providers. Retention behaviour within third-party systems may vary depending on provider policies, technical limitations, or contractual arrangements.
8. Policy updates
This Data Retention Policy may be updated from time to time to reflect operational, legal, technical, security, or compliance changes.
Last updated: 2026