src/config/legal-entity.ts next week with your registered business name, address, and official emails.attorneyReviewComplete to true only after Trinidad counsel approves this framework.Data Retention and Deletion Policy
Caribbean Popularity Arena
Effective Date: [EFFECTIVE DATE]
Last Updated: [LAST UPDATED DATE]
Operator Information
[REGISTERED BUSINESS NAME] operates Caribbean Popularity Arena (the "Platform") from the Republic of Trinidad and Tobago.
Privacy / Deletion Requests: [[email protected]]
Support: [[email protected]]
1. Purpose
1.1 This Data Retention and Deletion Policy ("Policy") explains how long we retain different categories of data and how deletion requests are handled.
1.2 This Policy supplements the Privacy Policy and Terms and Conditions.
2. General Retention Principles
2.1 We retain data only as long as necessary for the purposes collected, including Platform operation, security, legal compliance, dispute resolution, and enforcement.
2.2 Retention periods vary by data type and legal requirements.
2.3 When data is no longer required, we delete, anonymize, or aggregate it according to technical and legal constraints.
3. Account Records
| Data Category | Typical Retention | Notes |
|---|---|---|
| Active account profile | Duration of account | Updated while active |
| Closed account profile | Up to [24] months after closure | May be shortened upon verified deletion request |
| Verification records | Up to [5] years | Fraud and compliance needs |
| Login history | Up to [12] months | Security monitoring |
4. Transaction Records
| Data Category | Typical Retention | Notes |
|---|---|---|
| Payment transaction logs | Up to [7] years | Tax, accounting, chargeback defense |
| Invoices and receipts | Up to [7] years | As required by law |
| Refund and dispute records | Up to [7] years | Billing compliance |
5. Security Logs
| Data Category | Typical Retention | Notes |
|---|---|---|
| Authentication logs | Up to [12] months | May extend if tied to investigation |
| IP and device logs | Up to [12] months | Fraud and abuse detection |
| Moderation and safety logs | Up to [3] years | Enforcement and legal defense |
| Incident response records | Up to [5] years | Security compliance |
6. Communication Data
| Data Category | Typical Retention | Notes |
|---|---|---|
| In-Platform messages | Until deletion or account closure | Subject to safety holds |
| Support tickets | Up to [3] years | Customer service quality |
| Report and abuse records | Up to [5] years | Safety enforcement |
7. Content and Media
| Data Category | Typical Retention | Notes |
|---|---|---|
| Public creator showcase media | Until removed or account closed | CDN caching may persist briefly |
| Deleted content backups | Up to [90] days | Disaster recovery |
| Removed violating content | Up to [3] years | May be preserved for investigations |
8. Usage Analytics
| Data Category | Typical Retention | Notes |
|---|---|---|
| Aggregated analytics | Up to [24] months | May be retained longer in anonymized form |
| Event-level analytics | Up to [13] months | Product improvement |
9. Audit Records
9.1 Audit trails for administrative actions, permission changes, and compliance events may be retained up to [5] years or longer where required by regulators, banks, or payment processors.
9.2 Audit records may be stored in tamper-evident or access-controlled systems.
10. Deletion Requests
10.1 Users may request deletion of personal data by contacting [[email protected]] or closing their account via [[email protected]].
10.2 We verify identity before processing deletion requests.
10.3 Deletion may not be immediate due to backup cycles, caching, and legal holds.
10.4 We will confirm completion within timeframes required by applicable law.
11. Legal Retention Exceptions
11.1 We may retain data beyond standard periods where necessary to:
(a) comply with legal obligations;
(b) respond to litigation, regulatory inquiry, or law enforcement requests;
(c) establish, exercise, or defend legal claims;
(d) prevent fraud, abuse, or security incidents;
(e) satisfy payment processor and banking audit requirements.
11.2 Retained data is access-limited to authorized personnel and service providers.
12. Compliance Retention Requirements
12.1 Financial, tax, and anti-fraud records are retained in accordance with Trinidad and Tobago law and applicable international obligations.
12.2 Know-your-customer and sanctions screening records may be retained as advised by compliance counsel.
13. Archived Data Procedures
13.1 Archived data is segregated from active production systems where feasible.
13.2 Access to archives requires authorization and is logged.
13.3 Archives are purged according to retention schedules unless subject to legal hold.
14. Legal Holds
14.1 When litigation or investigation requires preservation, normal deletion schedules may be suspended for affected records.
14.2 Legal holds remain until released by the Company's legal team.
15. Anonymization
15.1 Where deletion is impractical, we may anonymize data so it can no longer reasonably identify an individual.
15.2 Anonymized data may be retained for analytics and research.
16. Third-Party Processors
16.1 Service providers maintain data according to contractual retention limits and delete or return data upon contract termination where required.
16.2 Processor retention may cause short delays in complete deletion across all systems.
17. Contact Information
[REGISTERED BUSINESS NAME]
Address: [REGISTERED BUSINESS ADDRESS]
Privacy / Deletion: [[email protected]]
Support: [[email protected]]
Legal: [[email protected]]
This document is a draft prepared for attorney review and does not constitute legal advice.
Governing law: Republic of Trinidad and Tobago. Draft for attorney review. Not legal advice.