Sri Khata LogoSri Khata

Data Retention & Erasure Protocol

Last updated: March 2026

1. Governance of Data Lifespan

At Sri Khata, we adhere to the principle of "Data Minimization," viewing information storage as a temporary requirement. This policy establishes the duration for which your details are archived. We pledge to retain data only for the absolute minimum duration necessary to facilitate our digital ledger services, mitigate fraud, and satisfy statutory limitation periods under Indian law. Upon expiration of these needs, information is systematically sanitized or completely eliminated.

2. Retention Schedules by Classification

Collected data is divided into three distinct schedules based on its sensitivity:

Category 1: Ephemeral Verification Details (Short-Term)

Scope: Call Log metadata, Camera/Images, Approximate Geo-location.

Protocol: These records are considered transient.

  • Call Logs: Utilized exclusively for "Flash Call" authentication. Raw data is purged immediately after processing; only a cryptographic hash is kept for 6 months for dispute resolution.
  • Images & Location: Retained only until the active session concludes. If service usage stops, this data is cleared from hot storage within 30 days.

Category 2: Security & Operational Analytics (Medium-Term)

Scope: Installed App Inventory, Crash Reports, Hardware Specifications.

Protocol: This data constitutes your "Digital Security Fingerprint".

  • App Inventory: Snapshots of applications are refreshed upon login to assess environment compatibility. Historical records are archived for 3 years for behavioral analysis before being permanently scrubbed.
  • Device Metrics & Logs: Technical telemetry is stored for 12 to 24 months to refine anti-fraud models and software stability.

Category 3: Core Identity & Statutory Records (Long-Term)

Scope: Mobile Number, Email, Unique Identifiers, Emergency Contact.

Protocol: These are foundational identifiers retained for the duration of an active account.

Closed Accounts: Per Indian financial mandates (PMLA & IT Act), KYC-related data must be moved to "Cold Storage" for a mandatory 5-year period post-termination for regulatory audit purposes.

3. Execution of Data Destruction

We provide transparent mechanisms for you to exercise your "Right to be Forgotten":

3.1 Voluntary Erasure Request

You may initiate a deletion cycle by contacting business@srikhata.com from your registered email address. Valid requests are finalized within 15 business days. All Category 1 and 2 data will be wiped instantly, while Category 3 data will be encrypted and locked until the legal retention period expires.

3.2 Automated Dormancy Purge

To avoid unnecessary data hoarding, accounts with zero activity for 18 consecutive months are classified as dormant. A notification will be issued 30 days prior to the purge. Without user intervention, all non-statutory data is automatically wiped from our servers.

4. Data Rights Inquiry

For specific queries regarding your data deletion timeline or to request a data export, please contact: