Data Retention Policy
Last updated: April 13, 2026
| Document | Data Retention Policy |
|---|---|
| Version | 1.0 |
| Effective date | 2026-04-13 |
| Legal entity | Maiguard Sentinel Limited (trading as MaiGuard) |
| Parent company | Lyrisoft Technologies Limited — Maiguard Sentinel Limited is a registered subsidiary |
| Operating region | Africa — primary operations, hosting strategy, and regulatory alignment are oriented to African markets and cross-border flows involving African tenants |
| Owner | Security & Compliance (Maiguard Sentinel Limited / Lyrisoft Technologies Limited group) |
| Review cadence | At least annually, or after material product, regulatory, or infrastructure change |
1. Purpose and scope
This policy defines how Maiguard Sentinel Limited (trading as MaiGuard), a registered subsidiary of Lyrisoft Technologies Limited, retains, restricts access to, and disposes of customer and platform data processed in connection with MaiGuard’s multi-tenant fraud detection, transaction risk scoring, and related B2B SaaS platform.
MaiGuard operates within Africa; retention and legal obligations may vary by African country (and by tenant contract). Tenants remain responsible for local law where they are licensed or established.
In scope: data stored or processed by MaiGuard on behalf of tenants (business customers) and their end users, including transaction scoring data, configuration, audit trails, operational logs, backups, and support artefacts.
Out of scope: data processed solely on a tenant’s own systems unless MaiGuard explicitly stores or logs it. Jurisdiction-specific legal advice remains the tenant’s responsibility where they are the regulated entity.
2. Definitions
| Term | Meaning |
|---|---|
| Tenant | A business customer account using MaiGuard under a subscription or contract. |
| End user | An individual or entity whose activity is described in data sent to MaiGuard (e.g. transacting customer). |
| Personal data | Information relating to an identified or identifiable natural person, as defined under applicable privacy law. |
| Retention period | The maximum time data is kept in production systems, archives, or backups before deletion or irreversible anonymisation, unless a legal hold or contractual exception applies. |
| Legal hold | A suspension of deletion required for litigation, regulatory inquiry, or statutory obligation. |
| Plan retention window | A visibility or retention limit tied to subscription plan features (e.g. retentionDays), where enforced—see tenant-facing documentation and order form. |
3. Principles
- Purpose limitation — Data is retained only as long as needed for service delivery, security, abuse prevention, billing, legal obligation, or documented legitimate interest.
- Data minimisation — Tenants should send the minimum fields required for their use case; MaiGuard avoids retaining unnecessary sensitive data.
- Tenant isolation — Retention and access controls respect tenant boundaries (multi-tenancy).
- Secure disposal — Deletion or anonymisation uses industry-appropriate methods for the storage medium (logical deletion, crypto-shredding where applicable, backup expiry).
- Transparency — Material retention rules are documented here and, where relevant, in the Privacy Policy, Data Processing Agreement (DPA), and order form or Service Level Agreement (SLA).
4. Roles and responsibilities
| Role | Responsibility |
|---|---|
| Maiguard Sentinel Limited (MaiGuard) | Implements this policy; operates deletion and backup lifecycle; documents subprocessors; responds to legal holds and regulated requests within the law. |
| Tenant administrator | Configures product settings allowed by plan; ensures lawful basis and notices for data sent to MaiGuard; coordinates end-user rights requests as agreed in the DPA. |
| Engineering / Operations | Executes technical retention (jobs, storage TTLs, backup rotation) per approved procedures. |
| Security & Compliance | Maintains this policy, exceptions register, and evidence for audits. |
5. Data categories and default retention periods
Default periods apply unless a signed contract, DPA exhibit, or law requires otherwise. Periods are measured from the latest relevant event (e.g. record creation, account closure, or log timestamp) unless stated otherwise.
| Category | Examples (non-exhaustive) | Default retention | Notes |
|---|---|---|---|
| Transaction and scoring records | Stored transactions, risk scores, decisions, case metadata | Per subscription plan or contract; baseline up to 7 years where required for financial crime or dispute patterns in the tenant’s jurisdiction | Shorter plan-limited visibility (e.g. retentionDays) may apply to API/UI access even if archival policy differs—see §5.1. |
| Raw scoring payloads / metadata | JSON sent to scoring APIs, enrichment snapshots | Aligned with transaction record retention or shorter if minimisation is applied | May be redacted or truncated in logs. |
| Tenant user accounts | Portal users, roles, preferences | Life of contract + 90 days after offboarding, unless law requires longer | Deletion/anonymisation after final billing and dispute window where applicable. |
| Tenant configuration | Rules, rule sets, lists, webhooks, API keys (hashed), integrations | Life of contract + 90 days | Secrets stored hashed or encrypted; key rotation encouraged. |
| Audit logs | Administrative and security-relevant actions | At least 1 year; up to 7 years for regulated tenants or by contract | Supports integrity and investigations. |
| Application and security logs | Request/error logs, WAF, IDS, auth events | 30–90 days typical; up to 1 year for security investigations | May be shorter in non-production. |
| Webhook and integration traces | Debug payloads, delivery logs | 30–90 days unless needed for incident | Minimise PII in payloads. |
| Support tickets and email | Support platform / email threads with tenant contacts | 2 years after ticket closure, unless contract says otherwise | Attachments follow same category as primary data. |
| Backups | Database and object-store snapshots | Aligned with production; typically 30–90 days rolling | Restoration may temporarily revive deleted data until next backup cycle expires (§7). |
| Export jobs | Generated CSV/JSON exports, presigned URLs | URL expiry + 7 days for artefacts, or 30 days maximum unless tenant deletes sooner | Tenants should download promptly. |
| File imports | Uploaded CSV/JSON for batch processing | 90 days after import completion, unless tenant deletes sooner | S3/object lifecycle. |
| Billing and invoices | Invoices, payment metadata | 7 years or per tax/accounting requirement | Statutory periods vary by African jurisdiction and tenant location. |
| Marketing / website | Cookies, analytics where used | Per Cookie Policy and consent | Typically shorter; not tenant transaction data. |
5.1 Plan-based visibility vs physical deletion
MaiGuard may enforce a plan retention window (e.g. features such as retentionDays) that limits read access to historical data via standard APIs and UI, without immediately purging underlying storage. Physical deletion of aged data may be implemented via scheduled jobs as described in product documentation. Where read restriction and purge differ, the stricter of the two applies to customer-facing commitments in the order form.
6. Deletion and anonymisation
- Routine deletion — Automated jobs or manual procedures remove or anonymise data when the retention period ends, subject to legal hold.
- Tenant offboarding — Upon contract end, MaiGuard deletes or returns data per the DPA and offboarding checklist, within 90 days unless law or dispute requires retention.
- Anonymisation — Where full deletion is impractical (e.g. aggregated metrics), MaiGuard may retain non-identifying statistics only.
- Cryptographic erasure — Where data is encrypted with tenant-specific keys, key destruction may constitute erasure after documented procedures.
7. Backups and restoration
- Backups exist for availability and disaster recovery, not indefinite retention.
- When production data is deleted, residual copies may persist until backup rotation completes (typically ≤ 90 days).
- Restores are logged and limited to authorised personnel.
8. Legal and regulatory holds
If MaiGuard is notified of litigation, investigation, or statutory freeze:
- Relevant data is preserved beyond normal retention until cleared by Legal.
- Routine deletion for affected datasets is suspended for the hold scope.
- A hold register records matter ID, scope, and release date.
9. Data subject and tenant requests
- Access, rectification, erasure, restriction, portability — Handled per Privacy Policy and DPA, within statutory timelines. Erasure may be limited where MaiGuard must retain data for legal obligation or legitimate security purposes.
- Tenants must route end-user requests through agreed channels; MaiGuard assists the tenant as processor where applicable.
10. International transfers
MaiGuard’s primary operations are in Africa; tenants may be in one African country and use infrastructure or subprocessors in others or outside the continent. Transfers across borders (including outside the tenant’s country or outside Africa) follow DPA mechanisms and applicable African data-protection laws (e.g. adequacy, binding corporate rules, or Standard Contractual Clauses where recognised), as described in subprocessors documentation and regional exhibits.
Retention periods in this policy apply unless a regional exhibit or African jurisdiction-specific requirement states a shorter or longer period for a specific deployment.
11. Exceptions
Any deviation from default periods requires:
- Written approval from Security & Compliance and Legal, and
- Entry in the retention exceptions register (scope, duration, reason).
12. Policy review
This policy is reviewed at least annually and upon major product changes (new data types, regions, or subprocessors), material security or privacy incident learnings, or new regulatory requirements affecting MaiGuard or its customer base.
Approvals: Security & Compliance lead and executive sponsor.
13. Related documents
- Privacy Policy
- Data Processing Agreement (DPA) and subprocessor list
- Information Security Policy
- Incident Response Plan
- Compliance and governance documentation (internal reference)
This document supports governance and customer transparency. Tenants should align their own AML, bookkeeping, and privacy obligations with their regulators and counsel.