Data Retention Policy
Effective Date: January 1, 2025
At Sarphir Technologies Inc. ("Sarphir," "we," "us," or "our"), we are committed to data minimization and responsible data management. This Data Retention Policy outlines how long we retain different types of data collected through the Sarphir Atlas platform (the "Platform") and the procedures for data deletion.
This policy is designed to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), and reflects our commitment to privacy and sovereignty principles.
1. Account and Authentication Data
Data Type
Retention Period
Email address, name, password hash
Active account duration
Retention Rule: Email addresses, names, and authentication credentials (password hashes) are retained for as long as your account is active.
Deletion: Upon account deletion, all authentication data is permanently deleted within 30 days. During this 30-day grace period, you may contact us to recover your account. After 30 days, deletion is irreversible.
Legal Exception: If required by law or legal process (e.g., ongoing investigations, court orders), we may retain authentication data for a longer period.
2. Activity Logs and Security Logs
Data Type
Retention Period
Login logs, IP addresses, session data
Maximum 12 months
Retention Rule: Activity logs, including login timestamps, IP addresses, and session data, are retained for a maximum of 12 months for security monitoring, fraud detection, and troubleshooting purposes.
Deletion: Logs older than 12 months are automatically purged from our systems. This ensures we maintain only necessary data for operational security.
Security Incident Exception: In the event of a security breach or investigation, logs may be retained longer as required by law or regulatory authorities.
3. Analytics and Usage Data
Data Type
Retention Period
Page views, navigation patterns, feature usage
24 months (anonymized after collection)
Retention Rule: Usage and analytics data (e.g., pages visited, time spent, features used) is retained for up to 24 months to analyze platform performance and improve user experience.
Anonymization: All analytics data is anonymized immediately upon collection, meaning it cannot be traced back to individual users. Anonymized data may be retained indefinitely for aggregate reporting and research purposes.
Third-Party Analytics: If we use third-party analytics providers (e.g., Google Analytics), their data retention policies apply. We configure these tools to minimize data retention and prioritize user privacy.
4. API Data and Cache
Data Type
Retention Period
API responses, cached data, intelligence reports
Temporary only (hours to days)
Retention Rule: Data retrieved from external APIs (e.g., World Bank, IMF, market data providers) is cached temporarily only to improve platform performance and reduce redundant API calls.
Cache Duration: Cached data is typically retained for a few hours to a few days, depending on the data type and freshness requirements. Cache is automatically cleared on a rolling basis.
No Long-Term Storage: We do not permanently store third-party API data unless explicitly stated in our agreements with data providers.
5. User-Requested Data Deletion
You have the right to request deletion of your personal data at any time. Upon receiving a deletion request:
- Account Data: Permanently deleted within 30 days
- Activity Logs: Deleted immediately or retained for security purposes (max 12 months)
- Analytics Data: Already anonymized, cannot be traced back to you
- Backup Systems: Data may remain in encrypted backups for up to 90 days before complete removal
To request data deletion, contact us at privacy@sarphir.com.
6. Legal and Regulatory Retention
In certain circumstances, we may be required to retain data for longer periods to comply with:
- Legal obligations (e.g., tax laws, financial regulations)
- Court orders, subpoenas, or government requests
- Ongoing investigations or litigation
- Anti-money laundering (AML) and know-your-customer (KYC) requirements
In such cases, we will retain only the minimum necessary data for the required period and securely delete it once the legal obligation expires.
7. Data Retention Summary Table
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Email, Name, Password | Active account duration | Deleted within 30 days after account deletion |
| Activity & Security Logs | Maximum 12 months | Automatic purge after 12 months |
| Analytics & Usage Data | 24 months (anonymized immediately) | Cannot be traced to individual users |
| API Data & Cache | Temporary (hours to days) | Automatic cache clearing |
8. Changes to This Policy
We may update this Data Retention Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of material changes by posting a notice on the Platform or sending you an email.
9. Contact Us
If you have any questions about this Data Retention Policy or wish to request data deletion, please contact us:
This Data Retention Policy is part of our commitment to privacy, sovereignty, and responsible data stewardship. We retain only what is necessary and delete what is not.