Data Retention Policy
Data Retention Policy
ISO-POL-CWC-006-R1: Data Retention Policy
Effective Date: 10 May 2026
© 2026 Enxèro Systems. All rights reserved.
Printed copies are uncontrolled. Refer to the online version for the current revision.
1. Introduction
This Data Retention Policy explains how Enxèro Systems retains, deletes, and manages data processed through our platform and related services (“Services”).
We retain data only for as long as reasonably necessary to:
provide the Services
comply with legal obligations
maintain security and integrity
resolve disputes
enforce agreements
This Policy should be read together with our:
Terms of Service
Privacy Policy
Data Processing Policy
Data Processing Agreement (DPA)
2. Who We Are
Enxero System Ltd
P.O. Box 1036-00606
Nairobi, Kenya
(“Company”, “we”, “us”, or “our”)
3. Scope
This Policy applies to:
Customer Data processed through the Services
account and subscription information
technical and security logs
support and operational records
Retention periods may vary depending on:
the type of data
operational requirements
legal obligations
security needs
4. Customer Data
Customers retain ownership of Customer Data submitted through the Services.
We retain Customer Data for the duration of the active subscription or service relationship unless:
deletion is requested by the Customer
retention is required by law
retention is necessary for legitimate security or dispute-resolution purposes
Upon termination of Services, Customer Data may be:
returned to the Customer where applicable
deleted from active systems
retained temporarily in secure backups until scheduled deletion cycles are completed
5. Account and Subscription Information
We may retain account and subscription records for reasonable business and legal purposes, including:
billing
taxation
audit requirements
fraud prevention
contractual enforcement
Retention periods may continue after account closure where required by law or legitimate operational necessity.
6. Technical and Security Logs
We maintain technical and security logs to:
protect system integrity
detect unauthorized activity
investigate incidents
maintain service reliability
Security and operational logs are generally retained for up to twelve (12) months unless:
longer retention is required by law
retention is necessary for active investigations or dispute resolution
security considerations require extended preservation
7. Support and Communication Records
Support requests, correspondence, and related operational communications may be retained for:
service continuity
training and quality improvement
dispute management
legal compliance
Retention periods are determined based on operational and legal requirements.
8. Deletion and Anonymization
Where data is no longer required, we may:
securely delete it
anonymize it
aggregate it for statistical or operational purposes where identification is no longer possible
Residual copies may remain temporarily in secure backup systems until normal deletion cycles complete.
9. Legal Holds and Regulatory Obligations
We may retain data beyond normal retention periods where necessary to:
comply with legal obligations
respond to lawful requests
resolve disputes
enforce agreements
investigate security or fraud-related matters
Where possible, retained data will be limited to the minimum reasonably necessary for those purposes.
10. Customer Responsibilities
Customers are responsible for:
determining appropriate retention settings within the Services where configurable
ensuring compliance with their own legal and regulatory obligations
exporting or retrieving data before termination where necessary
Customers acting as data controllers remain responsible for defining lawful retention periods for personal data they manage through the Services.
11. Security of Retained Data
We implement reasonable technical and organizational measures designed to protect retained data against:
unauthorized access
accidental loss
misuse
unauthorized disclosure
Retention does not imply unlimited accessibility or permanent storage.
12. Changes to This Policy
We may update this Privacy Policy from time to time.
Material changes will be communicated through:
email notification
publication in the Governance Hub
notification on the Service page
Updated versions become effective on the stated effective date.
13. Contact Information
For legal or governance inquiries:
Enxero System Ltd
P.O. Box 1036-00606
Nairobi, Kenya
[email protected]
ISO-POL-CWC-006-R1: Data Retention Policy
Effective Date: 10 May 2026
© 2026 Enxèro Systems. All rights reserved.