Data Handling & Retention
What we collect, why we collect it, how long we keep it.
1. What we collect — KYC (individuals)
For an individual application we collect exactly these fields, and nothing else:
- First name and last name. Legal name of the applicant.
- Date of birth. Used only to confirm the applicant is 18 or older.
- Nationality. Country code from our supported-country list.
- Street address, city, postal code. Residential address.
- Country of residence. Country code from our supported-country list.
Required documents: one identity document (passport, national ID card or driver's license) plus proof of address.
2. What we collect — KYB (businesses)
A business application collects the fields above for the signing officer, plus:
- Business name. Registered legal name.
- Registration number. Format-checked company identifier.
- Country and date of incorporation. Where and when the business was registered.
- Business type. Sole proprietorship, partnership, LLC, Ltd or corporation.
- Ultimate beneficial owner. Name and ownership percentage (25% or more).
- Signing officer identity. The signer's name and date of birth (KYC of the signer).
Required documents: one identity document for the signer plus business registration and UBO declaration.
3. Data minimization
Documents are metadata-only.
In this demo, no document file bytes are ever uploaded, stored or served. For each document we keep only its type, a synthetic filename, a size figure, a checksum, its verification status and any reviewer note. There is nothing to view or download because no file contents exist — the checksum stands in for the file in the audit trail.
Beyond documents, we store account data (a masked account number, currency and balances), transaction records (description, counterparty, reference, amount and running balance) and audit events (who did what, when, and which state changed). We collect no marketing data, no device fingerprints, and no data about people who are not party to an application.
4. Retention windows
Records are kept only as long as a regulated institution would be expected to keep them:
| Data category | Retained for |
|---|---|
| Application and identity data | 5 years after account closure |
| Document metadata | 5 years after account closure |
| Screening results | 5 years after the check was run |
| Audit log | 7 years, append-only |
| Session cookies | 7 days, or until you log out |
Demo note: this environment resets every hour, so in practice nothing here outlives the next reset.
5. Erasure
You may request erasure of your data at any time. Identity fields, document metadata and account data are deleted or irreversibly anonymized once their retention windows lapse. Audit events are the exception: they are retained for the full seven-year window because they are the record regulators rely on. When the application they describe is erased, the events are unlinked from it and keep only the neutral actor label they were written with — the trail survives, the person does not.