← Back to Cru
POLICY 11: DATA RETENTION POLICY
POLICY 11: DATA RETENTION POLICY
Compliance Version
11.1 Purpose
11.1.1 This Data Retention Policy defines how long CRU retains different categories of data and the principles governing deletion, archival, and lawful preservation.
11.1.2 This Policy aligns with:
• (a) Information Technology Act, 2000
• (b) Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
• (c) Digital Personal Data Protection Act, 2023
11.2 Retention Principles
11.2.1 CRU follows these principles:
• (a) Data is retained only as long as necessary
• (b) Legal obligations override deletion requests where applicable
• (c) Regulatory compliance data may be preserved
• (d) Archived data is access-restricted
11.3 Categories of Data & Retention Periods
11.3.1 Account Information
• (a) Retained while account is active
• (b) Deleted or anonymized upon verified account deletion request
• (c) Backup copies may persist temporarily in secure archives
11.3.2 User-Generated Content
• (a) May be retained for an indefinite period subject to operational requirements and legal obligations, unless:
• (i) User deletes Content
• (ii) Account is terminated
• (iii) Legal removal is required
• (b) Content removed for policy violations may be retained internally for compliance documentation, legal defense, and audit purposes
11.3.3 Moderation Records
• (a) Retained for internal compliance and audit purposes
• (b) May be stored for a reasonable period to defend legal claims
11.3.4 Political Advertisement Records
• (a) Retained for regulatory compliance
• (b) Includes sponsor details, ad duration, and targeting parameters
• (c) Maintained for audit and transparency purposes
11.3.5 Payment & Transaction Records
• (a) Retained for tax, financial, and fraud prevention compliance
• (b) Maintained in accordance with applicable accounting regulations
11.3.6 Technical Logs & Security Data
• (a) Retained for security monitoring and fraud detection
• (b) Deleted or anonymized periodically based on operational necessity
11.4 Account Deletion Requests
11.4.1 Upon receiving a valid deletion request:
• (a) Account access is disabled
• (b) Personal data is removed from active systems
• (c) Certain records may be retained where legally required
• (d) Content may be anonymized where full deletion is impractical
11.4.2 CRU reserves the right to retain minimal data necessary for:
• (a) Fraud prevention
• (b) Legal compliance
• (c) Dispute resolution
11.5 Legal Preservation Obligations
11.5.1 CRU may preserve data beyond standard retention periods if:
• (a) Required by court order
• (b) Subject to government directive
• (c) Necessary for ongoing investigation
• (d) Required to defend legal claims
11.6 Data Archiving & Security
11.6.1 Archived data:
• (a) Is access-restricted
• (b) Is protected by encryption
• (c) Is stored in secure infrastructure
11.6.2 Only authorized personnel may access retained records.
11.7 Anonymization
11.7.1 Where feasible, CRU may anonymize data instead of full deletion.
11.7.2 Anonymized data may be retained for:
• (a) Statistical analysis
• (b) Research
• (c) Platform improvement
11.7.3 Anonymized data cannot reasonably identify individuals.
11.8 User Rights & Retention Transparency
11.8.1 Users may:
• (a) Request information about retained data
• (b) Request deletion subject to legal exceptions
• (c) Seek clarification regarding retention categories
11.8.2 Requests may be submitted to: legal@cruvels.com
11.9 Limitation of Liability
11.9.1 CRU shall not be liable for retention required under law.
11.9.2 Deletion requests may not override:
• (a) Regulatory obligations
• (b) Law enforcement requirements
• (c) Financial compliance obligations
11.10 Policy Updates
11.10.1 This Policy may be updated periodically to reflect:
• (a) Legal changes
• (b) Regulatory requirements
• (c) Operational improvements
11.10.2 Continued use of CRU constitutes acceptance of updates.