Data Retention Policy

1. Introduction

This Data Retention Policy explains how long Chatifyd, operated by Webifyd Technology LLC, retains different types of data and our practices for secure data deletion.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

2. Retention Principles

Our data retention practices are guided by:

Purpose Limitation: Data is retained only for its original purpose or compatible purposes
Data Minimization: We retain only the minimum data necessary
Legal Compliance: Some data must be retained to meet legal and regulatory requirements
Business Necessity: Certain data is needed for legitimate business operations
Security: Data is securely stored during retention and securely deleted afterward

3. Retention Schedule

The following table outlines our standard retention periods for different data categories:

Data Category	Retention Period	Basis
Account Information	5 years after account closure	Legal requirement, dispute resolution
WhatsApp Message Content	30 days (WhatsApp API requirement)	WhatsApp API requirement
Message Metadata	12 months	Service operation, analytics
Billing and Financial Records	7 years (UAE legal requirement)	UAE tax/accounting requirements
Support Tickets	3 years	Service improvement, dispute resolution
Analytics Data	24 months	Service improvement
Marketing Consent Records	Duration of consent	Legal requirement, consent proof
Audit Logs	7 years	Security, compliance

4. Category Details

4.1 Account Information

Account data includes registration information, user profiles, and authentication credentials. This data is retained for the duration of your account and for 5 years after account closure to comply with legal requirements and for dispute resolution.

4.2 WhatsApp Message Content

Message content (text, images, documents) sent through our platform is retained for a maximum of 30 days in accordance with WhatsApp Business API requirements. After this period, message content is automatically deleted from our systems.

Note: WhatsApp messages are protected by end-to-end encryption. The 30-day retention is for delivery/retry purposes and message history display.

4.3 Message Metadata

Metadata includes timestamps, delivery status, read receipts, and phone numbers. This data is retained for 12 months for analytics and service operation purposes.

4.4 Billing Records

Financial records, invoices, and payment information are retained for 7 years as required by UAE tax and accounting regulations. Payment card details are not stored on our servers but processed by our payment provider.

4.5 Support Communications

Support tickets, email correspondence, and chat transcripts are retained for 3 years to help resolve recurring issues and improve our services.

4.6 Audit Logs

System access logs, security events, and administrative actions are retained for 7 years for security monitoring and compliance purposes.

5. Data Deletion

5.1 Automatic Deletion

Data is automatically deleted when its retention period expires through our automated data lifecycle management system.

5.2 User-Requested Deletion

You may request deletion of your data at any time by:

Using the account deletion feature in your settings
Contacting our Data Protection Officer at dpo@chatifyd.com
Submitting a data subject request through our privacy portal

5.3 Deletion Process

When data is deleted:

Active data is marked for deletion and becomes inaccessible immediately
Data is purged from primary systems within 30 days
Backup copies are overwritten within 90 days
Anonymized aggregate statistics may be retained indefinitely

5.4 Exceptions to Deletion

We may retain data beyond stated periods when:

Required by law or court order
Necessary for ongoing litigation or legal claims
Required for security investigation
Needed to prevent fraud or abuse

6. Account Closure

When you close your account:

You have 30 days to request an export of your data
After 30 days, active data deletion begins
Message content is deleted within 30 days
Account data is retained as per legal requirements (5 years)
Financial records are retained as per UAE law (7 years)
Anonymized analytics may be retained

7. Secure Deletion Methods

We use industry-standard secure deletion methods:

Digital Data: Cryptographic erasure or overwriting
Encrypted Data: Destruction of encryption keys
Physical Media: Secure destruction or degaussing
Cloud Storage: Verified deletion with provider confirmation

8. Data Subject Rights

Under UAE PDPL and GDPR, you have the right to:

Request information about data retention periods
Request deletion of your personal data
Request restriction of processing
Receive a copy of your data before deletion
Object to data retention

To exercise these rights, contact our Data Protection Officer at dpo@chatifyd.com.

9. Sub-processor Data Handling

Our sub-processors are contractually required to:

Follow our data retention requirements
Delete data when instructed by us
Provide certification of data deletion
Implement secure deletion methods

10. Policy Review

This Data Retention Policy is reviewed annually and updated as needed to reflect changes in legal requirements, business practices, or technological capabilities.

11. Contact

For questions about data retention or to request data deletion:

Data Protection Officer

Office 501, RAG Tower, Barsha 1, Dubai, United Arab Emirates

Email: dpo@chatifyd.com