Data Retention & Deletion Policy

Last updated: May 7, 2026

Learn how Quicshop retains, manages, and deletes your personal data in compliance with the Digital Personal Data Protection Act, 2023.

Purpose & Scope

The Digital Personal Data Protection (DPDP) Act, 2023 mandates that personal data shall not be retained longer than necessary to full-fill its specified purpose. This policy dictates the strict lifecycle, retention durations, and cryptographic destruction methods for all data residing within Quichub Innovations LLP’s infrastructure.

This policy applies to all active databases (e.g., DigitalOcean), cold storage (e.g., AWS Glacier), third-party sub-processors, and automated backups.

The Master Retention Schedule

Data must be automatically purged based on the following schedule unless subjected to a formal Legal Hold.

Fiduciary Data (Merchant Information)

Quichub acts as the Data Fiduciary for the B2B SaaS Merchants using our platform.

  • Active Account Data: Retained for the duration of the active contract/subscription.
  • Account Deletion/Termination: Upon a Merchant requesting account deletion, data enters a 30-Day Grace Period (Soft Delete). On Day 31, all Tier 2 PII (emails, platform configurations) must undergo Hard Deletion.
  • Financial & Billing Records: Under the Companies Act and tax regulations, all invoices, billing records, and GSTIN histories must be stripped of non-essential marketing metrics and moved to cold storage for exactly 7 Years.

Processor Data (End-Shopper Information)

Quichub acts solely as a Data Processor for shoppers buying from Merchant storefronts.

  • Transaction/Checkout Payloads: Retained in active databases only as long as necessary to full-fill the order routing(logistics/payment gateways).
  • Merchant Termination: If a Merchant leaves Quichub, all associated Tier 1 End-Shopper data must be permanently destroyed within 30 days of contract termination.
  • Data Principal Erasure Requests: If a shopper requests data deletion via the Merchant, Quichub’s APIs must execute the deletion across Quichub databases within 72 hours of receiving the validated API command from the Merchant.

System & Security Logs (CERT-In Mandate)

  • Access & Security Logs: To comply with CERT-In directions, all API triggers, authentication logs, and security events must be routed to Write-Once-Read-Many(WORM) storage.
  • Retention Limit: Retained for exactly 180 Days.
  • Destruction: Automated cron jobs must purge Day 1 logs on Day 181.

Approved Data Destruction Methods

Manual deletion (“Right-Click Delete”) is legally insufficient and prone to human error. All deletions must be executed via automated engineering protocols.

  • Soft Delete (Grace Period): Data is flagged as deleted in the database. It becomes invisible to the application layer and Merchant dashboard but remains on the server to allow for accidental deletion recovery.
  • Hard Delete (Cryptographic Erasure): The physical removal of data from the database cluster. If data exists on immutable backup drives, the cryptographic keys used to encrypt that specific data block must be destroyed, rendering the data mathematically unrecoverable (Cryptographic Shredding).
  • Anonymization: If Quichub wishes to retain analytical data (e.g., total checkout volume per month) beyond the retention period, the data must be irreversibly stripped of all PII.

Sub-Processor Deletion Cascade

When data reaches its retention limit within Quichub’s primary databases, the engineering team must ensure that deletion commands are automatically cascaded to all approved third-party vendors via API.

  • Example: If a Merchant account is deleted, the system must automatically fire a webhook to Klaviyo and Google Analytics 4 to purge the Merchant’s associated tracking profiles.

In the event of a regulatory investigation by the Data Protection Board of India (DPBI), a CERT-In inquiry, or pending litigation, the Privacy Lead has the authority to issue a Legal Hold.

  • Action: Upon issuance of a Legal Hold, the CTO must immediately suspend all automated deletion chron jobs and cryptographic shredding protocols for the specified datasets.
  • Release: Data under a Legal Hold may only be destroyed upon written authorization from the Privacy Lead and external legal counsel.

Auditing & Compliance

The CTO will conduct a bi-annual review of all automated deletion scripts to ensure they are firing correctly. A log of successful automated purges must be maintained for regulatory audit purposes.