Data Retention Policy
Effective date: 16 July 2026 · Last updated: 16 July 2026 · Version 2
Last updated: 14 July 2026 · Version 2
This policy of Spacelinkers Infotech Private Limited describes how long StayLocal retains each class of data and why — implementing DPDP Act §8(7) (erasure when purpose is served, unless retention is required by law) and §12 (erasure rights).
Retention schedule
| Data class | Retention | Basis |
|---|---|---|
| Account profile (name, email, phone) | Life of the account; scrubbed immediately on deletion execution | Service operation |
| Sign-in identities (provider links) | Life of the account | Authentication |
| Listings & photos | While owned by an active account; archived on deletion. Drafts expire 90 days after last edit (7-day warning), storage purged +30 days | Service operation |
| Contact reveals / leads | 2 years from creation | Fraud investigation, dispute resolution |
| Consent records | Life of account + 3 years | Evidence of consent must outlive consent (limitation periods) |
| Lister compliance declarations | Life of listing + 3 years | Evidence |
| Invoices, payments, credit ledger | 7 years | Companies Act 2013 (books of account), Income-tax Act 1961 |
| Audit logs — finance-relevant | 7 years | As above |
| Audit logs — general (moderation, admin actions) | 2 years | Security, accountability, IT Rules traceability |
| Reports & moderation records | 2 years from resolution | Repeat-offender enforcement, legal defence |
| Search queries & analytics events | Raw rows ≤ 12 months, then aggregated/anonymised | Product analytics |
| Notification/email/SMS delivery records | 1 year | Deliverability, complaint handling |
| System/worker run logs | 90 days (automatic purge) | Operations |
| OTP verification evidence | Life of listing (number + verified state; codes are never stored) | Trust & safety |
| Data-request records (export/deletion/correction) | 3 years | Demonstrating rights compliance |
What account deletion actually does
On execution (after review, usually ≤ 2 working days): identifying fields are scrubbed from active systems (name, email, phone, avatar); listings are archived and removed from search; sign-in is disabled permanently. Records in the 7-year/legal buckets are retained in minimised, access-restricted form — they no longer carry your scrubbed identifiers beyond what the law itself requires (e.g., invoice particulars).
Backups
Encrypted backups roll off within 35 days. Deleted data may persist in backups until rotation completes and is restored only for disaster recovery — never to resurrect deleted accounts.
Legal holds
Where litigation, investigation, or a lawful preservation request is pending, affected data is retained beyond this schedule until the hold lapses (Law Enforcement Request Policy).
Questions
Grievance Officer — info@spacelinkers.com · Grievance Redressal Policy.
Version 2 · Effective 16 July 2026 · Questions about this policy? See the Grievance Redressal Policy or contact us.