Data Retention

TrustGate provides configurable data retention policies to help you comply with regulatory requirements while minimizing data storage.

Retention Requirements

Regulatory Minimums

Different regulations require different retention periods:

Regulation	Requirement	Typical Period
AML (US BSA)	Customer records	5 years after relationship ends
AML (EU AMLD)	Customer records	5 years after relationship ends
GDPR	Personal data	Minimum necessary
SOX	Financial records	7 years
MiFID II	Client records	5-7 years

Data Minimization

GDPR requires you not keep data longer than necessary. Balance:

Regulatory minimums - Must retain for compliance
Business needs - Legitimate operational needs
Privacy principles - Delete when no longer needed

Retention Policies

View Current Policies

curl -X GET "https://api.bytrustgate.com/v1/settings/data-retention" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

{
  "policies": {
    "approved_applicants": {
      "retention_years": 5,
      "retention_basis": "aml_regulation",
      "start_from": "relationship_end"
    },
    "rejected_applicants": {
      "retention_days": 90,
      "retention_basis": "legitimate_interest",
      "start_from": "rejection_date"
    },
    "document_images": {
      "retention_years": 5,
      "retention_basis": "aml_regulation",
      "start_from": "verification_date"
    },
    "biometric_data": {
      "retention_days": 30,
      "retention_basis": "data_minimization",
      "start_from": "verification_date"
    },
    "audit_logs": {
      "retention_years": 7,
      "retention_basis": "legal_requirement",
      "start_from": "log_date"
    }
  }
}

Configure Retention Policies

curl -X PUT https://api.bytrustgate.com/v1/settings/data-retention \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "policies": {
      "approved_applicants": {
        "retention_years": 7,
        "retention_basis": "sox_compliance"
      },
      "rejected_applicants": {
        "retention_days": 180,
        "retention_basis": "fraud_prevention"
      },
      "biometric_data": {
        "retention_days": 7,
        "retention_basis": "data_minimization"
      }
    }
  }'

Data Categories

Personal Information

Category	Default Retention	Notes
Name, DOB, address	5 years	AML requirement
Email, phone	5 years	Contact for reviews
Nationality	5 years	Risk assessment

Documents

Category	Default Retention	Notes
Document images	5 years	Evidence of verification
Extracted data	5 years	Verification record
Document metadata	5 years	Audit trail

Biometrics

Category	Default Retention	Notes
Selfie images	30 days	Delete after verification
Face embeddings	30 days	Not needed long-term
Liveness data	7 days	Immediate verification only

Verification Results

Category	Default Retention	Notes
Verification status	5 years	Compliance record
Check results	5 years	Decision basis
Risk scores	5 years	Risk assessment record

Screening Data

Category	Default Retention	Notes
Screening results	5 years	AML compliance
Hit records	5 years	Investigation evidence
Resolution notes	5 years	Decision documentation

Automatic Deletion

How Auto-Deletion Works

┌─────────────────────────────────────────────────────────┐
│              RETENTION POLICY CHECK                      │
│         Runs daily at configured time                    │
└─────────────────────────┬───────────────────────────────┘
                          │
                          v
┌─────────────────────────────────────────────────────────┐
│           IDENTIFY EXPIRED RECORDS                       │
│    Records past retention period with no legal hold      │
└─────────────────────────┬───────────────────────────────┘
                          │
                          v
┌─────────────────────────────────────────────────────────┐
│              SCHEDULE DELETION                           │
│    Mark records for deletion, notify if configured       │
└─────────────────────────┬───────────────────────────────┘
                          │
                          v
┌─────────────────────────────────────────────────────────┐
│              EXECUTE DELETION                            │
│    Permanently remove data, log action                   │
└─────────────────────────────────────────────────────────┘

View Pending Deletions

curl -X GET "https://api.bytrustgate.com/v1/data-retention/pending-deletions" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

{
  "pending_deletions": [
    {
      "applicant_id": "app_001",
      "scheduled_date": "2025-02-01",
      "reason": "retention_period_expired",
      "data_categories": ["documents", "biometrics"],
      "can_cancel": true
    }
  ],
  "summary": {
    "total_pending": 45,
    "next_deletion_batch": "2025-01-21T02:00:00Z"
  }
}

Cancel Pending Deletion

curl -X POST https://api.bytrustgate.com/v1/data-retention/cancel-deletion \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "applicant_id": "app_001",
    "reason": "legal_hold_applied",
    "reference": "HOLD-2025-001"
  }'

Legal Holds

Prevent deletion when legally required:

Apply Legal Hold

curl -X POST https://api.bytrustgate.com/v1/applicants/{applicant_id}/legal-hold \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "reason": "litigation_hold",
    "reference": "CASE-2025-001",
    "applied_by": "legal@company.com",
    "expires_at": "2027-01-20"
  }'

View Legal Holds

curl -X GET "https://api.bytrustgate.com/v1/data-retention/legal-holds" \
  -H "Authorization: Bearer YOUR_API_KEY"

Release Legal Hold

curl -X DELETE "https://api.bytrustgate.com/v1/applicants/{applicant_id}/legal-hold" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "reason": "litigation_concluded",
    "released_by": "legal@company.com"
  }'

Manual Deletion

Delete Single Applicant

curl -X DELETE "https://api.bytrustgate.com/v1/applicants/{applicant_id}" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "reason": "data_subject_request",
    "reference": "DSR-2025-001"
  }'

Bulk Deletion

curl -X POST https://api.bytrustgate.com/v1/data-retention/bulk-delete \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "filter": {
      "status": "rejected",
      "created_before": "2024-01-01"
    },
    "reason": "retention_cleanup",
    "confirmation": "DELETE_CONFIRMED"
  }'

Deletion Notifications

Configure Notifications

curl -X PUT https://api.bytrustgate.com/v1/settings/data-retention/notifications \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "notify_before_deletion": true,
    "notification_days_before": 30,
    "notification_email": "compliance@company.com",
    "send_deletion_report": true,
    "report_frequency": "weekly"
  }'

Retention Reports

Generate Retention Report

curl -X POST https://api.bytrustgate.com/v1/data-retention/report \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "report_type": "retention_summary",
    "format": "pdf"
  }'

Report Contents

Current retention policies
Data volumes by category
Records approaching expiration
Legal holds in effect
Deletion history

Next Steps

Consent Management - Manage consent records
GDPR Compliance - Privacy requirements
Audit Logging - Track data access

Retention Requirements​

Regulatory Minimums​

Data Minimization​

Retention Policies​

View Current Policies​

Response​

Configure Retention Policies​

Data Categories​

Personal Information​

Documents​

Biometrics​

Verification Results​

Screening Data​

Automatic Deletion​

How Auto-Deletion Works​

View Pending Deletions​

Response​

Cancel Pending Deletion​

Legal Holds​

Apply Legal Hold​

View Legal Holds​

Release Legal Hold​

Manual Deletion​

Delete Single Applicant​

Bulk Deletion​

Deletion Notifications​

Configure Notifications​

Retention Reports​

Generate Retention Report​

Report Contents​

Next Steps​

Retention Requirements

Regulatory Minimums

Data Minimization

Retention Policies

View Current Policies

Response

Configure Retention Policies

Data Categories

Personal Information

Documents

Biometrics

Verification Results

Screening Data

Automatic Deletion

How Auto-Deletion Works

View Pending Deletions

Response

Cancel Pending Deletion

Legal Holds

Apply Legal Hold

View Legal Holds

Release Legal Hold

Manual Deletion

Delete Single Applicant

Bulk Deletion

Deletion Notifications

Configure Notifications

Retention Reports

Generate Retention Report

Report Contents

Next Steps