Data Retention & Deletion Policy
- Lahar Policies
- Terms of Service
- Privacy Policy
- Community Guidelines
- Content Moderation & Takedown Policy
- Grievance Redressal
- Data Retention & Deletion Policy
- Advertising & Monetization Policy
- Copyright & IP Policy
- Child Safety & Age-Appropriate Design Policy
- Cybersecurity & Responsible Disclosure Policy
- Cookie & Tracking Policy
Data Retention & Deletion Policy
Effective Date: 6th August 2025
This Data Retention & Deletion Policy (“Policy”) is issued by Lahar Networks Private Limited, a company incorporated under the Companies Act, 2013, bearing CIN U63112DL2025PTC452796, having its registered office at D-365, West Vinod Nagar, East Delhi, Delhi 110092, India. This Policy explains how long Lahar retains personal and transactional data of its Users and outlines the procedures for data deletion in compliance with applicable laws.
1. Purpose
1.1 The purpose of this Policy is to define the retention periods for personal data, transactional data, and compliance-related records collected through the Lahar platform.
1.2 This Policy ensures compliance with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the CERT-In Directions, 2022, and other applicable global data protection regulations including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Children’s Online Privacy Protection Act (COPPA).
1.3 This Policy is intended to balance legal and regulatory obligations with the rights of Users to request deletion of their data, thereby minimising liability for Lahar.
2. Applicability
2.1 This Policy applies to all categories of Users on the Platform, namely Regular Users, Content Creators or Marketplace Operators, and Institutional Users.
2.2 Institutional Users must ensure that all Super Admins, Admins, and Users operating under their accounts comply with this Policy.
3. Categories of Data Collected
3.1 Lahar may collect personal information, financial details, transactional records, communications, content uploads, device and technical data, and compliance logs.
3.2 For Content Creators or Marketplace Operators, additional financial and transactional data may be collected to ensure compliance with payment network rules, merchant acquiring standards, and anti-money laundering obligations.
3.3 For Institutional Users, administrative logs and Maker–Checker records are maintained for operational integrity and compliance.
4. Data Retention Periods
4.1 Personal account information, including registration details and contact information, shall be retained for as long as the account remains active.
4.2 Transactional data, including payment records, subscriptions, settlements, refunds, and chargebacks, shall be retained for a minimum of five (5) years from the date of the transaction, as required under applicable laws and CERT-In Directions, 2022.
4.3 Compliance data, including KYC documentation, audit logs, Maker–Checker approvals, and fraud monitoring records, shall be retained for a minimum of five (5) years or longer where legally mandated.
4.4 Content uploaded by Users shall remain available for as long as the account is active, unless voluntarily deleted by the User or removed under the Content Moderation & Takedown Policy.
4.5 Data relating to minors shall be retained only as long as necessary to provide services, and shall be deleted promptly upon withdrawal of parental consent, subject to legal retention obligations.
5. User Rights and Data Deletion Requests
5.1 Users may request deletion of their account and associated data by submitting a written request to [email protected].
5.2 Upon receipt of a valid request, Lahar shall delete or anonymise the personal data of the User within thirty (30) days, subject to any applicable legal or regulatory retention obligations.
5.3 Deletion requests shall not affect data that must be retained under statutory requirements, including financial transaction records, fraud investigation records, or data preserved under court or government orders.
5.4 Where data is anonymised rather than deleted, it shall no longer be attributable to any specific User and shall not be treated as personal data under applicable law.
6. Exceptions to Deletion
6.1
Lahar may retain data beyond standard retention periods in the
following circumstances:
a. To comply with legal or regulatory
requirements, including tax, accounting, and law enforcement
obligations.
b. To resolve disputes, enforce contracts, or
protect the rights, property, or safety of Lahar, its Users, or third
parties.
c. To investigate or prevent fraud, cyber incidents, or
misuse of the Platform.
6.2 Any retention beyond the prescribed limits shall be documented with justification and reviewed periodically.
7. Security of Retained Data
7.1 All retained data shall be stored securely with encryption, access controls, and monitoring in place to prevent unauthorized access, alteration, or disclosure.
7.2 Retained data shall be accessed only by authorized personnel for legitimate business or compliance purposes.
7.3 Data that has completed its retention lifecycle shall be securely deleted or anonymised in accordance with industry standards.
8. Cross-Border Data Retention
8.1 For Users outside India, personal data may be stored in India or in other jurisdictions permitted under applicable data protection laws.
8.2 Cross-border retention and deletion shall comply with DPDP Act, 2023, GDPR, and other relevant laws.
9. Updates to Policy
9.1 Lahar may revise this Policy periodically to reflect changes in law, regulation, or internal practices.
9.2 Users will be notified of significant changes via email or Platform notifications. Continued use of the Platform after such updates shall constitute acceptance of the revised Policy.
10. Contact
For account deletion requests, questions, or complaints regarding this Policy, Users may contact:
Lahar
Networks Private Limited
D-365,
West Vinod Nagar, East Delhi, Delhi 110092, India
Email:
[email protected]