1. General principles
We aim to:
- keep personal data only for as long as necessary for the relevant purpose;
- distinguish short-lived operational data from longer-lived legal, moderation, or accountability records;
- distinguish off-chain application records from public-chain references; and
- delete, prune, or anonymize records where lawful and technically feasible.
2. Main record classes
| Category | Typical contents | Typical retention posture |
|---|---|---|
| Authentication challenges | Challenge material and short-lived auth state | Very short-lived / ephemeral |
| Session and abuse-prevention data | Session metadata, verification events, IP / user-agent context, rate-limit signals | Bounded operational window |
| Audit and privileged-action records | Administrative actions, security-relevant events, moderation audit trail | Bounded operational window, longer if required for accountability or claims |
| Idempotency and failed-side-effect records | Completed idempotency keys, dead-letter traces, retry-suppression records | Bounded operational window |
| Notices, statements of reasons, and appeals | Notice intake, decisions, redress and appeal records | Longer legal / accountability retention |
| Chain-event mirrors and reconciliation data | Public-chain event mirrors, reconciliation and integrity records | Retained as needed for integrity, reconciliation, and incident analysis |
| Managed-storage records | Artifact references, retention metadata, related storage events | According to feature-specific retention rules and legal needs |
| Enhanced compliance records | Trader-verification, tax-reporting, or other compliance-specific material, if enabled | Only when enabled and only for as long as required by purpose and law |
| Support, legal, and security correspondence | Support requests, privacy requests, abuse reports, security reports | Retained as needed to resolve the matter and meet legal or accountability needs |
3. Public blockchain limitation
Public blockchain data may remain visible indefinitely from the relevant network, archives, explorers, mirrors, or other third-party infrastructure even if we delete or restrict related off-chain records under our control.
4. Changes and exceptions
Actual retention windows may vary by system, feature, incident, legal hold, dispute, appeal, or operational need.
We may keep records longer where reasonably necessary to:
- comply with law, sanctions, court orders, or regulator demands;
- detect, investigate, or defend against abuse, fraud, or security incidents;
- preserve evidence for disputes, appeals, or legal claims; or
- protect users, infrastructure, or the integrity of the Services.