Data Retention Policy

Data Retention Policy

We are continuously reducing complexity within the evolving payments world. Our business practice is to optimize and minimize the storage of data while keeping full transparency of the payment for business analytics. Why?

  • To enhance security and protection of sensitive data.
  • To ease provision of historical analysis and valuable business data insights.
  • To conduct periodical compliance and regulatory requirements.
  • To facilitate legal and audit requirements while meeting business needs.
  • To efficiently orchestrate higher payment throughput in a stable environment.
  • To backup enough data more often and recover fast from emergencies.
  • To enhance the user experience by expediting searches faster.

We retain card, non-card, token and file data for a prescribed period of time during which a customer can access, interact with or audit the data.

Transaction Retention Policy

Payment Data

14 months retention period


All payment transaction data are retained 14 months:

  • Credit / Debit card payments
  • Bank account payments
  • Wallet payments
  • Standalone and card-on-file payments
  • Back-office payments such as refunds or captures

Example

  • Payment processed on 1-Feb-Y1. DB retained until 1-Apr-Y2.
  • Chargeback on 1-Mar-Y1. DB and CB retained until 1-May-Y2.
  • Chargeback reversal on 5-Mar-Y1. DB, CB and CR retained until 5-May-Y2.

Risk Data

14 months retention period


All risk transaction data are retained 14 months:

  • 3D Secure risk transactions
  • Exemption transactions
  • Fraud management risk transactions
  • Standalone risk transactions
  • Pre and post authorization risk transactions

Example

  • Pament with risk check processed on 1-Feb-Y1.
  • DB and risk check retained until 1-Apr-Y2.
  • Refund on 14-Feb-Y1. DB, risk check and RF retained until 14-Apr-Y2.

Card Token Data

14 months retention period after card expiry date


Card tokens are retained 14 months more from the card expiry date:


Example

  • Card tokenized during payment on 1-Feb-Y1. Card expiry date is Dec-Y1.
  • DB retained until 1-Apr-Y2. Token retained until 1-Mar-Y3.
  • New payment over token on 1-Mar-Y1. DB retained until 1-May-Y2.
  • New payment over token on 1-Apr-Y1. DB retained until 1-Jun-Y2.

Non-Card Token Data

14 months retention period


Registration tokens for alternative payment methods or bank accounts are retained 14 months. Any additional payment extends the token's life with another 14 months. Retention period is adjustable for up to 24 months.


Example

  • Virtual account tokenized during payment on 1-Feb-Y1.
  • Both token and payment retained until 1-Apr-Y2.
  • New payment over token on 1-Mar-Y1. Token and DB retained until 1-May-Y2.
  • New payment over token on 1-Apr-Y1. Token and DB retained until 1-Jun-Y2.

Scheduling Data

14 months retention period after card expiry date


Scheduling payment job data parameters are retained as long as card token used to schedule payments is retained:

  • Scheduling transactions
  • Re-scheduling transactions
  • Cancelling of scheduled transactions

Example

  • Card tokenized during payment on 1-Feb-Y1. Card expiry date is Dec-Y1.
  • SD over token on 1-Feb-Y1. Schedule data retained until 1-Mar-Y3.
  • New payment scheduled over token on 1-Feb-Y1. DB retained until 1-Apr-Y2.
  • New payment scheduled over token on 1-Mar-Y1. DB retained until 1-May-Y2.

Helper Account Data

14 months retention period


Account data helping to complete payments are retained 14 months:

  • Account updater transactions
  • Account discovery transactions for buy now pay later plans
  • Installment plan transactions
  • Network token fetch transactions

Example

  • Card tokenized.
  • Payment initiated on 1-Feb-Y1 to authorize with network token.
  • Network token fetched from network on 1-Feb-Y1. TF retained until 1-Apr-Y2.
  • Payment completed on 1-Feb-Y1 and retained until 1-Apr-Y2.
Any follow-up transaction extends the retention of the original payment with another 14 months.
Any other transaction type not covered above is retained 14 months.

File Retention Policy

Bank Files

3 months retention period


All SEPA direct debit or credit transfer files sent via EBICS communication protocol to banks for processing.

Clearing Files

3 months retention period


All clearing files sent over to acquirer for offline processing.

Batch Files

3 months retention period


All batch files (for example captures, chargebacks, receipts or token extensions) sent to Planet Payment Gateway for processing.

Reconciliation Files

3 months retention period


All reconciliation raw data files received by Planet Payment Gateway via SFTP from acquirers or 3rd party providers.

Settlement Files

3 months retention period


All settlement files offered by Planet Payment Gateway transforming the reconciliation records in a unified format.

Transaction Files

1 month retention period


All transaction data files automatically exported by Planet Payment Gateway in a dedicated SFTP account for the client.

Backup Files

1 month retention period


All secured database backup files serving business continuity and disaster recovery.

Monitoring Files

1 month retention period


All UI monitoring events performed by the client's users.

Last updated: 2024-02-02