Get Started
Get Started

Data Retention Policy

Last Updated: 05 Feb 2026

This Data Retention Policy (“Policy”) describes how Flonix (“Company”, “we”, “us”, or “our”) retains, stores, and disposes of data collected during the provision of payout, payroll, and vendor payment services (“Services”).

1. Purpose

The purpose of this Policy is to:

  • Ensure compliance with applicable Indian laws and regulations

  • Maintain accurate records for regulatory, audit, and legal purposes

  • Protect customer data through secure retention and disposal practices

2. Scope

This Policy applies to:

  • All personal, business, and transactional data collected by Flonix

  • All users including customers, merchants, vendors, employees, and beneficiaries

  • All systems, databases, applications, and backups maintained by Flonix

3. Regulatory Framework

Flonix retains data in accordance with:

  • Prevention of Money Laundering Act (PMLA), 2002

  • RBI Master Directions on KYC

  • Information Technology Act, 2000

  • IT (SPDI) Rules, 2011

  • Applicable tax, audit, and financial regulations

4. Categories of Data Retained
4.1 Customer & KYC Data

  • Identity documents (PAN, Aadhaar where permitted)

  • Business registration documents

  • Address and contact details

  • Authorized signatory information

4.2 Transaction Data

  • Payout, payroll, and vendor payment records

  • Wallet balances and fund movement logs

  • Beneficiary and settlement details

4.3 Technical & Usage Data

  • IP addresses and device information

  • Login logs and access history

  • API usage and system logs

4.4 Communication Data

  • Emails, support tickets, and customer communications

  • Consent records and acknowledgements

5. Data Retention Periods

Flonix retains data for the following minimum periods or longer if required by law:

Data TypeRetention Period
KYC & Identity RecordsMinimum 5 years after account closure (as per PMLA)
Transaction RecordsMinimum 5 years from transaction date
Wallet & Settlement RecordsMinimum 5 years
Audit & Compliance LogsAs required by law or audit obligations
Customer Support RecordsUp to 3 years
Technical LogsUp to 2 years unless required for investigation
6. Data Storage & Security

  • Data is stored on secure servers with restricted access

  • Encryption is applied to sensitive data at rest and in transit

  • Access is limited to authorized personnel only

  • Regular audits and security reviews are conducted

7. Data Disposal & Deletion

  • Data is securely deleted or anonymized once retention periods expire

  • Disposal methods include secure deletion, encryption key destruction, or anonymization

  • Data required for legal disputes, investigations, or regulatory requests may be retained beyond standard timelines

8. Regulatory Holds & Exceptions

Flonix may retain data beyond standard periods if:

  • Required by RBI, FIU-IND, or law enforcement agencies

  • Necessary for ongoing investigations or litigation

  • Needed to comply with statutory or contractual obligations

9. User Rights

Subject to applicable law and regulatory requirements:

  • Users may request access or correction of their data

  • Data deletion requests may be denied if retention is legally required

10. Third-Party Data Storage

Where data is stored or processed by third-party service providers:

  • Providers are required to meet equivalent security and compliance standards

  • Data sharing is governed by contractual agreements

11. Policy Review & Updates

This Policy is reviewed periodically and updated to reflect regulatory changes, business requirements, or security practices. Updates will be published on our website.

12. Contact Information

For questions related to data retention:

Email: privacy@flonix.com
Compliance Officer: compliance@flonix.com