This policy sets out how long MoonGate retains different categories of data, the basis for retention periods, and procedures for secure deletion when data is no longer required.
| Data Category | Retention Period | Basis |
|---|---|---|
| KYC/KYB Documents | Minimum 5 years post-relationship | AML/CTF regulatory requirement |
| Transaction Records | Minimum 5–7 years | Legal obligation, dispute resolution |
| Membership Records | Duration + 3 years | Contractual |
| Communication Records | 5 years or as required | Compliance |
| Technical Logs | Up to 12 months | Security monitoring |
| Financial Records | Minimum 7 years | Tax and regulatory |
When data reaches the end of its retention period and there is no legal basis for continued retention, MoonGate will securely delete or anonymise the data. Physical documents are shredded; digital data is securely erased in accordance with appropriate technical standards.
Where data may be relevant to pending or anticipated legal proceedings, investigations, or regulatory enquiries, MoonGate may retain data beyond standard retention periods until such proceedings are resolved.
Subject to applicable law and regulatory obligations, individuals may request deletion of their personal data. Where a regulatory or legal retention requirement exists, MoonGate may be unable to honour deletion requests until the applicable retention period has expired.
This policy is reviewed annually and updated to reflect changes in applicable law, regulatory guidance, and MoonGate's operational requirements.