WebsiteStatusSupportPostman workspacePricingDocumentation hub survey
Documentation
RSS feedSign up
Start typing to search…
  1. Server-to-Server, Mobile SDK, and COPYandPAY
  2. References

Data retention policy

Last updated: 2026-01-25

The Peach Payments data retention policy aims to balance the need for data for business insights and regulatory compliance with the importance of data security and efficiency. It's important to optimise data storage:

  • Enhanced security: By storing less data, Peach Payments reduces the risk of bad actors gaining access to sensitive information.
  • Business insights: Peach Payments retains essential data to provide valuable insights and historical analysis.
  • Regulatory compliance: The data retention periods align with compliance and regulatory requirements.
  • Legal and audit needs: Peach Payments meets legal and audit requirements without compromising business needs.
  • Efficiency: The data retention periods promote high payment throughput in a stable environment.
  • Emergency preparedness: Regular backups ensure Peach Payments can recover from any emergencies in a short amount of time.
  • Improved user experience: By expediting searches, Peach Payments enhances the user experience.

Peach Payments retains different types of data, including card, non-card, token, and file data, for a specific period during which customers can access, interact with, or audit the data.

Transaction retention policy

  • Payment data
    • Retention period: 14 months
    • Includes:
      • Card or bank
      • Wallet or pre-payments
      • Direct debits or credit transfers
    • Example:
      • Payment on 1-Feb-Y1
      • Chargeback on 1-Mar-Y1
      • Chargeback reversal on 5-Mar-Y1
      • All retained till 5-May-Y2
  • Risk data
    • Retention period: 14 months
    • Includes:
      • 3-D Secure
      • Exemptions
      • Any fraud management risks
    • Example:
      • Payment with risk on 1-Feb-Y1
      • Refund on 14-Feb-Y1
      • All retained till 14-Apr-Y2
  • Card token data
    • Retention period: 14 months post-card expiry
    • Includes:
      • Registration tokens (eCommerce only)
    • Example:
      • Card expiry: Dec-Y1
      • Tokenised card during payment on 1-Feb-Y1
      • New token payment on 1-Mar-Y1
      • New token payment on 1-Apr-Y1
      • Token retained till 1-Mar-Y3
      • All payments retained 14 months
  • Non-card token data
    • Retention period: 14 months
    • Includes:
      • Registration tokens (eCommerce only)
      • Retention adjustable for up to 24 months.
    • Example:
      • Tokenised wallet during payment on 1-Feb-Y1
      • New token payment on 1-Mar-Y1
      • New token payment on 1-Apr-Y1
      • Token retained till 1-Jun-Y2
      • All payments retained 14 months
  • Subscription data
    • Retention period: 14 months post-card expiry
    • Includes:
      • Subscription scheduling
      • Subscription cancelling
    • Example:
      • Tokenised card on 1-Feb-Y1 (Expiry: Dec-Y1)
      • Token subscription on 1-Feb-Y1
      • Automatic scheduled payment on 1-Mar-Y1
      • Automatic scheduled payment on 1-Apr-Y1
      • Token and subscription retained till 1-Mar-Y3
      • All scheduled payments retained 14 months
  • Helper account data
    • Retention period: 14 months
    • Includes:
      • Account updater and BNPL discovery
      • Instalment plans and network tokens
    • Example:
      • Card network tokenised, payment initiated on 1-Feb-Y1
      • Network token and payment retained till 1-Apr-Y2
📘
  • Any follow-up transaction extends the retention of the original payment with another 14 months.
  • Peach Payments retains any transaction type not covered above for 14 months.

File retention policy

  • Bank files
    • Retention period: 3 months
    • SEPA files sent via EBICS for processing.
  • Clearing files
    • Retention period: 3 months
    • Files sent to acquirer for offline processing.
  • Batch files
    • Retention period: 3 months
    • Files (captures, chargebacks, and so on) sent for processing.
  • Reconciliation files
    • Retention period: 3 months
    • Raw data files received from acquirers or providers.
  • Settlement files
    • Retention period: 3 months
    • Files unifying reconciliation records.
  • Transaction files
    • Retention period: 3 months
    • Data files exported to client's SFTP account.
  • Token import files
    • Retention period: 3 months
    • Token files received from provider's SFTP.
  • Backup files
    • Retention period: 1 month
    • Secured database backups for business continuity.
  • Monitoring files
    • Retention period: 1 month
    • Daily exported files containing user and system activity events (audit logged events) sent to the customer's SFTP.

User and system activity retention policy

  • Inactive user contacts
    • Retention period: 36 months
    • Inactive users of type SEND or MOTO who have not attempted to log in for the past 36 months.
  • Audit logged events
    • Retention period: 14 months
    • Records of actions performed by users, APIs, or applications, used for auditing, and verifying changes in the system.

Updated about 7 hours ago