KHOJ — Data Retention & Deletion Policy PUBLIC DOCUMENT · DPDPA 2023 Section 8(7) Compliance Axiomaera Private Limited | CIN: U62011MH2026PTC467707 | DPIIT: DIPP248013 Registered Office: Shop 8, Upper Ground Floor, Amenity Bldg, Ashok Astoria, Gangapur, Nashik, Maharashtra 422222, India Version: 1.0 | Effective Date: May 10, 2026 | Document Owner: Office of the Managing Director, Axiomaera Private Limited
1. Purpose
This Data Retention & Deletion Policy describes how long Axiomaera Private Limited ("Axiomaera") retains personal data collected through the KHOJ service, the legal basis for each retention period, and the methods used to delete data when retention is no longer justified. This Policy is drafted in compliance with Section 8(7) of the Digital Personal Data Protection Act, 2023 ("DPDPA"), which requires that when a Data Principal withdraws consent or the specified purpose is no longer served, the Data Fiduciary shall erase personal data (unless retention is necessary for compliance with applicable law). This Policy also addresses the obligations under Section 8(3), which requires that personal data processed on behalf of a Data Fiduciary by a Data Processor shall be erased by such Data Processor upon the Data Fiduciary ceasing to use that Data Processor.
2. Guiding Principles
1. Purpose limitation: Personal data is retained only as long as it is necessary to fulfil the specific purpose for which it was collected. 2. Minimisation: We collect the minimum data necessary and delete it at the earliest opportunity consistent with our legal obligations. 3. Automated enforcement: Wherever possible, retention limits are enforced automatically through technical controls (time-to-live expiry, scheduled deletion tasks, storage lifecycle policies) rather than relying on manual processes. 4. Auditability: All deletions are logged. The fact of deletion is recorded even after the data itself is irreversibly destroyed. 5. Legal compliance: Where Indian law requires retention beyond the primary purpose (e.g., tax records, consent evidence), we retain only the minimum data necessary to satisfy the legal requirement, in pseudonymised form where possible.
3. Retention Schedule
3.1 Scan Results What is stored: Breach list, ATI Score, severity classification, breach cards — cached in encrypted memory store Retention: Maximum 24 hours Deletion method: Automatic time-to-live (TTL) expiry. Data is irreversibly purged from cache. No backup retained Legal basis: Section 8(7) DPDPA — purpose fulfilled upon delivery of results to Data Principal 3.2 Exposed Credentials What is stored: Passwords, usernames, phone numbers, IP addresses from breach intelligence providers — NOT stored at all. Queried in real-time, rendered into the Report, raw API response discarded immediately Retention: Zero. Discarded upon Report rendering Deletion method: API response object destroyed in memory after Report generation. Never written to persistent storage Legal basis: Section 8(7) DPDPA — purpose fulfilled at point of rendering 3.3 OTP Codes What is stored: SHA-256 hash of OTP in encrypted memory store. Plaintext OTP is never stored Retention: 10 minutes Deletion method: Automatic TTL expiry Legal basis: Section 8(7) DPDPA — purpose fulfilled upon verification 3.4 IP Addresses What is stored: SHA-256 hash of IP address Retention: 7 days Deletion method: Automated daily purge task deletes hashes older than 7 days Legal basis: Section 7(b) DPDPA — deemed consent for processing reasonably expected by the Data Principal in connection with the specified purpose, including fraud prevention and security. 7 days is the minimum period needed to identify repeat abuse patterns 3.5 Email Address / Phone Number (Marketing) What is stored: Stored in encrypted database, only if the user provided explicit opt-in consent for marketing communications Retention: Until consent is withdrawn or until the user requests deletion, whichever occurs first Deletion method: Manual deletion within 72 hours of receiving withdrawal/deletion request. Confirmation sent to user Legal basis: Section 6(1) DPDPA — processing based on free, specific, informed, and unconditional consent of the Data Principal 3.6 Email Address / Phone Number (Service Delivery) What is stored: Temporarily held in encrypted memory store during the scan session Retention: Maximum 24 hours (same as scan results) Deletion method: Automatic TTL expiry, same as scan results Legal basis: Section 8(7) DPDPA — purpose fulfilled upon delivery 3.7 Payment Reference ID What is stored: Razorpay payment identifier, order ID, amount, date. Stored in encrypted database. We never store card numbers, UPI details, or bank account information Retention: 8 years Deletion method: Deleted after 8 years from transaction date Legal basis: Income Tax Act, 1961 Section 44AA; Companies Act, 2013 Section 128 3.8 Consent Records What is stored: Timestamp, consent text version hash, consent acceptance timestamp, hashed IP, scan initiation timestamp. Stored in encrypted database Retention: 3 years after the end of the processing relationship Deletion method: Automated deletion 3 years after last interaction, or upon user request (whichever is later, subject to legal minimum) Legal basis: Section 6(10) DPDPA — proof that valid consent was obtained. 3 years aligns with the general limitation period under the Limitation Act, 1963 3.9 Anonymised Threat Scores What is stored: Integer 0–100, with no linkage to any individual. Stored in aggregate statistical database Retention: Indefinite Deletion method: Not applicable — data is not personal data within the meaning of Section 2(t) of the DPDPA Legal basis: Anonymised data is outside the scope of DPDPA. Used solely for computing percentile rankings 3.10 PDF Reports What is stored: Generated report file in encrypted cloud storage (AWS S3) Retention: 30 days Deletion method: Automatic S3 lifecycle policy permanently deletes files after 30 days Legal basis: Section 8(7) DPDPA — reasonable buffer for user to download 3.11 Device and Browser Metadata What is stored: User-agent string, screen resolution, language preferences in encrypted memory store Retention: 24 hours (same as scan session) Deletion method: Automatic TTL expiry Legal basis: Section 7(b) DPDPA — deemed consent for processing reasonably expected by the Data Principal, including security and fraud detection 3.12 Server and Application Logs What is stored: Application-level access logs, error logs, and request metadata. These logs do not contain personal data in cleartext; they contain request identifiers, timestamps, response codes, and system-level diagnostic information Retention: 180 days Deletion method: Automated log rotation and purge after 180 days Legal basis: CERT-In Directions dated 28 April 2022 (Gazette Notification No. CCI/Directions/2022) require all service providers to maintain ICT system logs for a rolling period of 180 days within Indian jurisdiction. This retention period is mandated by law and is not subject to user deletion requests
4. Deletion Methods
TTL Expiry: Data is assigned a time-to-live value in our encrypted memory store. Upon expiry, the data is automatically and irreversibly removed. No human intervention required. Used for scan results, OTPs, session data, and IP hashes. Scheduled Purge Task: An automated background task runs daily, identifying and permanently deleting data that has exceeded its retention period. Execution is logged. Used for IP address hashes, PDF reports, and server logs. Manual Deletion: Upon receiving a user request (via privacy@axiomaera.com), an authorised administrator deletes the specified data within 72 hours. A deletion confirmation is sent to the user. The deletion itself is logged for audit purposes. Used for marketing email/phone upon consent withdrawal. S3 Lifecycle Policy: AWS S3 storage is configured with an automatic lifecycle rule that permanently deletes objects after the specified retention period. Enforced at the infrastructure level. Used for PDF Reports.
5. Legal Holds
In the following circumstances, data that would otherwise be deleted may be retained beyond its normal retention period: 1. Court order or legal notice: If Axiomaera receives a court order, legal notice, or regulatory directive requiring preservation of specific data, the affected data will be placed on legal hold until the matter is resolved. 2. Active dispute or complaint: If a user has filed a grievance or complaint that is still being resolved, all data related to that user will be retained until the grievance is fully resolved. 3. Law enforcement request: If Indian law enforcement authorities request preservation of data under applicable law (including the Information Technology Act, 2000 or the Bharatiya Nagarik Suraksha Sanhita, 2023), the data will be preserved as directed. Legal holds are logged with the reason, the authority requesting preservation, the date placed, and the expected review date. Legal holds are reviewed monthly and released when the underlying reason no longer applies.
6. Your Rights
1. Right to know retention periods: This document fulfils your right to be informed about how long your data is retained. 2. Right to erasure (Section 12 DPDPA): You may request deletion of your personal data at any time by emailing privacy@axiomaera.com. We will comply within the period prescribed under the DPDP Rules, 2025 (currently up to 90 days), and will endeavour to resolve simple deletion requests within 72 hours where operationally feasible, except for data we are legally required to retain (payment records under tax law, consent logs to evidence DPDPA compliance, and server logs under CERT-In Directions). 3. Right to verify deletion: Upon request, we will provide written confirmation that your data has been deleted, specifying what was deleted and what was retained under legal obligation.
7. Contact
| Purpose | |
|---|---|
| Data deletion requests | privacy@axiomaera.com |
| Grievance Officer | grievance@axiomaera.com |
| Legal inquiries | legal@axiomaera.com |
Grievance Officer: Mukund Hemant Mohadikar, Managing Director
End of Data Retention & Deletion Policy.
This policy is referenced by the KHOJ Privacy Policy (Section 2.8) and Terms of Service (Section 1.15).