Data Retention Policy
Last updated: 1 March 2026
This policy sets out how long EasyVisit retains different categories of personal information, consistent with our obligations under POPIA and legitimate business needs.
Retention Schedule
| Data Category | Retention Period | Reason |
|---|---|---|
| Visit records (check-in/out, access codes) | 12 months | Property security audit trail |
| Visitor photographs (selfies) | 90 days | Identity verification; proportionate retention |
| Host profiles | Duration of employment/residency + 6 months | Operational continuity |
| Blacklist records | Until removed by administrator | Ongoing security screening |
| System logs | 30 days (rolling) | Security monitoring and debugging |
| SMS delivery records | 90 days | Delivery confirmation and dispute resolution |
| Dashboard user accounts | Duration of client contract + 90 days | Access management |
Deletion Process
Upon expiry of the relevant retention period, personal information is deleted from our production database. Backup copies are purged within the next scheduled backup rotation cycle (maximum 30 days).
Early Deletion Requests
Data subjects may request deletion of their personal information before the standard retention period expires by contacting privacy@easyvisit.app. We will action valid requests within 30 days, subject to any legal retention obligations.
Questions
For questions about data retention: privacy@easyvisit.app