Back to home
Data Retention

Data Retention Policy

How long EasyVisit keeps different categories of personal information and what happens when retention periods expire.

Last updated · 2 June 2026

Visitor management generates personal information. Keeping it forever is a privacy risk; deleting it too soon can undermine property security and legitimate compliance needs. This policy explains EasyVisit's default retention schedule.

Default retention windows

Data categoryDefaultHow it is managed
Visit records (visitor name, host, time)12 monthsAutomatic deletion by retention job
Visitor photos (kiosk capture)90 daysAutomatic photo deletion and ImagePath clearing
Watchlist entriesUntil removedProperty-controlled administrative review
Access code logs (entry/exit)12 monthsStored as part of visit records
Host accounts after deactivationActive period + 12 monthsManual deactivation by property administrator
System logs30 days rollingAutomatic log rotation
Client organisation recordsService term + 7 yearsManual retention for applicable company records

Retention controls

The current platform enforces the default visitor-data retention schedule automatically. Customer-specific changes must be agreed in writing and implemented by EasyVisit before they are relied on operationally.

What "anonymised" means

When a visitor record reaches the anonymisation point, personal identifiers such as name, phone number, email address, ID/passport number and photo path are cleared. Aggregate statistics such as visit counts and peak hours may remain available without directly identifying the visitor.

Deletion requests

If a data subject requests deletion, EasyVisit will assess the request under POPIA and route it to the customer property where that property is the responsible party. We aim to respond within 30 days, subject to lawful retention requirements and the property's instructions.