Retention and Deletion Policy

Effective date: 29 March 2026
Last updated: 29 March 2026

This Retention and Deletion Policy explains how EviWrite ("EviWrite", "we", "us", or "our") approaches retention, deletion, preservation, and lifecycle management for information processed in connection with the EviWrite website, public services, authorised channels, and evidential operations.

This page is intended to explain principles and posture. It is not a promise that every category of information has the same retention period, nor does it override legal obligations, contractual requirements, or preservation duties.

1. Why retention matters here

EviWrite operates in an evidential context. That means deletion cannot be approached as a casual hygiene gesture detached from what the records are for.

Some information should not be kept longer than necessary. Other information may need to be retained precisely because it supports auditability, verification, integrity, dispute handling, or legal accountability later.

This policy exists to make that balance explicit.

2. General retention principle

EviWrite seeks to retain information:

• for no longer than reasonably necessary for the purpose for which it is processed;
• for as long as necessary to operate safely and lawfully;
• for as long as necessary to preserve evidential integrity, auditability, and system trust where those functions depend on record continuity;
• for longer where legal, regulatory, contractual, dispute-related, or security-related reasons justify continued retention.

Deletion is not automatic just because a record is old. Retention is not automatic just because storage is cheap.

3. Categories of information

Different categories of information may be retained differently depending on their purpose.

These may include, for example:

• public website access and technical logs;
• contact and correspondence records;
• authorised account and partner administration information;
• evidential records, fingerprints, hashes, timestamps, and receipt-related data;
• verification and status records;
• blockchain-related anchoring records;
• security, abuse-prevention, and audit logs;
• legal hold and dispute-related materials;
• internal operational records relevant to integrity and accountability.

4. Public website and technical logs

EviWrite may retain public-site technical logs, access records, and related security information for as long as reasonably necessary to:

• operate and secure the site;
• diagnose incidents or failures;
• investigate abuse, scraping, or malicious activity;
• support rate limiting, threat detection, and system integrity;
• establish or defend legal claims;
• comply with lawful obligations.

These logs are not retained forever by default, but neither are they deleted blindly where they remain operationally or legally relevant.

5. Contact and correspondence

If someone contacts EviWrite, correspondence and related records may be retained for as long as reasonably necessary to:

• respond to the enquiry;
• manage follow-up;
• maintain business, legal, or operational context;
• preserve a record of material representations, notices, or requests;
• address later disputes, complaints, or legal issues arising from the communication.

6. Evidential and verification records

Because EviWrite acts as an evidential and verification layer, certain records may need to be retained for longer than ordinary website data.

This may include, for example:

• hashes or fingerprints;
• timestamps;
• receipt records;
• status records;
• anchoring and chain-related records;
• verification interpretation data;
• audit records supporting issuance and integrity.

The point of such records is often to remain available or defensible later. Deleting them casually would defeat their function.

7. What EviWrite generally does not retain as standard content custody

EviWrite does not generally position itself as retaining underlying customer file contents as a standard public-service model.

That means this retention policy is primarily concerned with evidential, operational, administrative, and technical data within EviWrite’s role, rather than broad content-library storage.

That distinction matters. Retention analysis should follow the real service model, not a borrowed one.

8. Partner and authorised-channel records

Where EviWrite operates through authorised institutions, licensees, or approved third parties, some records may be retained for as long as reasonably necessary to:

• support the authorised relationship;
• maintain service continuity;
• preserve auditability;
• evidence compliance with operating rules;
• investigate misuse or non-conformance;
• support contractual enforcement or dispute handling.

Retention responsibility may also be divided across parties depending on who holds which part of the workflow.

9. Security, abuse, and incident records

Security-related data may be retained where necessary to:

• investigate suspicious activity;
• preserve evidence of attacks, abuse, or attempted compromise;
• analyse repeated malicious patterns;
• support remediation, forensics, or legal escalation;
• improve future protections.

Where hostile or abusive activity occurs, EviWrite may retain relevant records longer than it would retain ordinary benign traffic.

10. Legal holds and preservation overrides

Ordinary deletion timelines may be suspended where EviWrite reasonably determines that preservation is necessary, including for example where:

• litigation is pending or reasonably anticipated;
• a valid preservation request has been received;
• a disclosure demand, court order, or regulatory request applies;
• an internal investigation is ongoing;
• a dispute, complaint, or enforcement matter requires record preservation;
• destruction would create legal or evidential risk.

Where a legal hold or preservation obligation applies, relevant records may be retained until that obligation is lifted or the matter is closed.

11. Deletion does not always mean disappearance everywhere instantly

Deletion can mean different things depending on the system layer.

For example, deletion may involve one or more of the following:

• removal from active interfaces;
• removal from active databases;
• expiry from routine operational storage;
• removal from live account access;
• later expiry from backups under ordinary rotation cycles;
• continued preservation in audit or legally required records where deletion is not appropriate.

A record may therefore be deleted from ordinary active use before every residual copy disappears from every technical layer.

12. Backups and recovery copies

EviWrite may maintain backup, continuity, and disaster-recovery copies as part of responsible service operation.

Where information exists in backup or recovery layers, deletion from primary systems may not result in immediate deletion from every backup medium. Those copies may instead age out under normal backup lifecycle and recovery controls, unless a legal or operational reason requires otherwise.

13. Requests for deletion

Where applicable law gives a person or organisation the right to request deletion of personal data, EviWrite may assess and respond to that request in accordance with the law and the actual role EviWrite is performing.

Deletion rights are not absolute. EviWrite may refuse, limit, or defer deletion where retention remains necessary, including for reasons such as:

• compliance with law;
• evidential integrity;
• legal claims or defence;
• fraud, abuse, or security investigation;
• auditability;
• contractual requirements;
• preservation obligations.

14. Accuracy of role boundaries

EviWrite cannot delete information it does not control, and is not the correct deletion point for all information that may exist within a broader partner-led workflow.

Where underlying user information, source-system records, or related workflow records are held primarily by an authorised institution, licensee, or third party, the correct deletion request may need to be directed to that party as well.

15. Public pages and published materials

EviWrite may update, replace, archive, supersede, or remove public pages and materials over time.

In some cases, a page may cease to be current but still be retained internally or publicly in archived form for governance, traceability, reference, or legal reasons. Removal from navigation is not always the same thing as destruction.

16. No fixed universal schedule stated here

EviWrite does not publish a single universal table of retention periods on this page for every possible data category, because retention may depend on:

• system function;
• legal context;
• workflow design;
• partner role;
• security need;
• dispute status;
• operational architecture.

What matters is the principle: bounded retention where possible, continued retention where justified.

17. Changes to this Policy

EviWrite may update this Policy from time to time to reflect changes in service design, infrastructure, legal obligations, or record-governance posture.

18. Contact

For retention, deletion, or data-lifecycle enquiries, contact:

contact@eviwrite.com

Final point

In an evidential system, deletion is not virtue by itself. The real standard is whether records are kept for the right reasons, removed when they no longer need to exist, and preserved when destroying them would create a worse problem later.