Data Retention & Deletion Policy
How long we keep your personal information and what happens when you ask us to delete it.
1. Our Principles
- We retain personal information only as long as necessary for the purpose for which it was collected.
- Where the law requires longer retention (tax, customs, AML), we comply with the longer period.
- When retention expires, data is either anonymised or deleted.
2. Retention Schedule
| Category | Retention period | Reason |
|---|---|---|
| Account profile | Until deletion request + 30 days grace | User-controlled |
| Booking & invoice records | 5 years after relationship ends | SARS / VAT Act |
| Customs & cross-border records | 7 years | Customs Act |
| FICA / KYC documents | 5 years after termination | FIC Act |
| GPS / tracking data | 24 months | Operational dispute window |
| Audit log | 7 years | Compliance & investigations |
| Marketing consent | Until withdrawn | POPIA / GDPR |
| Cookie consent log | 12 months | POPIA / GDPR audit |
| Support tickets | 3 years | Service quality & disputes |
3. Right to Deletion
You may request deletion of your account at any time via /account/privacy. We apply a 30-day grace period during which you can cancel the request and your account remains active. After that, personal data is deleted or irreversibly anonymised, except where we are required to retain it (see schedule above).
4. Anonymisation
Where data must be retained for legal reasons but no longer needs to identify you, we anonymise it: removing names, contact details, and identifiers, while keeping aggregate operational records (route, weight, value bands) for analytics.
5. Backups
Backups are retained for up to 90 days. Deletion requests may take up to that long to propagate fully through our backup cycles.