# GateWise NG Data Retention and Deletion Policy

Effective date: 25th May, 2026.

This Policy explains how GateWise NG retains, deletes, anonymizes, and makes personal data unidentifiable when it is no longer needed or when a valid deletion request is approved. GateWise NG is a product of Globulus Technology Limited.

## 1. Purpose

GateWise keeps data only for as long as reasonably necessary to provide the platform, support estate operations, meet legal and accounting obligations, protect safety and security, resolve disputes, and maintain service integrity.

This Policy applies to personal data processed through GateWise for estate administrators, residents, guards, supervisors, visitors, sales partners, support contacts, and other users.

## 2. Retention Principles

GateWise follows these retention principles:

- keep data only for a defined business, legal, security, or operational purpose
- limit access to retained data
- delete or anonymize data when it is no longer needed
- preserve records where required for safety, billing, legal claims, audits, or regulatory obligations
- use anonymized or aggregated records where personal identification is no longer needed

## 3. Standard Retention Guide

Final retention periods may vary by customer agreement, legal obligation, dispute, safety requirement, or estate policy. The table below provides a default operating guide.

| Data Category | Typical Purpose | Default Retention Guide |
| --- | --- | --- |
| Account profile data | Login, role management, support | While account is active, then deleted or anonymized after closure unless required for records |
| Estate administrator data | Estate management and billing | While estate account is active, then retained as needed for business records |
| Resident data | Visitor invitation and estate access operations | While resident is active, then deleted or anonymized after removal subject to estate policy |
| Guard and supervisor data | Gate operations, accountability, device protection | While assigned, then retained as needed for operational and audit records |
| Visitor data | Visitor passes, check-in, checkout, and estate records | Retained according to estate policy, then deleted or anonymized |
| Visitor photos | Identity support where enabled | Retained for the shortest period needed by the estate, then deleted or anonymized |
| Visitor passes | Access validation and usage history | Retained for operational records, then anonymized or deleted |
| Check-in and checkout records | Access log, safety, dispute review | Retained according to estate security policy and legal needs |
| Incident reports | Safety, investigation, and estate operations | Retained while needed for safety, investigation, or legal purposes |
| Payment and subscription records | Billing, accounting, audit, and dispute handling | Retained as required for accounting, tax, legal, and business records |
| OTP and login records | Account security and fraud prevention | Retained for a limited security period, then deleted or anonymized |
| Audit logs | Security, accountability, and abuse prevention | Retained for a security and audit period, then deleted or anonymized where possible |
| Support tickets | Customer support and dispute history | Retained while needed for support, quality, legal, and customer records |
| Backups | Recovery and continuity | Retained for a limited backup cycle, then overwritten or deleted |

## 4. Deletion Requests

Users may request deletion of personal data by contacting GateWise or the relevant estate administrator.

A deletion request should include enough information to verify identity and locate the relevant data, such as:

- name
- phone number or email used on GateWise
- estate name
- role or relationship to the estate
- the specific data or account the request concerns

GateWise may request additional information to verify the request and prevent unauthorized deletion.

## 5. When Deletion May Be Limited

GateWise may be unable to delete all data immediately if retention is needed for:

- legal or regulatory compliance
- tax, billing, or accounting records
- dispute resolution
- fraud prevention
- safety and security investigations
- enforcement of terms or customer agreements
- backup restoration integrity
- protection of another person's rights

Where deletion is limited, GateWise will restrict or minimize retained data where reasonable.

## 6. Anonymization and Making Data Unidentifiable

When a verified deletion request is approved, and no lawful reason requires continued identifiable retention, GateWise may make records unidentifiable to persons instead of deleting the whole record.

This means direct identifiers are removed, masked, replaced, or separated so the record is no longer reasonably linked to an identifiable person. Examples include removing or masking:

- name
- phone number
- email address
- photo
- unit or house reference where it identifies a person
- free-text details that identify a person
- personal visitor notes

GateWise may retain non-identifying records for security, statistics, accounting, incident integrity, service reliability, or aggregate reporting.

## 7. Customer-Managed Data

Some data is controlled by the estate or organization using GateWise. If a request concerns customer-managed data, GateWise may route the request to the Customer or ask the Customer to approve deletion, correction, or anonymization.

Customers should respond to deletion requests promptly and should not retain personal data longer than needed for legitimate estate operations.

## 8. Account Closure

When an account is closed, GateWise may:

- deactivate access
- delete or anonymize account profile data
- retain records required for billing, audit, safety, or legal purposes
- preserve non-identifying operational records
- delete data from active systems after the applicable retention period

## 9. Estate Termination

When a Customer terminates GateWise, data will be handled according to the customer agreement and applicable law. GateWise may provide a reasonable export period where agreed, then delete or anonymize data after the retention period.

## 10. Backups

Deleted data may remain in encrypted or protected backups for a limited period until those backups are overwritten or retired. GateWise does not use backups for routine access to deleted records, except where restoration is required for security, continuity, or legal reasons.

## 11. Deletion Response Timelines

GateWise aims to acknowledge deletion requests within a reasonable time and complete approved requests as soon as practicable, subject to verification, Customer involvement, technical limitations, and legal obligations.

Where additional time is required, GateWise will provide an update where appropriate.

## 12. Contact

For deletion, correction, or privacy requests, contact:

Globulus Technology Limited
Email: privacy@gatewise.ng
Phone: +234 8037 552 346