M
Monitrax
Version v1.0-2026-05-24·Effective from 2026-05-24

Data Retention and Deletion Schedule

Effective from: 24 May 2026

This schedule summarises how Monitrax retains, deletes, and de-identifies data.

It should be read together with our Privacy Policy, CDR Policy, and Terms of Service.

1. General retention principle

We keep personal information only for as long as reasonably needed for the purpose for which it was collected, or as required or permitted by law.

We may retain some information for legal compliance, accounting, tax, security, fraud prevention, dispute resolution, backup integrity, audit, or regulatory reasons.

Where information is retained, we limit access and use to the purpose for which it is retained.

2. Active account data

While your account is active, we retain information needed to provide Monitrax, including account data, user-entered financial data, documents, settings, subscriptions, audit logs, and connected data where applicable.

You may export data using available export tools.

3. Account deletion process

When you request account deletion, we start a 30-day cancellable deletion period.

During that period, you may export your data or cancel the deletion request.

After the 30-day period, we delete or de-identify personal information and CDR data in accordance with our Privacy Policy, CDR Policy, and legal obligations.

4. Consumer Data Right data

When CDR consent expires or is withdrawn, we will stop collecting new data under that consent.

We will delete or de-identify relevant CDR data in accordance with applicable CDR rules, privacy safeguards, and our CDR data lifecycle process.

Limited CDR-related records may be retained where required or permitted by law, including consent history, security records, complaint records, and audit records.

5. Payment and billing records

We may retain billing records, invoices, transaction references, subscription history, refund records, and payment metadata for accounting, tax, dispute, fraud prevention, and legal compliance purposes.

We do not store full payment card numbers.

6. Support and complaint records

We may retain support requests, complaints, investigation notes, and related communications for as long as reasonably needed to resolve the issue, maintain records, improve support, and comply with legal obligations.

7. Audit logs and security logs

We retain audit logs and security logs for security, fraud prevention, account integrity, legal compliance, and investigation purposes.

These logs may include sign-in events, consent events, data export events, account changes, administrative access, IP addresses, device information, timestamps, and system events.

Access to these logs is restricted.

8. Backups

Deleted information may remain in encrypted backups for a limited period until the backup is overwritten or deleted in the ordinary course of backup rotation.

Backup data is not used for ordinary business purposes and is access-restricted.

9. De-identification

Where appropriate, we may de-identify information instead of deleting it.

De-identified information should not reasonably identify you.

We may use de-identified or aggregated information to improve Monitrax, understand product performance, maintain security, and develop features.

10. Legal holds

We may delay deletion where information is subject to a legal hold, regulatory request, investigation, dispute, court order, or other legal obligation.

When the reason for the hold ends, we will resume deletion or de-identification where appropriate.

11. User requests

You may request access, correction, export, or deletion by using account settings or contacting us.

We may need to verify your identity before actioning a request.

We may refuse, limit, or delay a request where permitted by law, and will explain why where reasonable and lawful.

Contact

ReNew Holding Company Pty Ltd ACN: 675 267 311 Email: admin@monitrax.com.au Postal address: 10 Fairview St, Guildford NSW 2161, Australia

Version: v1.0-2026-05-24 Effective from: 24 May 2026