This schedule explains how Parinay treats active profile data, deletion, and limited records that may remain briefly for security, fraud prevention, or compliance reasons.
Member profile and account state
Data: profile fields, partner preferences, photos, visibility controls
Retention window: While the account remains active.
Deletion trigger: Member self-serve deletion or admin-led account removal.
After deletion: Profile rows, interests, shortlist rows, block rows, and stored profile photos are deleted from the primary runtime path.
Member surfaces: /dashboard/profile, /dashboard/settings/delete-account
Core member data is used for matchmaking and disappears from the product experience after deletion.
Communication preference history
Data: notification preferences, marketing consent changes, cookie preference changes
Retention window: While the account remains active.
Deletion trigger: Account deletion.
After deletion: User-linked privacy_audit_log rows are removed with the account because they reference auth.users directly.
Member surfaces: /dashboard/settings/notifications, /dashboard/settings/privacy/consent-records
A separate hashed deletion case log remains for compliance evidence after user-linked rows are erased.
Hashed erasure case log
Data: hashed user reference, deletion timestamps, technical outcome
Retention window: 24 months from completion unless counsel sets a shorter legal-defense window.
Deletion trigger: Retention window expiry or counsel-approved override.
After deletion: Retained as a non-reversible operational record without live profile data.
Member surfaces: /privacy/retention, /dashboard/settings/delete-account
Used to prove a deletion request was completed without keeping the member account itself.
Privacy rights request queue
Data: request type, requested processing scope, jurisdiction, encrypted rationale
Retention window: Open while the request is active; resolved or rejected entries are retained for 24 months.
Deletion trigger: Retention sweep after the request has been resolved or rejected for 24 months.
After deletion: Resolved queue entries are removed by the privacy retention sweep so the workflow does not retain old case notes indefinitely.
Member surfaces: /dashboard/settings/privacy/rights-requests, /privacy/operations
The rationale body is stored in encrypted form when PARINAY_FIELD_ENCRYPTION_KEY is configured.
Account recovery intake
Data: registered mobile, recovery email, requested new mobile, encrypted notes
Retention window: Open while recovery is unresolved; resolved or rejected entries are retained for 180 days.
Deletion trigger: Retention sweep after support has resolved or rejected the request and the short window expires.
After deletion: Resolved recovery intake rows are removed by the retention automation script to reduce long-lived support intake data.
Member surfaces: /recover, /help/account-access
Freeform notes and requested replacement numbers are stored in encrypted form when field encryption is configured.
OTP delivery and gateway metadata
Data: phone number, OTP delivery result, gateway response metadata
Retention window: Vendor- and security-policy controlled; intended to remain short-lived.
Deletion trigger: Provider retention expiry plus any local incident review requirement.
After deletion: Parinay may rely on the provider or platform retention policy for delivery/security logs outside the profile tables.
Member surfaces: /login, /recover, /help/account-access
MSG91 or any future delivery provider must publish launch-ready retention terms before production rollout.
Platform request and diagnostic logs
Data: IP address, request metadata, platform diagnostics
Retention window: Short operational window set by the hosting platform and incident policy.
Deletion trigger: Platform log rotation and retention expiry.
After deletion: Operational logs may persist briefly outside the member profile tables for security, fraud, or service debugging.
Member surfaces: /privacy/operations, /cookies
This standalone build keeps diagnostics limited, does not activate third-party ad tracking, and can forward structured telemetry to a managed observability vendor if enabled.
