Data Retention Policy
Last updated: March 25, 2026
1. Overview
This Data Retention Policy describes how long Monerixa ("we", "us", "the Platform") retains different categories of data and when data is deleted. This policy supplements our Privacy Policy.
We retain data only as long as necessary to fulfill the purpose for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Where possible, we automate deletion to minimize human error.
2. Retention Schedule
The following table summarizes the retention period for each category of data we store:
| Data Category | Retention Period |
|---|---|
| Encrypted files & text content | Until paywall expires or creator deletes |
| Content metadata (title, description, price) | Until paywall expires or creator deletes |
| Payment records | Indefinite (mirrors permanent on-chain data) |
| Content access records | Lifetime of associated content |
| Download tokens | Short-lived; automatically expire |
| Credit history | Indefinite (financial audit trail) |
| Platform credit balances | Indefinite (represents redeemable value) |
| Deposit refund records | Indefinite (fraud prevention) |
| Content edit history | Lifetime of associated content |
| DMCA takedown requests | Permanent (legally required) |
| Abuse reports | Operational lifetime of platform |
| Wallet ban records | Indefinite (including lifted bans) |
| Malware scan records | Indefinite (security audit trail) |
| Rate-limiting data | Temporary; not persisted to storage |
| Server logs | Minimum necessary for operations |
3. Content Lifecycle
3.1 Active Content
Uploaded content is encrypted at rest and remains accessible to paying buyers for the duration set by the creator. Content is stored securely and deduplicated to minimize storage use.
3.2 Expired Content
When a paywall's access period ends, the system automatically removes the content and its associated data. Encrypted files are permanently deleted from disk once no remaining paywall references them. Content undergoing an active malware scan is not deleted until the scan process completes, to protect creator deposits.
3.3 Creator-Deleted Content
Creators may delete their content at any time, subject to a temporary buyer protection period after recent purchases. Deletion is immediate and irreversible.
3.4 Moderation-Removed Content
Content removed by an administrator (due to policy violation, DMCA takedown, or malware detection) is immediately inaccessible and the encrypted file is permanently deleted. Associated legal and moderation records (DMCA requests, abuse reports, scan results) are preserved permanently for compliance and audit purposes.
4. Financial Records
4.1 Payment Records
All payment transactions are recorded permanently. Since this data is already publicly and permanently recorded on the Solana blockchain, our database retention does not create additional privacy exposure. These records are necessary for financial record-keeping, dispute resolution, deposit refund eligibility, buyer access verification, and creator earnings history.
4.2 Credit History
Every platform credit change (earning or spending) is recorded in an audit trail. This includes the type, amount, reason, and associated content. Credit history is retained indefinitely to support creator transparency (viewable in the dashboard), financial reconciliation, dispute resolution, fraud detection, and regulatory compliance.
4.3 Deposit Refund Tracking
When a deposit is refunded as platform credits, the original transaction is recorded permanently to prevent the same deposit from being used more than once. These records serve a critical anti-fraud function and are retained indefinitely.
5. Security & Moderation Records
5.1 DMCA Takedown Requests
All DMCA takedown requests are retained permanently, regardless of outcome. This is required by 17 U.S.C. §512 and serves as a permanent legal record of the notice-and-takedown process.
5.2 Abuse Reports
Content abuse reports are retained for the operational lifetime of the platform. These records enable pattern detection, enforcement history, and appeal processing.
5.3 Wallet Bans
Wallet ban records are retained indefinitely to prevent banned wallets from regaining access. Records for lifted bans are preserved for audit purposes.
5.4 Malware Scan Records
Scan results are retained indefinitely for security audit purposes, even after the associated content is deleted. Infected files are deleted from disk immediately upon detection.
Per-wallet infected upload counts are retained indefinitely to enforce the graduated deposit penalty policy. After a lifetime threshold of infected uploads, deposits are retained rather than refunded. This count is never reset, as it serves as a long-term trust signal.
6. Ephemeral Data
Certain data is stored only temporarily and is never persisted to permanent storage:
- Rate-limiting counters — stored in memory only, not persisted to disk or database, and automatically expire based on configured time windows.
- Download tokens — short-lived, cryptographically signed tokens that automatically expire and cannot be revoked. They are not stored in a database.
- Search cache — temporary in-memory cache that is not persisted and is cleared on server restart.
7. Server Logs
Server logs may contain wallet addresses, content IDs, and event metadata. Logs never contain plaintext content, encryption keys, or full IP addresses. Log retention is configured to the minimum period necessary for operational debugging and security incident response. We do not use logs for analytics, advertising, or profiling.
8. On-Chain Data
USDC payment transactions are recorded permanently on the Solana blockchain. These records are public, immutable, and outside of Monerixa's control. We cannot delete, modify, or redact on-chain data. Wallet addresses are pseudonymous but may be linkable to real-world identities through on-chain analysis by third parties — this is inherent to public blockchains.
9. Your Rights
9.1 Creator Data Deletion
Creators can delete their own paywalls at any time (subject to buyer protection). Deleting a paywall removes the content, associated metadata, access records, and edit history. Credit history and credit balances are not affected by content deletion — they are independent financial records.
9.2 Limitations on Deletion
Certain data cannot be deleted upon request due to legal requirements or platform integrity:
- DMCA records — required by copyright law
- Wallet ban records — necessary for platform safety
- Credit history — financial audit trail
- Deposit refund records — fraud prevention
- On-chain transaction data — immutable and outside our control
9.3 Regulatory Requests
If you are a resident of a jurisdiction with data protection rights (GDPR, CCPA/CPRA, LGPD, PIPEDA, or similar), you may request information about what data we hold associated with your wallet address, and request deletion where legally permissible. See our Privacy Policy for detailed instructions.
10. Data Breach Notification
In the event of a data breach affecting personal data, we will notify affected users and relevant regulatory authorities in accordance with applicable law. Because we do not collect names, emails, or other traditional PII, breach notification will be communicated via platform-wide announcements. The pseudonymous nature of wallet-based identity limits the personal impact of most breach scenarios.
11. Policy Changes
We may update this Data Retention Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. Material changes to retention periods will be announced prominently on the platform. Continued use of the platform after changes constitutes acceptance.
12. Contact
For questions about this Data Retention Policy or to exercise your data rights, contact us at privacy@monerixa.com.
See also: Terms of Service · Privacy Policy · Content Policy · DMCA Policy