Issued by Krepling Inc.
Effective Date: 20th June 2025
This Data Retention Policy outlines how Krepling Inc. (“Krepling”) collects, retains, stores, and deletes data associated with its payment processing service, Krepling Pay. This policy ensures compliance with legal, regulatory, and business requirements, and provides transparency to merchants and users.
What This Means:
This document explains how long we keep different types of data and what happens to it afterward.
This policy applies to all data collected through Krepling Pay, including:
Personal and business account information
Transaction records
Payment method data (e.g., tokenized card info)
Customer support interactions
Analytics and behavioral data
What This Means:
This policy covers all the information we collect through our payment platform.
We retain data in accordance with:
PCI DSS (Payment Card Industry Data Security Standards)
GDPR (General Data Protection Regulation)
CCPA (California Consumer Privacy Act)
BSA (Bank Secrecy Act) and FinCEN guidelines
What This Means:
We follow global and U.S. laws that regulate how long we must keep financial and personal data.
| Data Type | Retention Period |
|---|---|
| Merchant account records | 5 years after account closure |
| Transaction records | 7 years from transaction date |
| Tokenized payment credentials | Until token deactivation or consent withdrawal |
| Customer service communications | 2 years |
| Fraud investigation logs | 7 years |
| Website analytics data (non-personal) | 13 months |
What This Means:
We keep different types of data for different lengths of time depending on legal and operational needs.
Krepling uses secure tokenization technology to store payment credentials for customers who opt-in to our One-Click Checkout experience. This involves:
Replacing sensitive card data with non-sensitive tokens
Storing only token references, never actual card data
Allowing customers to check out faster without re-entering details
What This Means:
We never store your full card number. If you choose One-Click Checkout, your info is saved securely using tokens.
We only retain data that is necessary for compliance, operations, or service delivery.
Retention periods are reviewed annually.
Non-essential data is deleted or anonymized as soon as possible.
What This Means:
We regularly check what data we store and delete anything we don’t need.
At the end of the retention period:
Personal data is securely deleted using industry-standard tools.
Token references are deleted from all systems.
Paper records (if any) are shredded securely.
What This Means:
We use secure methods to delete data when we no longer need it.
Users and merchants may:
Request deletion of their personal data (where permitted by law)
Request data exports for review or compliance
Withdraw consent for One-Click Checkout token storage
What This Means:
You can ask us to delete or export your data at any time, if the law allows it.
Certain data may be retained beyond the standard period:
In response to law enforcement or regulatory investigations
For legal claims, disputes, or audits
If required by contract or card network rules
What This Means:
Sometimes we have to keep data longer, especially for legal or regulatory reasons.
If you have questions about this Data Retention Policy or wish to exercise your rights, contact: Email: privacy@krepling.com
If required by contract or card network rules
What This Means:
You can contact us if you want to know more or take action regarding your data.
