Record Retention Policy

Our commitment to regulatory compliance and data management excellence

Quick Navigation

Record Retention Policy

Fleet Management SaaS Platform - Zai Payment Integration

Regulatory Compliance Framework

This policy implements requirements under:

  • AML/CTF Act 2006 - 7 years retention requirement
  • Corporations Act 2001 - 7 years retention requirement
  • Australian Taxation Office - 5 years minimum retention
  • PCI DSS Level 1 Standards - Payment card industry security requirements

All retention periods are calculated from transaction completion or relationship end date, whichever is applicable.

Retention Schedule

The following sections outline specific retention periods and requirements for different types of records maintained by Deliverix.

1. Payment Transactions
Retention Period: 7 years from transaction date

Records Included:

  • All payment instructions and confirmations
  • Disbursement records to drivers
  • Fee calculations and processing records
  • Refund and reversal transactions
  • PayTo agreement records
  • Zai API transaction logs

All payment transaction records are encrypted and stored in secure, access-controlled environments compliant with PCI DSS standards.

2. Customer Verification Documents
Retention Period: 7 years from relationship end

Records Included:

  • Identity verification records (drivers, companies, beneficial owners)
  • KYC/AML documentation
  • Zai user account creation records
  • Bank account verification data
  • Beneficial ownership declarations
  • Due diligence assessments

Customer verification documents are maintained in accordance with AML/CTF Act 2006 requirements and are subject to strict access controls.

3. Dispute & Chargeback Records
Retention Period: 7 years from dispute resolution

Records Included:

  • Dispute notifications and responses
  • Supporting evidence and communications
  • Resolution outcomes
  • Chargeback documentation
  • AFCA complaint records

All dispute-related records are maintained with full audit trails to support regulatory reviews and legal proceedings if required.

4. Financial Records
Retention Period: 7 years (GST records minimum 5 years)

Records Included:

  • Tax invoices and receipts
  • GST records (minimum 5 years per ATO requirements)
  • Financial statements
  • Payment reconciliation reports
  • Fee and commission records
  • Bank statements

Financial records are maintained in compliance with Australian Taxation Office and Corporations Act requirements for audit and tax purposes.

5. Communication Logs
Retention Period: 7 years from communication date

Records Included:

  • Customer service interactions
  • Compliance notifications
  • Zai platform communications
  • Email correspondence related to transactions
  • SMS/push notifications for payments

Communication logs are retained to provide evidence of customer interactions, service delivery, and compliance notifications.

6. Audit & Compliance Records
Retention Period: 7 years from program end

Records Included:

  • AML/CTF program documentation
  • Risk assessment reports
  • Compliance monitoring records
  • Internal audit reports
  • Regulatory submission records
  • Policy change history

Audit and compliance records demonstrate our ongoing commitment to regulatory requirements and internal governance standards.

7. System & Security Logs
Retention Period: 7 years from log creation

Records Included:

  • Transaction processing logs
  • Authentication/access logs
  • API integration logs (Zai)
  • Security incident records
  • PCI DSS compliance evidence
  • Data encryption audit trails

System logs are critical for security monitoring, incident response, and demonstrating compliance with PCI DSS and data protection requirements.

Storage Requirements

All records maintained under this policy must meet the following storage standards:

Format

Electronic or hard copy (electronic preferred for efficiency and accessibility)

Security

Encrypted, access-controlled storage with role-based permissions and audit logging

Accessibility

Retrievable within 24 hours for regulatory audits, investigations, or legal proceedings

Backup

Redundant storage with disaster recovery procedures and regular backup testing

Retention Trigger

All retention periods are calculated from the transaction completion date or relationship end date, whichever is applicable to the specific record type.

Secure Disposal

After the retention period expires, records are securely destroyed using industry-standard methods including:

  • Secure deletion of electronic records with overwriting
  • Shredding of physical documents
  • Documented disposal with audit trails
  • Compliance with privacy and data protection regulations
Policy Compliance & Review

This Record Retention Policy is reviewed annually and updated as necessary to reflect:

  • Changes in regulatory requirements
  • Updates to business operations
  • Technology improvements
  • Audit findings and recommendations

Important: All staff members are required to comply with this policy. Violations may result in disciplinary action and potential legal consequences.

Contact Information

For questions regarding record retention or to request access to retained records:

Deliverix Pty Ltd
ABN: 72 656 095 251
19 Domain Drive, Beveridge, Victoria 3753, Australia
Email: info@deliverix.com.au
Compliance Officer: compliance@deliverix.com.au

Business Hours: Monday-Friday, 9:00 AM - 5:00 PM AEST