top of page

Retention and Deletion Policy

At Marvalero, we are committed to handling your data with care, integrity, and in compliance with applicable laws. This Data Retention and Deletion Policy outlines how long data is retained, the conditions under which it is deleted, and the steps users can take to request deletion of their personal information. We have structured our approach to data retention and deletion according to the regulatory standards of the United States and Pakistan to ensure compliance with all relevant legal frameworks.

United States Data Retention and Deletion Policy

In compliance with U.S. federal, state, and industry standards, Marvalero adheres to the following policies for data retention and deletion.

1. Data Retention Standards

Marvalero retains various categories of data for periods defined by U.S. federal and state laws, including the Health Insurance Portability and Accountability Act (HIPAA), Internal Revenue Service (IRS) regulations, and industry standards.

  • Financial and Transaction Data:

    • Retained for a minimum of 7 years in compliance with IRS regulations for financial and business records. This includes all invoices, payment history, and transaction logs related to services provided.

    • Retained to fulfill the requirements of the Dodd-Frank Act, Sarbanes-Oxley Act, and other relevant financial standards.

  • Personal and Contact Information:

    • Retained as long as the user maintains an active account on Marvalero. Upon account deletion, personal information will be deleted, except as required for legal or compliance reasons.

    • Marvalero also anonymizes data where total deletion is not feasible, such as statistical data or aggregated user behavior.

  • Health and Service Data:

    • Retained for 6 years to comply with HIPAA guidelines, ensuring the protection of sensitive health information.

    • Includes any sensitive data related to consumer preferences, specific services, and stylist notes that are subject to HIPAA.

  • Marketing and Communications Data:

    • Retained until the user opts out of marketing communications or for up to 5 years from the date of collection, in alignment with best practices for user engagement data. This covers email subscriptions, preferences, and usage data from digital marketing campaigns.

2. Data Deletion Process

Upon account deletion or upon request for deletion of specific data, Marvalero follows a structured process:

  • Request Initiation: Users can initiate account deletion requests from within the app or through customer support.

  • Verification Process: For security purposes, Marvalero requires identity verification to proceed with deletion.

  • Deletion and Retention Compliance:

    • Personal data, including identifiable information, is permanently removed unless required to fulfill regulatory requirements.

    • Aggregated, anonymized data may be retained indefinitely for analytical and research purposes without user identifiers.

  • Automated Deletion: Marvalero reviews and purges inactive accounts or unused data after 7 years.

3. Recurring Data Reviews and Automated Deletion

To comply with regulatory changes and best practices, Marvalero undertakes periodic reviews of data retention timelines and deletes unnecessary data:

  • Annual Review: Data not actively in use for 7 years is flagged and deleted following regulatory compliance.

  • Deletion of Inactive Accounts: Accounts inactive for over 3 years are subject to automated deletion.

Requesting Data Deletion

For both the U.S. and Pakistan, users can request account deletion by following these steps:

  1. Access Account Settings: Navigate to the “Account” section in the Marvalero app to initiate a deletion request.

  2. Submit Verification Information: Verify identity for security purposes.

  3. Confirmation of Deletion: Once verification is complete, users will receive a confirmation that the deletion process has begun.

Please note that certain data may be retained for compliance with U.S. laws, such as records required for audits, anti-fraud measures, or other regulatory purposes. Aggregated, anonymized data used for research and development is retained without personal identifiers.

Compliance Assurance

Marvalero reviews this Data Retention and Deletion Policy annually or as regulations evolve in the U.S. and Pakistan, ensuring ongoing compliance and protection of user data. This comprehensive approach safeguards Marvalero users while fulfilling legal and regulatory requirements across jurisdictions.

bottom of page