Pesa Wire

Data Retention & Destruction Policy

Effective Date: 12 July 2026
← All policies
Version: 1.0 · Applies to: All Pesa Wire employees, contractors, and third-party vendors

1. Purpose

The primary purpose of this policy is to ensure that Pesa Wire securely manages, retains, and disposes of corporate, client, and operational data. This policy guarantees compliance with the Ugandan Data Protection and Privacy Act (2019), national Anti-Money Laundering (AML) regulations, and international best practices for digital financial platforms.

Furthermore, this policy aims to:

2. Scope

This policy applies to all physical and digital records generated, processed, or received during company operations. This includes, but is not limited to:

3. Key Definitions

4. Data Retention Schedule

Data will be retained strictly for as long as necessary to fulfill business, legal, or regulatory obligations. Once the retention period expires, data must be destroyed according to Section 5.

Data CategorySpecific Data TypesRetention PeriodDestruction Method
Financial & TaxInvoices, ledgers, transaction records, tax filings7 yearsPermanent digital wipe / shredding
Client/User DataProfiles, KYC documents, service agreementsActive account life + 5 yearsSecure database deletion
Corporate/LegalArticles of incorporation, IP filings, state licensesPermanentN/A
IT & SecurityFirewall logs, access logs, system error reports12 monthsAutomated overwrite
Employee RecordsContracts, payroll, performance reviewsEmployment duration + 3 yearsPermanent digital wipe / shredding
CommunicationsInternal emails, Slack messages, routine memos2 yearsAutomated deletion

5. Data Destruction Protocol

When data reaches the end of its retention period, it must be irretrievably destroyed. Pesa Wire strictly prohibits the discarding of intact physical media or the simple “recycling bin” deletion of sensitive files.

5.1 Digital Data Destruction

5.2 Physical Media Destruction

6. Legal and Regulatory Holds

In the event of a regulatory audit, legal dispute, or formal investigation, the Data Protection Officer (DPO) or Legal Counsel will issue a Legal Hold.

7. Roles and Responsibilities

8. Policy Enforcement and Audits

The IT Management team, in conjunction with the DPO, will conduct annual data audits.

Richard Bigabwa
Chief Executive Officer
Email: support@pesa-wire.com
Website: pesa-wire.com
Main Office (Ntinda): Plot 2114 & 2115, Block 216, Level 6 A6-02, Ntinda, Nakawa Division, Uganda
Branch Office (Town): Kimathi Avenue Plot 2, UAP Insurance Building, Office No. 3, Kampala Central, Uganda