Data Retention Policy
Last updated: March 30, 2026
1. Purpose & Scope
This Data Retention Policy governs the retention, storage, and destruction of all data collected, processed, and maintained by Glide, a Dollar Continuity Account service operated by Axtior Inc. The policy applies to all categories of data handled across all systems, services, and third-party integrations used in the delivery of the Service.
The purpose of this policy is to ensure that data is retained for the minimum period necessary to fulfill legal, regulatory, and business requirements, and that data is securely destroyed when it is no longer needed. This policy balances the need for regulatory compliance (particularly BSA/AML record-keeping obligations) with user privacy rights and data minimization principles.
This policy covers data across all stages of its lifecycle: collection, processing, storage, access, transfer, archival, and destruction. It applies to data stored in databases, file storage systems, backup media, logs, and any other medium used to record information in connection with the Service.
All Axtior Inc. employees, contractors, and third-party vendors who handle data on behalf of Glide are required to comply with this policy. Violations may result in disciplinary action, termination, or legal consequences.
2. Data Classification
All data handled by Glide is classified into one of four categories based on its sensitivity, regulatory significance, and retention requirements. Data classification determines the applicable retention period, encryption requirements, access controls, and destruction procedures.
Personally Identifiable Information (PII)
Full legal name, date of birth, Social Security Number (or national identification number), residential address, email address, phone number, government-issued ID images, and selfie photographs. PII is the highest sensitivity classification and is subject to the strictest access controls and encryption requirements. PII collected for KYC/CIP purposes is also classified as a BSA compliance record.
Financial Data
Transaction records (deposits, withdrawals, transfers, and card purchases), account balances, account statements, linked bank account details, cryptocurrency wallet addresses, and conversion records. Financial data is classified as high sensitivity and is subject to BSA record-keeping requirements for transactions associated with compliance events (SARs, CTRs, alerts).
Compliance Data
Suspicious Activity Reports (SARs) and supporting documentation, Currency Transaction Reports (CTRs), alert investigation case files and disposition records, Chainalysis sanctions screening logs, OFAC screening results, KYC verification records, Enhanced Due Diligence documentation, and all correspondence related to compliance matters. Compliance data carries the longest mandatory retention period.
Operational Data
Application logs, server metrics, error reports, performance monitoring data, login and session data, API request logs, and system health metrics. Operational data has the lowest sensitivity classification and the shortest retention period, as it is primarily used for system maintenance, debugging, and performance optimization.
3. Retention Schedule
The following retention schedule specifies the minimum retention period for each data category. Data may be retained beyond the minimum period if there is an active legal hold, ongoing investigation, or other legitimate business need, but must not be retained beyond the maximum period unless legally required.
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| BSA Records (SARs, CTRs, alerts) | 5 years from creation | 31 CFR 1010.430 |
| KYC/CIP Documentation | 5 years post-account closure | 31 CFR 1020.410 |
| Alert Investigation Files | 5 years from disposition | BSA/AML best practices |
| Chainalysis Screening Logs | 5 years from screening date | OFAC compliance |
| PII (non-compliance) | Active account + 5 years | BSA + privacy regulations |
| Transaction Records | 5 years from transaction date | 31 CFR 1010.410 |
| Training Records | 5 years from training date | BSA program requirements |
| Operational Logs | 1 year from creation | Business operations |
Retention periods represent the minimum required. Data subject to active legal holds or ongoing investigations is retained until the hold or investigation is resolved, regardless of the standard retention period.
4. BSA Override
The Bank Secrecy Act imposes a mandatory 5-year retention period for all BSA-related records, including transaction records associated with SARs and CTRs, KYC/CIP identification documents, alert investigation files, and sanctions screening results. This retention requirement is a legal obligation that cannot be waived or shortened.
The BSA 5-year retention requirement explicitly overrides data deletion rights granted under other privacy regulations, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and similar state, federal, or international data protection laws. When a user exercises their right to deletion, we will delete all data that is not subject to the BSA retention override.
Data that falls within the BSA override will be retained for the full 5-year period even if the user closes their account, requests deletion, or revokes consent. We will clearly communicate to users which categories of their data are subject to the BSA override and the expected retention timeline.
Upon expiration of the BSA retention period, BSA-classified data is eligible for destruction in accordance with the Data Destruction procedures described in Section 7 of this policy. The compliance team is responsible for tracking retention expiration dates and initiating destruction workflows in a timely manner.
5. Encryption Standards
All data stored by Glide is encrypted at rest using AES-256 (Advanced Encryption Standard with 256-bit keys), which is the encryption standard recommended by NIST and used by the US government for protecting classified information. AES-256 encryption is applied to all database fields containing PII, financial data, and compliance records.
All data transmitted between Glide systems, between Glide and third-party providers, and between Glide and end users is encrypted in transit using TLS 1.3 (Transport Layer Security version 1.3). TLS 1.3 provides forward secrecy, ensuring that a compromise of long-term keys does not compromise past session data.
Encryption keys are managed through environment-scoped secrets, meaning that each deployment environment (development, staging, production) uses its own set of encryption keys. Production keys are never used in non-production environments, and key access is restricted to authorized infrastructure personnel.
Key rotation is performed on a regular schedule: data encryption keys are rotated annually, and key encryption keys (used to protect data encryption keys) are rotated every two years. All key rotation events are logged and auditable.
6. Backup & Disaster Recovery
Glide maintains a comprehensive backup strategy to ensure data durability and business continuity. Full encrypted backups of all databases and critical data stores are performed daily. Incremental backups are performed continuously throughout the day to minimize potential data loss in the event of a system failure.
Backup data is retained for 30 days on a rolling basis. Backups older than 30 days are automatically purged to prevent unnecessary data retention. Monthly archival backups are retained for the duration of the applicable retention period for the data they contain.
Geographic redundancy is achieved through the cloud provider's multi-region infrastructure. Primary data and backups are stored in geographically separated data centers to protect against regional outages, natural disasters, and other catastrophic events. All backup data is encrypted at rest using the same AES-256 standard applied to primary data.
Disaster recovery procedures are tested quarterly through tabletop exercises and annually through a full recovery drill. The recovery time objective (RTO) is 4 hours, and the recovery point objective (RPO) is 1 hour for all critical systems. Test results are documented and reviewed by the infrastructure and compliance teams.
7. Data Destruction
When data reaches the end of its retention period and is not subject to any legal hold or ongoing investigation, it is destroyed using secure deletion methods that ensure the data cannot be recovered. The destruction method depends on the data classification and storage medium.
For database records, secure deletion involves cryptographic erasure (destroying the encryption keys that protect the data) followed by overwriting the storage blocks. For file-based data (such as KYC document images), files are securely overwritten using a multi-pass method before deletion. For backup media, the entire backup set is cryptographically erased when its retention period expires.
For compliance-classified data (SARs, CTRs, alert files, and screening logs), a Certificate of Destruction is generated upon completion of the destruction process. The certificate records the data destroyed, the date of destruction, the method used, and the identity of the person who authorized and performed the destruction. Certificates of Destruction are retained permanently as part of the compliance program documentation.
Data destruction is performed by authorized personnel only, following a documented approval workflow. The compliance team maintains a destruction calendar that tracks upcoming retention expiration dates and scheduled destruction events.
8. GENIUS Act Compliance
The GENIUS Act (Guiding and Establishing National Innovation for US Stablecoins), signed into law in July 2025, classifies issuers and operators of payment stablecoins as “financial institutions” under the Bank Secrecy Act. This designation subjects stablecoin- related operations to the full suite of BSA compliance requirements, including customer identification, transaction monitoring, suspicious activity reporting, and record-keeping.
As a service that facilitates stablecoin deposits and withdrawals (USDC and USDT on Solana), Glide falls within the scope of the GENIUS Act's BSA requirements. Our compliance program has been designed from the outset to meet the standards expected of financial institutions, including the 5-year record retention requirement for all BSA-related records.
FinCEN is expected to publish implementing rules for the GENIUS Act by July 2026. We are monitoring the rulemaking process and will update our policies, procedures, and technical systems as necessary to comply with any new requirements. Our modular compliance architecture is designed to accommodate regulatory changes with minimal disruption to the Service.
Specific areas we are monitoring for GENIUS Act implementing rules include: stablecoin-specific SAR filing requirements, enhanced record-keeping obligations for stablecoin transactions, custody and reserve reporting requirements, and any new requirements for cross-chain transaction monitoring.
9. Vendor Data Handling
Each of Glide's third-party service providers handles data in accordance with their own policies and applicable regulatory requirements. We select vendors who maintain data handling standards consistent with our own, and we include data protection requirements in all vendor agreements.
Privy
Privy processes authentication data and provisions embedded wallets. Privy operates under California law and commits to data deletion upon account closure, subject to any legal retention requirements. User email addresses and authentication tokens are the primary data elements shared with Privy. Upon user account closure at Glide, we request deletion of associated data from Privy.
Bridge
Bridge processes KYC identity data, issues virtual cards, and handles stablecoin conversions. As a financial services provider, Bridge retains financial data in accordance with applicable regulatory requirements, which may extend beyond the duration of the customer relationship. Bridge's retention practices are governed by their own privacy policy and applicable financial regulations.
Column N.A.
Column N.A. is a nationally chartered, FDIC-insured bank that holds customer deposits and processes fiat transfers. As a regulated depository institution, Column is subject to extensive federal record-keeping requirements, including BSA, FDIC, and OCC regulations. Column retains transaction and customer data in accordance with these regulatory obligations, which typically require 5-year minimum retention.
Chainalysis
Chainalysis receives cryptocurrency wallet addresses for sanctions screening purposes. No personally identifiable information is shared with Chainalysis — only wallet addresses and the associated screening results. Chainalysis screening results are retained by Glide for 5 years in accordance with our BSA record-keeping obligations. Chainalysis's own data retention practices are governed by their privacy policy.
10. Policy Review
This Data Retention Policy is reviewed and updated on an annual basis to ensure it remains current with regulatory requirements, industry best practices, and the evolving needs of the Service. The annual review is conducted by the BSA Compliance Officer in coordination with the legal, engineering, and operations teams.
In addition to the annual review, this policy is reviewed and updated whenever there are material changes to: applicable laws or regulations (such as new FinCEN rules under the GENIUS Act), the Service's technical architecture or data flows, the vendor ecosystem (addition or removal of third-party providers), or the findings of independent testing or regulatory examinations.
Changes to this policy are communicated to all Axtior Inc. staff through internal channels and are incorporated into the annual AML training program. Material changes that affect user rights or obligations are communicated to users via email, in accordance with the notice requirements described in our Terms and Conditions.
The version history of this policy is maintained, and previous versions are archived for reference. The current version and its effective date are displayed at the top of this document.