Here is more information on how long the data retention is for COF data and if a merchant wants to delete COF data, how to go about it:
In case the customer requests personal data to be deleted from the transactions, the following information is mandatory to be provided to ACI HELP24:
- Channel entity id
- Shopper email address OR/AND set of merchant order IDs (for example, merchantTransactionId) OR/AND set of transactions UUIDs
ACI HELP24 will analyze the request and return to the customer with a set of transaction UUIDs found to delete personal data. Once confirmed by the customer, ACI HELP24 will resolve the ticket. Before confirming, the customer should know that:
- Once personal data is deleted from the transactions, they should never refer back to these transactions
- Personal data coming from the banks in the connector details will stay untouched due to business reasons
- Credit card numbers are not removed and will continue to stay protected as per PCI regulations
- For some alternative payment methods such as PayPal, email addresses in the account number will stay untouched due to business reasons
- Everything else will get deleted within the confirmed set of transactions; the transactions themselves will not get deleted
If a merchant queries this information please remove any ACI terms and anything that are associated with them.