DATA RETENTION POLICY

Effective Date: 16/05/2026

Last Updated: 16/05/2026

The Company ARCHA MEDIA  PRIVATE LIMITED  is incorporated under the Companies Act, 2013 and operates a digital news media platform through its website and mobile application. The Platform is operated under the trademark “NEWS NEXT”, which is legally owned by the Company through a valid Assignment Deed transferring full rights, title, and interest.

This Data Retention Policy (“Policy”) is issued, adopted, implemented, and maintained by ARCHA MEDIA  PRIVATE LIMITED  (hereinafter referred to as the “Company”, “Organization”, “Platform”, “Website”, “We”, “Us”, or “Our”) for the purpose of establishing lawful, transparent, secure, accountable, and compliant procedures governing the collection, storage, preservation, archival, retention, deletion, destruction, and management of personal data, sensitive information, business records, digital assets, communication records, journalistic materials, subscriber information, advertising data, analytical information, and all other forms of electronic or physical records processed through the operation of the Company’s news media platform, digital publication services, websites, mobile applications, social media interfaces, subscription systems, advertising systems, content management systems, and associated technological infrastructure.

This Policy is intended to ensure compliance with applicable laws including but not limited to the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, intermediary regulations, cyber security directions issued by governmental authorities, consumer protection laws, contractual obligations, evidentiary laws, taxation laws, employment laws, intellectual property laws, journalism standards, regulatory guidelines, and applicable international privacy and data protection laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), e Privacy rules, and related legal frameworks wherever applicable.

This Policy shall be read together with the Privacy Policy, Cookie Policy, Terms and Conditions, Cyber security Policy, Data Processing Agreement, Acceptable Use Policy, Community Guidelines, and all other policies published by the Company.

1. PURPOSE OF THIS POLICY

The purpose of this Policy is to establish lawful and systematic procedures governing the duration for which data and records shall be retained, archived, preserved, secured, reviewed, deleted, or destroyed by the Company.

The Company recognizes that excessive retention of data may increase cyber security risks, privacy concerns, regulatory liabilities, operational inefficiencies, litigation exposure, reputational harm, and unauthorized access risks.

The Company further recognizes that certain categories of records are legally required to be retained for prescribed periods under statutory, contractual, evidentiary, taxation, employment, regulatory, journalistic, and cyber security obligations.

Accordingly, this Policy seeks to balance legal compliance requirements, operational necessity, journalistic integrity, cyber security obligations, evidentiary preservation, public interest responsibilities, and individual privacy rights.

2. APPLICABILITY

This Policy shall apply to all directors, officers, employees, editors, journalists, contributors, consultants, interns, contractors, vendors, data processors, advertisers, affiliates, subscribers, registered users, platform administrators, third-party service providers, and all other individuals or entities handling, accessing, processing, storing, transmitting, reviewing, archiving, or deleting data on behalf of the Company.

This Policy shall apply to all categories of records including electronic records, physical records, databases, metadata, server logs, cloud storage data, backups, subscriber records, content archives, journalistic material, employee records, legal documentation, advertisements, payment information, cookies, analytics data, communication logs, complaint records, compliance reports, and digital media assets.

This Policy shall apply irrespective of the geographical location where such data is stored or processed.

3. DEFINITIONS

For the purpose of this Policy, unless the context otherwise requires, the following expressions shall have the meanings assigned below.

The term “Data” shall mean any information, record, content, communication, document, file, metadata, identifier, analytical record, or digital asset processed by the Company in electronic or physical form.

The term “Personal Data” shall mean any information relating to an identified or identifiable natural person including but not limited to names, addresses, contact details, device identifiers, IP addresses, account information, payment details, biometric identifiers, communication records, and online activity information.

The term “Retention” shall mean the storage, preservation, maintenance, or continued possession of data for a defined duration.

The term “Deletion” shall mean permanent removal, erasure, destruction, de-identification, or rendering inaccessible of data in such manner that the information can no longer reasonably identify an individual.

The term “Archival Data” shall mean historical or inactive records preserved for legal, journalistic, research, evidentiary, historical, compliance, or business continuity purposes.

The term “Legal Hold” shall mean a preservation obligation requiring suspension of scheduled deletion where data may be relevant to litigation, investigation, audit, dispute resolution, regulatory proceedings, law enforcement requests, or judicial processes.

The term “Processing” shall have the meaning assigned under applicable data protection laws and shall include collection, storage, recording, organization, retrieval, use, disclosure, sharing, transfer, analysis, deletion, and destruction.

4. PRINCIPLES OF DATA RETENTION

The Company shall retain data only for lawful, legitimate, proportionate, necessary, and operationally justified purposes.

The Company shall endeavor to minimize unnecessary storage of personal information and shall periodically review retained records to ensure compliance with applicable laws and operational requirements.

The Company shall retain data for no longer than necessary unless a longer retention period is required under applicable law, regulatory obligations, contractual commitments, journalistic preservation standards, public interest requirements, court orders, governmental directions, or cyber security mandates.

The Company shall implement reasonable safeguards to ensure retained data remains protected against unauthorized access, misuse, accidental disclosure, cyber attacks, corruption, alteration, or destruction.

The Company shall ensure that deletion and destruction procedures are performed securely and in accordance with recognized industry practices.

5. CATEGORIES OF DATA RETAINED

The Company may retain various categories of information including but not limited to:

Subscriber and user registration records;

News article archives and journalistic content;

Editorial drafts and publication histories;

User comments and community interactions;

Advertising agreements and campaign records;

Financial and taxation records;

Payment transaction details;

Communication records and correspondence;

Customer support and grievance records;

Legal notices and dispute-related documents;

Employee and contractor records;

Cyber security logs and incident reports;

Cookies and analytics data;

Server access logs and IP information;

Content moderation records;

User-generated content and uploads;

Social media interaction records;

Subscription history and account activity;

Consent records and preference settings;

Backup copies and disaster recovery data.

6. RETENTION PERIODS

6.1 Subscriber and User Account Information

Subscriber records, registration details, account settings, profile information, and user identification records may be retained for the duration of the user relationship and for a reasonable period thereafter for compliance, dispute resolution, fraud prevention, and audit purposes.

Inactive accounts may be reviewed periodically and may be deleted, or archived after the expiry of applicable retention periods unless otherwise required by law.

6.2 Payment and Financial Records

Payment transaction records, invoices, receipts, taxation documentation, accounting records, financial ledgers, and billing information may be retained for such duration as may be required under taxation laws, financial reporting standards, anti-money laundering obligations, audit requirements, and statutory compliance obligations.

6.3 News Content and Editorial Archives

News articles, reports, investigative content, interviews, editorials, multimedia publications, photographs, videos, podcasts, and journalistic archives may be retained permanently or for extended durations in the interest of journalism, public record preservation, freedom of expression, research, historical documentation, and archival integrity.

The Company reserves the editorial right to preserve published content unless removal is required by law, judicial direction, settlement obligations, regulatory orders, or legitimate legal claims.

6.4 Communication Records

Email correspondence, customer support interactions, complaint records, grievance submissions, moderation actions, legal notices, and communication logs may be retained for operational continuity, dispute resolution, legal defense, evidentiary preservation, and compliance purposes.

6.5 Cookies and Analytics Data

Cookies, analytics records, advertising identifiers, device information, engagement metrics, and browsing activity logs may be retained for durations determined by operational necessity, analytics requirements, user consent settings, advertising cycles, cybersecurity monitoring, and legal compliance obligations.

6.6 Employment and Contractor Records

Employee records, contractual agreements, payroll records, attendance records, disciplinary records, onboarding documents, and employment-related communications may be retained for durations required under labor laws, taxation laws, employment regulations, litigation defense requirements, and organizational governance obligations.

6.7 Security Logs and Cyber security Data

Access logs, authentication records, IP logs, intrusion detection reports, malware analysis records, security alerts, cyber security investigation reports, and monitoring data may be retained for cyber security, fraud prevention, forensic investigation, regulatory reporting, and incident response purposes.

7. LEGAL BASIS FOR RETENTION

The Company may retain data based on one or more lawful grounds including:

Compliance with statutory obligations;

Performance of contractual obligations;

Legitimate business interests;

Fraud prevention and cyber security protection;

Journalism and public interest preservation;

Evidentiary preservation requirements;

Litigation defence and dispute resolution;

User consent;

Regulatory reporting obligations;

Historical and archival preservation purposes.

8. DATA ARCHIVING

The Company may archive inactive, historical, or infrequently accessed records for operational efficiency, legal preservation, historical reference, journalistic documentation, research purposes, or disaster recovery preparedness.

Archived data may remain subject to security safeguards, restricted access controls, encryption standards, audit mechanisms, and preservation obligations.

Access to archived records may be limited to authorized personnel only.

9. LEGAL HOLD AND INVESTIGATIONS

Where the Company becomes aware of pending litigation, governmental inquiries, law enforcement investigations, arbitration proceedings, regulatory audits, legal notices, preservation orders, or potential disputes, the Company may suspend routine deletion schedules relating to relevant records.

During the period of legal hold, affected data may continue to be preserved until the conclusion of the relevant matter or until lawful authorization for deletion is obtained.

Unauthorized deletion or alteration of records subject to legal hold may result in disciplinary action, contractual liability, civil liability, criminal consequences, or regulatory penalties.

10. DATA DELETION AND DESTRUCTION

The Company shall implement reasonable procedures for secure deletion, destruction, or de-identification of records upon expiry of applicable retention periods.

Deletion mechanisms may include secure wiping, cryptographic erasure, physical destruction, database purging, shredding of physical documents, or other recognized destruction methodologies.

The Company may retain limited residual copies in backups, disaster recovery systems, archives, or legal preservation repositories for reasonable durations.

Complete deletion from all systems may not occur immediately due to operational, technical, security, or backup restoration requirements.

11. USER RIGHTS REGARDING RETENTION

Subject to applicable law, users may have rights including:

The right to request deletion of personal data;

The right to request correction of inaccurate information;

The right to access retained records;

The right to object to certain processing activities;

The right to withdraw consent;

The right to request restriction of processing;

The right to request data portability;

The right to complain before regulatory authorities.

The exercise of such rights may be subject to verification procedures, legal exemptions, journalistic protections, public interest considerations, evidentiary requirements, cybersecurity obligations, and contractual limitations.

12. THIRD-PARTY SERVICE PROVIDERS

The Company may engage cloud providers, analytics vendors, payment processors, cyber security vendors, content delivery networks, advertising networks, communication providers, storage vendors, and other third-party processors.

Such service providers may retain data in accordance with contractual obligations, applicable laws, security standards, and operational requirements.

The Company shall endeavor to impose reasonable contractual safeguards on third-party processors handling retained information.

13. INTERNATIONAL DATA TRANSFERS

Retained data may be stored, processed, backed up, mirrored, transferred, or accessed across multiple jurisdictions and international locations.

The Company may use international cloud infrastructure, data centers, content delivery systems, or external vendors located outside India.

Reasonable safeguards, contractual protections, encryption mechanisms, and compliance procedures may be implemented for international data transfers wherever required under applicable law.

14. SECURITY MEASURES

The Company shall implement commercially reasonable administrative, organizational, physical, and technical safeguards to protect retained data.

Such safeguards may include:

Encryption mechanisms;

Multi-factor authentication;

Role-based access controls;

Audit logging systems;

Firewalls and intrusion detection systems;

Backup protection mechanisms;

Access monitoring procedures;

Security incident response frameworks;

Employee confidentiality obligations;

Cyber security assessments and audits.

Despite reasonable safeguards, no digital storage system or internet-based infrastructure can be guaranteed to be completely secure or immune from cyber threats.

15. CHILDREN’S DATA

The Company does not knowingly retain personal information relating to minors in violation of applicable law.

Where the Company becomes aware that unlawful children’s data has been collected or retained, reasonable steps may be taken to delete such information in accordance with legal obligations.

16. POLICY REVIEW AND MODIFICATION

The Company reserves the right to amend, modify, revise, update, replace, or discontinue this Policy at any time and without prior notice unless otherwise required by law.

Updated versions shall become effective immediately upon publication on the Platform.

Users are encouraged to periodically review this Policy to remain informed regarding data retention practices.

17. NON-COMPLIANCE AND DISCIPLINARY ACTION

Any employee, contractor, service provider, consultant, vendor, affiliate, or authorized person violating this Policy may be subject to disciplinary proceedings, suspension of access privileges, contractual penalties, termination, legal proceedings, civil liability, criminal prosecution, regulatory action, or recovery proceedings depending upon the nature and severity of the violation.

The Company reserves all legal rights and remedies available under applicable law.

18. LIMITATION OF LIABILITY

To the maximum extent permissible under applicable law, the Company shall not be liable for indirect, incidental, special, punitive, consequential, or exemplary damages arising from lawful retention, archival, deletion, destruction, cyber security incidents, third-party actions, legal preservation obligations, system failures, backup restoration procedures, or governmental directions.

Users acknowledge that certain information may continue to exist in residual systems, caches, archives, backups, evidentiary repositories, or legal preservation systems for reasonable durations.

19. GOVERNING LAW AND JURISDICTION

This Policy shall be governed by and construed in accordance with the laws of India.

Any dispute arising out of or relating to this Policy, data retention practices, archival procedures, privacy matters, or information management activities shall be subject to the exclusive jurisdiction of the competent courts located at [Insert Jurisdiction], India.

Nothing contained herein shall restrict the Company’s right to seek interim relief, injunctive orders, equitable remedies, or emergency protection before any court, tribunal, or regulatory authority having competent jurisdiction.

20. CONTACT DETAILS

For any questions, requests, complaints, notices, or grievances relating to this Data Retention Policy or data retention practices, users may contact:

Data Protection Officer / Grievance Officer

Arun

Door No:2/19(6),Kanchan complex.NH 66,Giliyar Village,Kota Post,Brahmavara -TQ,Udupi-Dist,Karnataka-576221

Email:newsnextdotlive@gmail.com

Contact Number: 7975523349

The Company shall endeavor to respond to lawful requests within reasonable timelines prescribed under applicable laws.

21. ACKNOWLEDGMENT

By accessing, using, subscribing to, interacting with, or otherwise engaging with the Platform, the user acknowledges that the user has read, understood, and agreed to this Data Retention Policy and consents to the retention, preservation, archival, deletion, and processing practices described herein in accordance with applicable laws and legitimate business purposes.