Sqrrl, a mutual fund advisory app for India, was built for getting the first time investors to get started with investing in mutual funds. Like most early stage products, for most of our initial versions, we ended our relationship with the customer when she uninstalled the app. This was, however, inadequate. Several customers did not want to stop at that, and requested us to delete their personal information.
Since the past few months, we have added a switch for our customer success team to delete all account information whenever a customer requests it. We believe this is a significant step towards giving customers control over their personal data, as well as a proactive move before provisions of the upcoming data privacy bill become law.
What data we collect and Why
We’re a private limited company, registered as a Registered Investment Advisor (RIA) and regulated by SEBI. Since investing in the securities market is a much more of a “serious” activity than, say, purchasing groceries or listening to music on an app, we need to be very careful and strict about the data we collect and store. We collect the following data:
Any investor investing through us needs to share important personal information:
- Name, address and contact
- PAN details and KYC (Know Your Customer) documents like ID and address proofs
- At least one savings bank account details
- Additional disclosures (e.g., residency and tax status, nominee information)
Finally, once a customer makes an actual transaction in a mutual fund, all details of the transaction – from the initial payment gateway request to the final settlement in the mutual fund account, are also maintained by us for operational and compliance reasons.
Running any transactional service using an app means user data makes it to not just our own database, but several tools which are essential to running an online service:
- Communications (sms, email, push) – both promotional and transactional
- Advertising and marketing platforms (however data is rarely personally identifiable)
- Customer support systems
- Email, chat and any communication tools, both internal and user-facing.
- All sorts of low level logs generated by code, network requests and so on.
- Any inputs provided to the app – like investment goals, user avatar and so on.
All these services are crucial to running a successful online service, yet they add complexity when trying to delete the app data across third-parties.
Our Approach to “Right to Delete”
As Uncle Ben told Peter (in Spiderman), with great power comes great responsibility.
There are broadly two kinds of accounts on Sqrrl – the “explorers” and the actual transacting customers. Before a customer actually completes a transaction, she is simply exploring the app’s features and making up her mind whether to proceed or not. If the customer hasn’t even shared KYC details with us, it is fairly straightforward to delete her account.
In case of customers who complete entire setup (including KYC) and decide not to purchase, while we are happy to delete app data, we keep an archive of KYC data for regulatory audits.
In case of customers who make a transaction, we are required by law to maintain data for seven years – a requirement for all financial services firms. Similar requirements exist all over the world. If a customer, say Nirav M., simply stops using an app, that doesn’t mean his transaction history would be deleted and therefore be unavailable for any future scrutiny by tax or other authorities.
It is in these cases we have the hardest time explaining to customers why we are unable to delete their data. These legal requirements supercede any data privacy expectations, and as a regulated company we would very much like not to go to jail or pay enormous fines.
In our current implementation, there is a “switch” available to our customer success team that acts upon requests to delete data. The switch deletes live records, as well as disables communication on third-party platforms for the given accounts. In cases where deletion is not possible, our team explains this to the customer as best as possible.
The Road Ahead
The next phase would try to remove (as far as possible) customer from associated tools (e.g., analytics platform). It may be sufficient to simply overwrite any personally identifiable data with junk values so that the aggregate data remains (which is useful from analytics perspective) while nobody knows who exactly the user is. This needs most work and will need support from respective platforms, hence left for the future.
An alternative approach
Where deletion of transaction data is not possible, we are exploring a way to archive the data in a separate system where it is available to authorised personnel if needed, but otherwise stored away from live customer data. This is a good compromise and is something we are currently exploring.
The “Right to Delete” is one of the several measures that gives customers control over the use of their own data by a product or service that they use. An explicit deletion (or archival) of customer data is a great way to drastically reduce chance of misuse of data – something that unfortunately we have taken to be a way of life.
All businesses must clearly map out where all user data flows, and what relationships are in place for safety (and eventually, deletion or overwriting) of this data. For online businesses, especially transactional, this tends to be quite a challenge. Multiple technical approaches exist for removal and archival of data, one must decide based on how regulated the industry is. Sqrrl has only now gotten started. We hope with Data Privacy Bill several gaps in our understanding will get plugged.
About the Author: Aditya Sahay, Head of Engineering, Sqrrl Fintech. Aditya leads Product and Engineering for Sqrrl Fintech, a commission-free mutual fund advisory app driving young Indians to take control of their financial wellness by investing in personalised plans in-line with their life goals, in a language of their choice.