User Data Handling

Extraa User Data Handling Standards

This page explains how user data moves through account creation, booking, support, merchant access, security review, and long-term record handling workflows.

Effective date: June 2, 2026

User data is handled on a need-to-know basis for booking operations, merchant coordination, security, support, analytics, and product reliability.

We may store structured and unstructured records including account fields, support tickets, booking notes, communication logs, payment status, and audit events.

Operational logs and historical records may persist beyond visible account deletion where preservation is necessary for legitimate platform purposes.

Data handling during the booking lifecycle

Before booking: search, browsing, and session activity may be logged for security and product analytics.
During booking: account, merchant, service, timing, and payment-related data are processed so the booking can be created and managed.
After booking: confirmation, support, dispute, refund, and history records may be retained to preserve a reliable transaction record.

Internal handling controls

We aim to restrict access to user data to the teams, service providers, and merchants that reasonably need it to deliver platform functionality or respond to a legitimate issue.

We may use manual review, automated signals, audit logs, and role-based access controls to reduce misuse and to investigate unusual activity.

Retention and restricted deletion

Where deletion is requested, some records may be anonymized, suppressed from routine use, or logically detached from an active profile instead of being fully erased immediately.

Examples include chargeback records, fraud markers, system logs, reconciliation data, merchant dispute evidence, and support history linked to a transaction.