| Signup, email verification, login, account management | Email, username, encrypted password, account status, email verification and password reset records, authentication provider, signup/update/deletion records | Until account deletion. One-time verification records are retained only while operationally needed after verification or expiration. Direct identifiers are deleted or anonymized when account deletion is processed. | Contract performance, security, abuse prevention |
| Beta signup, waitlist, benefits and coupon eligibility | Signup sequence, beta group, coupon and benefit eligibility, invitation and notice email records, referral signup information | Until account deletion so that benefits can be provided and confirmed. After deletion, data is deleted or anonymized except where legal retention applies. | Service provision, benefit administration, signup requested by the user |
| Referral links and attribution | Referral code, referrer and referred-user relationship, referral status, creation and end records | Until account deletion. If the referrer deletes the account, the direct identifying relationship may be anonymized or disconnected. | Service feature provision, benefit administration, abuse prevention |
| Public profiles, bio links, redirects, dashboard editing | Public username, display name, profile image, public visibility, search-engine visibility setting, social links and sponsored links | Until the user deletes the item or account. Public output is hidden and direct identifiers are deleted or anonymized on account deletion. | Contract performance and user-directed publication |
| Profile images and sponsorship attachments | File management information, upload confirmation information, public URL, security scan state, expiration and attachment state | While connected to a profile or proposal. Unattached temporary files are subject to deletion after expiration. | Service feature provision, malicious file and abuse prevention |
| Instagram account connection, comments, and direct messages (DM) automation | Instagram account identifier, username, profile image, connection status, permissions, integration token, comment and DM events, automation settings, delivery results | While the Instagram connection remains active. Tokens are revoked or disabled on disconnect or deletion, while legal, security, and dispute records may be retained where needed. | User-requested Instagram automation, Meta and Instagram policy compliance, security |
| Sponsorship proposals and transactional features | Company, contact name, phone, email, budget, media channels, usage rights, deliverables, AI-generated-content permission, approval criteria, progress status, attachment information | While needed for proposal handling, disputes, and abuse prevention. Deletion requests are handled by deletion or anonymization except where legal retention or dispute handling applies. | Proposal handling, pre-contract steps, abuse prevention |
| Public performance analytics and dashboard statistics | Visit, click, link movement, redirect records, visit date, page and link classification information, de-identified information for duplicate-visit detection, suspected abuse information | Retained as needed for service statistics and abuse prevention. Raw access information that directly identifies an individual is not stored. | Essential product analytics, performance improvement, abuse prevention |
| Security, incident response, and service reliability | Error type, request path, processing status, processing time, service environment information, and similar operational records | Retained as needed for security, incident response, and service reliability. Unnecessary direct identifiers are managed so they are not included in operational records. | Security, incident response, service reliability |
| Customer support, important notices, transactional emails | Email address provided by the requester, support content, handling records, send/receive/delivery status | Retained after support completion for the period needed for disputes, security, and legal compliance. | User request handling, service notices, legal compliance |
| Paid services, sponsorship contracts, revenue settlement, digital goods | Myven processes buyer name, date of birth, billing country, contact number, payment currency, default language, payment email, payment phone number, membership product, amount, currency, coupons and discounts, payment, billing, refund, PG receipt or sales slip, dispute records, PortOne and payment gateway transaction identifiers, billing key identifiers, payment status, and processing history. Myven does not directly store sensitive payment information such as full card numbers or CVC. | On account deletion, direct identifiers are anonymized or separated from the identity layer. However, transaction records that must be retained under e-commerce, tax, accounting, consumer dispute, or similar laws are retained separately under a jurisdiction-specific retention policy, then irreversibly anonymized or deleted after the retention period expires and any legal hold is released. | Contract performance, legal obligations, settlement and dispute handling |