Consent Lifecycle

This section describes how consent is managed over its lifecycle: staying active, becoming inactive, and when Zwapgrid purges consent records.

Keeping consent active (30-day rule)

A Consent in Accepted status remains active only if it is used at least once every 30 days. Usage means calling the Accounting API (API.1) with that Consent ID. If a Consent is not used for 30 consecutive days, it becomes Inactive. An Inactive Consent cannot be re-activated; to restore access, you must create a new Consent and Your Customer must complete the Onboarding Flow again.

Use the Consent regularly in Your Platform (e.g. when syncing or fetching Your Customer's data) so it stays Active. If you do not need the data for a period, the Consent will lapse and Your Customer will need to reconnect.

When consent is removed (purging policy)

Zwapgrid removes consent records according to our retention rules so we do not keep data longer than necessary:

• Created – A Consent that is never accepted (Your Customer never completes the Onboarding Flow) is removed after 30 days.

• Inactive – A Consent that has become Inactive (e.g. unused for 30 days, or Your Customer removed access) is removed after 180 days.

• Revoked – A Consent that you or the system has revoked is removed after 180 days.

• Deleted – A Consent that you delete is removed immediately and is no longer visible.

Until a Consent is removed, you can still see it in the Client Portal (where applicable) and use it only if it is still in Accepted status. For more about the various consent statuses, see Consent Status.