Due to the Payment API data retention policy, session data is available for a limited time. The time that data is available for varies according to the type of data:
Personally identifiable information (PII) is available for 15 minutes after session is finished. Any PII will be contained within the
paymentResultData
parameter; removing this parameter will remove this sensitive information.
If the payment session information is pushed to a webhook, paymentResultData
information is removed 15 minutes after the webhook successfully delivers the information.
If the webhook notification fails, VCC retries for up to 12 hours to deliver the information and paymentResultData
is removed after successful delivery. After 12 hours, the delivery attempt expires and the data is removed.
General session information (session identifiers and metadata—does not include anything from the
paymentResultData
field) is available for 90 days after the last session state change (toFinished
,Error
,TimeOut
orExpiredOnProviderSide
).
If the payment session information is pushed to a webhook, the 90 day begins after the webhook successfully delivers the information or the delivery attempts expire.