This policy describes how long we retain different types of personal data, and the legal basis for doing so.
Retention Schedule
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Account data (name, email, company) | Duration of account + 30 days | Contract performance |
| Financial records (orders, invoices) | 6 years from transaction | UK tax law (Finance Act) |
| Support tickets | 2 years from resolution, or duration of account | Legitimate interest |
| Chat sessions | 6 months | Legitimate interest |
| Audit logs | 2 years (IP addresses anonymised after 90 days) | Legitimate interest, security |
| Login attempts | 90 days | Security |
| Payment method details | Until removed by user or account closure | Contract performance |
| Breach logs | 5 years minimum | Legal obligation (GDPR Article 33) |
Automated Cleanup
We run automated processes to enforce these retention periods. Data beyond its retention period is permanently deleted or anonymised, except where a legal hold applies.
Account Deletion
When you request account deletion, your personal data is erased or anonymised within 30 days. Financial records required by law are retained in anonymised form. You can request account deletion from your Account Settings.
Contact
For questions about data retention, contact privacy@generativesolutions.uk.