Legal

Data retention policy

Version 1.0 · Aligned with UK GDPR Art. 5(1)(e) storage limitation.

We keep personal data only as long as we need it, and for as long as UK law requires. This policy sets the retention periods for each category of data. Customers can override individual retention windows contractually where a legitimate business or legal reason applies (e.g. a fleet operator subject to a specific DVSA audit obligation).

Data categoryRetention periodBasis / obligation
Active customer account dataDuration of contractNecessary to deliver the service (Art. 6(1)(b))
Customer data after termination30 days, then hard-deleted30-day soft-delete window for accidental cancellation reversal, then erasure
PCN records + walkaround checks7 yearsDVSA record-keeping obligation for commercial fleet operators
Billing and payment records7 yearsUK Companies Act + HMRC record retention requirements
Audit logs (RBAC actions)2 yearsSecurity monitoring + incident forensics
Webhook event log (Stripe, GoCardless)2 yearsReconciliation + dispute investigation
Application error logs (Sentry)90 daysOperational — PII is scrubbed by the SDK
Server / access logs (Vercel)30 daysSecurity investigation window
Marketing consent recordsUntil withdrawn + 6 yearsProve basis for lawful processing under PECR
Backup archives35 days (rolling)Disaster recovery

User-initiated deletion

Any user can request account deletion under UK GDPR Art. 17 from Settings → Privacy & Data. A 30-day reversal window applies to prevent accidental loss; after 30 days the data is hard-deleted from primary storage. Backups containing the erased data cycle out within a further 35 days, at which point the erasure is complete.

Enterprise customer deletion

On contract termination, 5nPay deletes all customer-controlled personal data within 30 days, excluding categories the Customer directs 5nPay to retain for a specified statutory purpose (e.g. DVSA audit records for commercial fleets), and excluding rolling backups which cycle out per the schedule above. A written deletion confirmation is available on request.

Log data

Application, access, and error logs are excluded from GDPR export because they are not personal data in the ordinary sense (they may contain user identifiers but not personal content). They are subject to the retention windows above and access is restricted to the on-call engineering team.

Contact

Retention queries and specific deletion requests: privacy@5npay.co.uk.