Data Retention Policy
Last updated: 19 April 2026
Every piece of data we hold has a retention period and a deletion method. Operational data (Amazon scorecard, concession records, driver performance metrics) is retained for 24 months, then automatically purged. Audit logs last 36 months. Rate-limiting counters last 24 hours. Billing records are retained for 7 years because HMRC says so. This page lists all of it, plus how deletion actually works, plus what happens when you cancel. For questions, contact privacy@nexusdsp.ai.
1. Purpose
This policy implements UK GDPR Article 5(1)(e) — the data minimisation principle — by defining how long personal data is kept in a form that permits identification of data subjects. We review this policy annually, or whenever a material change occurs to our processing activities, regulatory environment, or infrastructure.
NEXUS DSP processes operational performance data on behalf of DSP organisations. This policy defines the retention periods for every category of data processed by the platform and the driver application, and the mechanisms by which that data is deleted.
The policy is published so that DSPs, drivers, and the ICO can independently verify our commitments.
2. The retention schedule
The following table sets out the retention period for each category of personal data, the justification for that period, and the method of deletion. Retention periods run from the date of collection or the most recent update of the record, whichever is later, unless otherwise stated.
| Category | Retention | Justification | Method |
|---|---|---|---|
| Account data | Active subscription + 30 days | Contract performance; 30-day reactivation grace | Automated purge |
| Driver performance data (scorecard metrics) | 24 months | Operational analysis; covers Amazon review period | Automated weekly purge |
| Concession records | 24 months | Dispute evidence requires historical patterns | Automated weekly purge |
| Contact, POD, PHR, DWC, False Scan records | 24 months | Consistent with performance data retention | Automated weekly purge |
| Derived intelligence (scores, clusters, drafts, coaching messages) | 24 months | Derived from source data; cascades when source expires | Cascade delete |
| Field reports (camera / voice / GPS from driver app) | 24 months | Operational evidence | Automated purge |
| Audit logs | 36 months | Security investigation and compliance | Automated purge |
| Login history | 90 days | Security audit trail | Automated purge (pg_cron) |
| Usage analytics | 12 months | Platform improvement | Automated purge |
| Push notifications and delivery receipts | 12 months | Driver communication audit trail | Automated purge |
| Error events (Sentry) | 90 days | Debugging | Sentry retention setting |
| Rate-limiting counters (Upstash Redis) | 24 hours | Sliding-window auto-expire | Redis TTL |
| Payment records (Stripe) | 7 years | UK HMRC tax requirement (Finance Act 2008) | Manual review at year-end |
| Support tickets | 24 months from resolution | Service quality reference | Automated purge |
| Database backups | 7 days | Disaster recovery (Supabase Pro PITR) | Natural expiry |
3. How deletion is triggered
3.1 Automatic expiry
A scheduled weekly process identifies data that has exceeded its retention period and deletes it. The process runs outside peak hours and records each batch to the audit trail.
3.2 Account cancellation
When an organisation cancels, access to the platform is revoked immediately. Associated data is permanently deleted within 30 days of cancellation, except for payment records, which are retained for 7 years to satisfy HMRC requirements. The 30-day window exists to support recovery from accidental cancellation and to allow export of data.
3.3 Right-to-erasure request
Under UK GDPR Article 17, a data subject may request erasure of their identifiable data. Requests are fulfilled within 30 calendar days. Where data has been anonymised and aggregated to the point that the data subject is no longer identifiable, that aggregate data may be retained for statistical purposes.
Drivers whose data has been uploaded to the platform by a DSP should direct erasure requests to the DSP in the first instance. The DSP is the controller of that data.
3.4 Organisation deletion
If an organisation record is deleted — whether by the DSP or by us on account closure — all data associated with that organisation is cascade-deleted across every table. This includes driver records, performance data, concession records, derived intelligence, coaching messages, field reports, and all uploaded files. Audit logs referencing the organisation are anonymised (organisation identifiers removed) at the end of their 36-month retention period.
4. Exporting data before deletion
Organisations are encouraged to export their data before cancelling a subscription. The platform provides three export routes:
- CSV export. Driver performance data, concession records, and compliance metrics are available as CSV files from the dashboard.
- PDF reports. Intelligence reports, briefing dossiers, and investigation summaries can be generated and downloaded as PDFs.
- Full data-subject-access export. A complete, machine-readable export of all data held for the organisation is available on request, fulfilling UK GDPR Article 20 (right to data portability). Contact privacy@nexusdsp.ai.
We recommend completing all necessary exports before initiating cancellation. Data cannot be recovered after the 30-day deletion window has closed.
5. Backup and recovery
- Retention. Database backups are retained for 7 days via Supabase Pro infrastructure.
- Point-in-Time Recovery. PITR is enabled, allowing restoration to any point within the 7-day backup window for disaster recovery.
- Location. All backups are encrypted at rest and stored in the EU-West-1 (Republic of Ireland) region, ensuring data remains within UK-GDPR-adequate jurisdictions.
- Relationship to deletion. Backups do not extend retention periods. When data is deleted from the live database, it expires from backups within the 7-day backup cycle.
6. Review
This policy is reviewed annually or whenever a material change occurs to the platform's data processing activities, regulatory environment, or infrastructure. Material changes include the introduction of new data categories, changes to sub-processors, or updates to UK data-protection legislation.
Next scheduled review: April 2027
7. Contact
For questions about this policy, or to submit a retention enquiry, contact us at privacy@nexusdsp.ai or our Data Protection Officer at dpo@nexusdsp.ai.
VELLOX LTD, company number 17136312, registered in England and Wales. Registered office: Cranberrie Heights, Old Newport Road, Old St Mellons, Cardiff CF3 5FX. ICO registration: ZC115373.