Data Retention Policy

Last updated: 28 February 2026

Disclaimer: This data retention policy is an implementation baseline produced during development. It should be reviewed and approved by qualified legal counsel before the service is made available to real users.

1. Retention schedule by data category

We retain personal data only for as long as necessary to provide the service or meet legal obligations. The following table summarises our retention windows by data category:

Data category	Retention period	Basis
Account credentials (email, hashed password)	Duration of account + 30 days	Contract / account closure
Profile data (professional body, job title, CPD cycle)	Duration of account + 30 days	Contract / account closure
CPD activity records and reflections	Duration of account + 30 days	Contract / account closure
Evidence files (documents, images, certificates)	Duration of account + 30 days	Contract / account closure
Application logs (server-side errors, access logs)	90 days	Security / legitimate interests
Backup snapshots	30 days rolling	Business continuity
Billing records (when introduced)	7 years	Legal obligation (UK tax law)

2. Trigger points for deletion

Retention periods are triggered by the following events:

Account deletion — when you request account closure, all account data (records, profile, evidence files) is scheduled for hard-deletion within 30 days.
Prolonged inactivity — accounts that have been inactive for 24 consecutive months may be flagged for review. We will email you before taking any action and provide an opportunity to re-activate.
Service termination — if we discontinue the service, we will provide at least 90 days notice and a data export mechanism before deletion occurs.
Legal hold — where data is subject to an ongoing legal or regulatory investigation, normal retention schedules are suspended until the hold is lifted. Data under legal hold will not be deleted even if you request account closure.

3. Backup and log retention windows

Database backups are retained for a rolling 30-day window. A backup created on day 1 is purged on day 31. This means deleted account data may persist in backups for up to 30 days after the scheduled deletion date.

Application and access logs are retained for 90 days. These logs contain IP addresses and usage events but not the content of CPD records or evidence files.

After the applicable retention window, backup snapshots and logs are permanently and irreversibly deleted.

4. Hard-delete behaviour

When your account data reaches the end of its retention period, we perform a hard-delete — the data is permanently removed from our live database and is not recoverable.

The deletion process works as follows:

Your account closure request is received and a 30-day deletion window is opened.
During this window, you may log back in to retrieve or export your data. Your data is not accessible to other users during this period.
After 30 days, all database records linked to your account are permanently deleted.
Evidence files stored in object storage are deleted within the same 30-day window.
Residual copies in backup snapshots are purged as backups rotate out within their 30-day backup window (maximum 60 days from deletion request to complete purge).

5. Evidence storage retention and purge policy

Evidence files (documents, images, PDFs, and certificates) are stored in Supabase Storage. Each file is linked to a specific CPD activity record and to your account.

Individual file deletion: You may delete any individual evidence file at any time from within the service. Deleted files are removed from storage immediately and are purged from backups within the 30-day backup rotation window.

Account-wide deletion: When your account is closed, all evidence files across all CPD activities are scheduled for deletion as part of the 30-day account deletion window described above.

Retention for regulatory purposes: We do not independently retain copies of your evidence files beyond the period your account is active. If you require long-term archival of evidence, you should maintain your own copies outside of this service.

6. Data subject rights

You have the right to request deletion of your data at any time under UK GDPR. For a full description of your rights and how to exercise them, see our Privacy Policy.

To request erasure of your data, contact: hello@cpduniverse.com