Legal
Data Retention & Deletion Policy
Version 1.0 · Last updated 7 July 2026 · Next review July 2027
This policy explains how long LeakIQ Ltd retains each category of data and how deletion works. It supports the Data Processing Agreement in the Master Subscription Agreement and applies to all customer data processed by the LeakIQ platform.
1. Purpose and principles
LeakIQ follows the data-minimisation and storage-limitation principles of the UK GDPR:
- we collect and retain only the data needed to detect and recover revenue leakage for the customer;
- data is retained only for as long as it serves that purpose or is required by law;
- when data is no longer needed, it is deleted or irreversibly de-identified;
- customers remain the data controllers and can request export or deletion of their data at any time.
2. Retention schedule
| Data category | Retention period | Notes |
|---|---|---|
| Connector event records | Lifetime of the active connection | Financial event data read from connected systems; removed when the connection is deleted or the workspace is closed |
| Recovery cases, queue items & outcomes | Lifetime of the workspace | Operational records used to manage and evidence recoveries |
| Audit log | Retained for the workspace lifetime (append-only) | Immutable, hash-chained integrity record; retained to support compliance and evidence |
| Connector credentials | Deleted immediately on disconnection | Encrypted at rest; removed the moment a connection is deleted |
| Account & user records | Lifetime of the account | Removed on account closure, subject to any legal retention obligation |
| Backups | Rolling backup window | Superseded data ages out of backups within the backup retention window (see section 4) |
| Session tokens | Expiry-bounded | Held only in the client-side cookie; no server-side copy exists |
Certain records (for example those needed to meet legal, tax or accounting obligations, or to resolve disputes) may be retained for longer where the law requires it.
3. Deletion and disconnection
- Removing a connector from the Connected Systems page deletes its encrypted credential immediately, and LeakIQ makes no further calls to that system.
- On termination of the subscription, LeakIQ makes customer data available for export for 30 days, after which it is deleted.
- Closing a workspace purges its records from the primary data store; residual copies age out of backups within the backup retention window.
4. Backups and deletion
Deleted data may persist temporarily in encrypted database backups until those backups age out of the rolling backup window. Backup copies are not restored into live service except as part of a genuine disaster-recovery event, and are themselves subject to deletion as they expire. This approach balances the right to erasure with the need to be able to recover from data loss. Backup and recovery are governed by the Business Continuity & Disaster Recovery Plan.
5. Erasure requests
Customers, and data subjects via the relevant customer (as data controller), may request erasure of personal data. Requests can be sent to support@leakiq.io. LeakIQ actions valid requests without undue delay, subject to any overriding legal retention obligation, and confirms once complete.
6. Review
This policy is reviewed at least annually and updated when retention practices or legal requirements change. Next scheduled review: July 2027.