🗓️ Purpose limitation
Data is kept only as long as it is needed for the original processing purpose. When the purpose expires, deletion is triggered.
⚖️ Legal obligation
Where regulators (PRA, FCA, HMRC) require minimum retention periods, we comply with the longest applicable requirement.
🔒 Secure deletion
When retention expires, data is permanently deleted or irreversibly anonymised. Deletion is logged in the audit trail.
⚙️ Automated enforcement
Retention categories are tagged at the database level (REGULATORY_7Y, FINANCIAL_6Y, OPERATIONAL_3Y) and enforced programmatically.
| Data Category | Retention Period | Legal Basis / Justification | Deletion Method | Applies To |
|---|---|---|---|---|
|
Regulatory & audit records Risk weight classifications, covenant status changes, SHA-256 hash-chained audit log entries, drawdown records REGULATORY_7Y |
7 years from record creation | PRA record-keeping requirements for regulated firms' outsourced activities; Basel 3.1 evidence obligations; Limitation Act 1980 (6-year limitation + 1-year buffer) | Automated database purge; deletion logged in audit trail; S3 lifecycle policy for associated documents | Lender employees (action logs), borrowers (loan classifications) |
|
Financial transaction records Bank transactions, account balances, AI classification outputs, drawdown verifications REGULATORY_7Y |
7 years from transaction date | HMRC record-keeping (6 years + 1-year buffer); Money Laundering Regulations 2017 (5 years); Anti-Money Laundering requirements | Automated database purge with cascade deletion of linked records; TrueLayer consent tokens revoked at source | Borrowers, bank account holders |
|
Uploaded documents Construction invoices, professional certificates, valuations, site photographs, QS reports REGULATORY_7Y |
7 years from upload date | PRA regulatory evidence; Limitation Act 1980; contractual obligation under facility agreements | S3 object lifecycle deletion; database metadata purge; deletion verified and logged | Developers, contractors, professional advisors |
|
Financial calculation records Interest calculations, fee records, facility utilisation snapshots, budget tracking FINANCIAL_6Y |
6 years from record creation | HMRC requirements for financial records; Companies Act 2006 s.386; Limitation Act 1980 | Automated database purge; associated reports deleted from S3 | Borrowers, lender organisations |
|
User account data Name, email, hashed password, role, organisation, consent timestamps REGULATORY_7Y |
Duration of account + 7 years post-closure | Contractual necessity during account life; regulatory record-keeping post-closure (user actions are embedded in audit logs) | Account deactivated on closure; PII anonymised after 7-year post-closure period; audit references preserved with anonymised identifiers | Lender staff, platform administrators |
|
Contractor communications Telegram messages, site progress photos, media files, EXIF metadata OPERATIONAL_3Y |
3 years from message date | Operational business need; construction defect liability period (typically 2 years under JCT); Limitation Act buffer | Automated database purge; S3 media files deleted via lifecycle policy; Telegram-side data not controlled by Mintstone | Contractors, subcontractors, site workers |
|
Property market data Valuation snapshots, Land Registry data, comparable sales, pre-sale agreement details REGULATORY_7Y |
7 years from project completion | Regulatory evidence for loan monitoring decisions; valuation audit trail; Limitation Act 1980 | Automated database purge; associated cache entries cleared | Borrowers, pre-sale buyers, neighbouring property owners (public data) |
|
Platform logs & analytics IP addresses, user-agent strings, page views, error logs, API response times OPERATIONAL_3Y |
3 years from collection | Security incident detection and investigation; service reliability; NIS Regulations 2018 | Automated log rotation; Vercel logs subject to Vercel retention policy; application logs purged from database | All platform users |
|
Website enquiries Contact form submissions, demo requests (name, email, company, message) 12 MONTHS |
12 months from submission | Legitimate interest in responding to business enquiries; no regulatory requirement for longer retention | Manual review and deletion from Formspree and email; or converted to customer record (Row 5 then applies) | Prospective customers, website visitors |
|
Open Banking consent tokens TrueLayer consent tokens, consent status, consent expiry timestamps 90 DAYS |
90 days (automatic expiry) | FCA Open Banking consent requirements; OBIE standards; TrueLayer platform enforced expiry | Automatic expiry at TrueLayer; expired tokens marked invalid in database; re-consent required for continued access | Borrowers with connected bank accounts |
Legal holds: If Mintstone or a customer is involved in active litigation, regulatory investigation, or a formal dispute, relevant data will be preserved until the matter is resolved, regardless of the standard retention period.
Data subject requests: Where an individual exercises their right to erasure under Article 17 UK GDPR, we will delete their data unless a legal obligation or regulatory requirement overrides the request. In such cases, we will restrict processing instead and notify the individual of the reason.
📅 Annual review
This schedule is reviewed annually (next review: April 2027) or when new processing activities are added to the ROPA.
👤 Accountability
The data controller (Shray Sharma, Director, Mintstone Ltd) is responsible for ensuring adherence to this schedule.
📧 Contact
For questions about data retention or to exercise your rights: privacy@mintstone.co.uk
Related documents: Privacy Policy · Data Processing Agreement · Trust & Security · Information Security Policy