Register of Processing Activities

GDPR Article 30 — Record of personal data processing activities.

IDPurposeData CategoriesLegal BasisRetention & EnforcementRecipients
PA-001

Service Delivery

Core application operations, user account management, and feature access.

Name, Email, Profile picture, Organization membershipContract (Art. 6(1)(b))

Until account deletion

User-initiated deletion via Settings → Danger Zone. Cascading hard-delete across local product tables; PII removed from SF central within 30 days.

Vercel (hosting), Neon (database)
PA-002

Billing & Payments

Processing payments, managing subscriptions, generating invoices.

Email, Name, Payment method (via Calmony Pay), Invoice historyContract (Art. 6(1)(b))

7 years (UK financial record retention — HMRC + AML)

Retained for the statutory period for tax / AML defence. After 7 years, billing records are archived with PII fields anonymized to placeholders so financial totals remain auditable.

Calmony Pay
PA-003

Transactional Email

Sending account notifications, team invitations, and system alerts.

Email, NameContract (Art. 6(1)(b))

30 days (email delivery logs)

Email delivery logs are retained by our processor (Resend) for 30 days then automatically purged by their platform.

Resend
PA-004

Analytics

Tracking usage patterns to improve the service. Only with user consent.

Usage events, Page views, Feature interactionsConsent (Art. 6(1)(a))

90 days

Hourly aggregation workflow (usageAggregateWorkflow) rolls raw events into anonymous counts; raw rows older than 90 days are deleted by the shell-shipped retention sweep.

None
PA-005

Security & Audit

Logging state-changing operations for security monitoring and compliance.

User ID, Action, IP address, TimestampLegitimate Interest (Art. 6(1)(f))

90 days

Daily Temporal workflow auditCleanupWorkflow (03:00 UTC) deletes audit log entries older than 90 days from SF central.

None
PA-006

Error Monitoring

Capturing application errors via the platform Observability dashboard. PII scrubbed before transmission.

Error stack traces (PII scrubbed), Browser/device metadataLegitimate Interest (Art. 6(1)(f))

30 days

Errors flow through captureError() into the SaaS Factory platform Observability dashboard, which auto-expires entries after 30 days.

None
PA-007

Right-to-Rent Check Evidence

Storing tenant immigration-status evidence (scanned passport / share code / document reference) required by UK Right-to-Rent legislation.

Document reference, Document expiry date, Scanned identity document, Free-form check notesLegal Obligation (Art. 6(1)(c)) — Immigration Act 2014

1 year after the linked tenancy ends (Home Office guidance for letting agents)

Daily Temporal workflow dataRetentionWorkflow (04:00 UTC) scrubs the document reference, notes, expiry date and scan filename; deletes the scan blob from storage. The check row itself is kept so the agency can prove a compliant check was performed during the tenancy. Audit-logged as data_retention.right_to_rent.scrubbed.

None
PA-008

Tenant Records (post-tenancy)

Tenant identity records linked to historical tenancies, deposits and dispute outcomes.

Full name, Email, Phone, Date of birth, Nationality, Forwarding address, Free-form notesContract (Art. 6(1)(b)) and Legal Obligation (Art. 6(1)(c))

7 years after the tenant's last tenancy ends (UK lettings financial record retention)

Daily Temporal workflow dataRetentionWorkflow (04:00 UTC) anonymizes the tenant row — PII fields replaced with '[redacted]' / NULL — while preserving the row's foreign-key relationship to deposits and disputes so financial / dispute records remain auditable. Audit-logged as data_retention.tenant.anonymized.

None

Automated Retention Enforcement

Retention periods documented above are enforced automatically — no manual intervention is required to keep DepositClear compliant with GDPR Article 5(1)(e) (storage limitation).

Every scrub / anonymisation is recorded in the audit log (data_retention.* actions) so a regulator or internal auditor can verify the policy was enforced on any given date. Workflow runs are visible in the platform Observability dashboard.

Data Controller

{{COMPANY_NAME}}{{COMPANY_ADDRESS}}

Data Protection Officer: {{DPO_EMAIL}}

Privacy PolicyTerms of ServiceBack to Home