VistaConnect Data Retention Schedule
Version: 2.0 Effective date: 2026-04-22 Owner: Data HQ Limited Review cycle: Annually, or on material platform change
This schedule sets out how long Data HQ retains different categories of data processed through the VistaConnect platform. It is referenced by, and forms part of, the VistaConnect Non-Disclosure Agreement (NDA) and Privacy Notice.
Retention table
| # | Category | What it contains | Retention | Basis | How it's enforced |
|---|---|---|---|---|---|
| 1 | Data Audit — uploaded files | The rows parsed from CSVs you upload to run a matching/enrichment job (company names, addresses, postcodes, contact details if provided) | 30 days from job completion | Business necessity — auditors typically re-download or iterate within 30 days | Automated — cleanup_expired_jobs daily task deletes jobs older than 30 days; cascades to results and purchased contacts |
| 2 | Data Audit — job results | The matched company data returned against your upload | 30 days (same as source job) | Linked to #1 | Cascade delete from the job record |
| 3 | Find Look-alikes / ICP — uploaded files | The raw CSVs uploaded to profile your customer base | Not persisted. Rows are parsed in-memory, matched, used to derive filters, and discarded at end of request. Only the matched site URNs (not your uploaded names/postcodes) are stored on the resulting saved list. | Data minimisation (GDPR Article 5(1)(c)) | Code behaviour — upload endpoint does not write raw rows to any table or blob |
| 4 | List Builder — saved drafts | Filter selections, chosen fields, list name (no personal data of third parties) | Until you delete the list, or until account closure, whichever is sooner | User-controlled | Manual via UI; cascade delete on account closure |
| 5 | List Builder — purchased lists | The site URNs (and contact URNs where contacts are included) representing companies you purchased access to | 24 months from the purchase date | Typical B2B list-usage cycle — purchasers download, enrich and outreach over 6–18 months, with occasional reference over the following 6 months. After 24 months the data is materially stale and the list has limited continuing commercial value. Longer retention is not justified against data-subject interests. | Automated — daily scheduler task deletes purchased lists with purchase_date older than 24 months; cascades to list_builder_results and list_builder_contact_results |
| 6 | Shared Audit links | A read-only share token that lets a recipient view an audit report without an account | Token valid for lifetime of the parent audit job (30 days). When the job is deleted, the token stops working. | Linked to #1 | Cascade on job deletion |
| 7 | Your account — identifying details | Email, name, hashed password, client/company name, signup source, verification status | Until you request deletion | Contract performance | User self-serve deletion available in Settings → Delete account. Scheduled hard-delete after 7-day grace period |
| 8 | Credit balance + transactions | Records of credit purchases, consumption and monthly allocation | Up to 7 years from the end of the accounting period to which the record relates | UK tax and accounting law (HMRC) | Retained via legal obligation; not deleted when an account is closed. Automated archival/purge after statutory period |
| 9 | Payment records (Stripe) | Stripe payment intent IDs, invoice IDs, amounts, VAT, payment status | Up to 7 years | UK tax and accounting law (HMRC) | As #8 |
| 10 | Usage logs | A record of which API / portal features your account used, when, and how many credits were consumed | 24 months rolling, or until account closure if sooner | Operational and fraud monitoring, billing audit and credit-dispute resolution (legitimate interest) | Automated rolling purge at 24 months; remainder deleted as part of account closure. Aggregated / anonymised statistics may be retained per row 14 |
| 11 | Container / application logs | Operational logs (request traces, error messages, performance metrics). These do not contain customer-uploaded data but may contain email addresses of logged-in users and request IDs | 30 days standard; 90 days for audit-flagged events | Operational security | Azure Log Analytics retention policy |
| 12 | Database backups | Point-in-time backups of the full production database | 7-day rolling window | Business continuity | Azure Flexible Server automated backups. See Backups and the right to erasure below. |
| 13 | Blog Bot content (if used) | Draft articles, conversations, brand voice configuration you create within the Blog Bot feature | Until you delete, or until account closure | User-controlled | Cascade on account closure |
| 14 | Anonymised / aggregated data | Statistics about how VistaConnect is used in aggregate (e.g. number of jobs run per month, average list size), with no link to any individual client or user | Indefinite | No personal data involved once irreversibly aggregated (GDPR Recital 26) | Retained in aggregate form only |
What "deletion" means in practice
When data is deleted under this schedule:
- Live database — rows are permanently removed via SQL
DELETE, usually cascaded from a parent record. - Backups — deleted data remains in backups for up to 7 days while the backup window rolls forward. We cannot excise records from a backup snapshot without restoring, editing and re-snapshotting, which would compromise the integrity of the backup.
- Container logs — logs roll off the standard Azure retention window (30 days) independently of database deletion.
Backups and the right to erasure
If you exercise your right to erasure under UK GDPR, your data is removed from our live systems within 24 hours. Your data may persist in automated system backups for up to 7 additional days while the backup window rolls forward. During that period the data is not accessible for operational use and will be automatically aged out. If you have specific concerns requiring confirmation of backup ageing, email legal@datahq.co.uk and we will confirm the date by which residual backup copies will have been deleted.
Account closure
On request, or when an account is closed, we will delete:
- your user record (
users); - your client / organisation record (
api_clients); - your account-to-user link (
user_client_access); - your audit jobs and results (
bulk_enrich_jobs,bulk_enrich_results,bulk_enrich_contacts); - your saved and purchased lists (
list_builder_lists,list_builder_results,list_builder_contact_results); - your Blog Bot content (all
blog_bot_*tables); - your usage logs (
api_usage_log); - your credit ledger (
credit_transactions), except where retention is required for tax purposes under items 8 and 9 above.
We retain, for the statutory period, records required by UK tax and accounting law (invoices, payment history, VAT returns). These records are retained under legal obligation and are not subject to earlier deletion.
Requesting earlier deletion
You can request that Data HQ deletes your Confidential Information before the retention period expires, by emailing legal@datahq.co.uk. We will comply within 24 hours of receipt of the request, subject to the statutory exceptions above.
Version history
| Version | Date | Notes |
|---|---|---|
| 1.0 | [draft] | Initial schedule |
| 2.0 | 2026-04-22 | Added basis column; clarified backup persistence on right-to-erasure; aligned HMRC wording with "up to 7 years" |