Data Retention Policy

PlanX services fall into two categories -

Guidance services (e.g. “Find out if you need planning permission”)
Submission services (e.g. “Apply for a lawful development certificate”)

We do not capture user data on guidance services. This policy refers to submission services only.

Our agreements with customers ask us to retain a backup copy of submission data for 6 months.

PlanX captures several categories of user data, all of which conform to the above principle. Where appropriate, we sanitise personal data after 6 months but retain metadata.

The above approach offers us the following benefits:

A 6 month period to debug and handle re-submissions with full context
Indefinite ability to audit and reconstruct user journeys
Indefinite ability to gather statistics

Timeline

Our policy begins once a user has submitted their application. This means that in some instances data may be held for a period slightly longer than 6 months in order to maintain consistency.

gantt
		title Data Retention Policy
    dateFormat  YYYY-MM-DD

    section User Journey
    User completes application: uj1, 2022-01-01, 28d

    section User Data
    Lowcal Session: 2022-01-01, 210d
    Lowcal Session (Sanitised): 2022-12-31
    Uploaded files: 2022-01-14, 210d

    section Audit Logs
    Submission audit logs: after uj1, 182d
    Submission audit logs (Sanitised): 2022-12-31
    Reconciliation audit logs: 2022-01-14, 182d

    section Event Metadata
    Submission Event Metadata: after uj1, 182d
    Reconciliation Event Metadata: 2022-01-14, 182d

    section Feedback
    Feedback: 2022-01-14, 182d
    Feedback Learning Log (anonymised): 2022-01-14, 2022-12-31

Data categories

Category	Retention Period
User Data	6 months from submission date, then sanitised and held indefinitely
Uploaded Files	6 months from submission date
Audit Logs	Submission Logs - 6 months from submission date, then sanitised and held indefinitely.

Feedback Learning Log - Indefinitely |

What does "Sanitisation" mean?

Currently, we simply remove / delete and user data (e.g. email, breadcrumbs, passport) whilst retaining the remainder of the metadata associated with a record (such as id, created_at). This would allow to still have enough information to reconstruct high level user journeys if required to do so for auditing purposes and analytics. We would no longer have the fine-grained ability to understand the user’s journey through our service question by question. No personal data is retained.