Data Handling & Lifecycle

A practical view of how data flows through the systems we build, where it lives, who can see it, and how long it stays. Engineered transparency rather than glossy reassurance.

Data categories we typically handle

Ingest

Data enters the system through one of three channels:

Every inbound event is logged with timestamp, source, payload hash, and routing decision before any processing.

Processing

Workers process events idempotently — a duplicate event triggers an idempotency check and is dropped if already processed. Processing steps are individually logged.

When data is sent to an LLM API: zero-retention configured where the provider supports it; we redact obvious PII (NI numbers, payment card numbers) before sending where the workflow does not require them; outputs are validated against a schema before use.

Storage

Retention

Retention policy is set per project based on your regulatory needs and operational requirements. Defaults we recommend:

Deletion

Data subject deletion requests under UK GDPR are honoured. The system architecture supports it: each data subject has a single ID across tables, deletion cascades through related records, audit log records the deletion event (a tombstone rather than retaining the original data).

On project termination, you choose: full data export to you and deletion from our systems, or transfer of infrastructure ownership to you. Either way, we don't retain your data after handover.

Backup

Daily automated backups, 30-day retention, point-in-time recovery to within 5 minutes for any moment in the last 7 days. Backups encrypted, stored in a separate region for disaster recovery.

Access and audit

Every read/write to operational data is logged. Audit log queries are available to authorised members of your team via a documented interface. You can answer “who accessed this customer's data and when?” without our involvement.

Procurement questions?

Happy to fill in supplier questionnaires, sign DPAs, and answer specific procurement queries.