How long Mintstone retains each category of personal data, the legal basis for retention, and how data is securely deleted when the retention period expires.
Data is kept only as long as it is needed for the original processing purpose. When the purpose expires, deletion is triggered.
Where regulators (PRA, FCA, HMRC) require minimum retention periods, we comply with the longest applicable requirement.
When retention expires, data is permanently deleted or irreversibly anonymised. Deletion is logged in the audit trail.
Retention categories are tagged at the database level (REGULATORY_7Y, FINANCIAL_6Y, OPERATIONAL_3Y) and enforced programmatically.
| Data Category | Retention Period | Legal Basis / Justification | Deletion Method | Applies To |
|---|---|---|---|---|
|
Regulatory & audit records Risk weight classifications, covenant status changes, SHA-256 hash-chained audit log entries, drawdown records REGULATORY_7Y |
7 years from record creation | PRA record-keeping requirements for regulated firms' outsourced activities; Basel 3.1 evidence obligations; Limitation Act 1980 (6-year limitation + 1-year buffer) | Automated database purge; deletion logged in audit trail; S3 lifecycle policy for associated documents | Lender employees (action logs), borrowers (loan classifications) |
|
Financial transaction records Bank transactions, account balances, AI classification outputs, drawdown verifications REGULATORY_7Y |
7 years from transaction date | HMRC record-keeping (6 years + 1-year buffer); Money Laundering Regulations 2017 (5 years); Anti-Money Laundering requirements | Automated database purge with cascade deletion of linked records; TrueLayer consent tokens revoked at source | Borrowers, bank account holders |
|
Uploaded documents Construction invoices, professional certificates, valuations, site photographs, QS reports REGULATORY_7Y |
7 years from upload date | PRA regulatory evidence; Limitation Act 1980; contractual obligation under facility agreements | S3 object lifecycle deletion; database metadata purge; deletion verified and logged | Developers, contractors, professional advisors |
|
Financial calculation records Interest calculations, fee records, facility utilisation snapshots, budget tracking FINANCIAL_6Y |
6 years from record creation | HMRC requirements for financial records; Companies Act 2006 s.386; Limitation Act 1980 | Automated database purge; associated reports deleted from S3 | Borrowers, lender organisations |
|
User account data Name, email, hashed password, role, organisation, consent timestamps REGULATORY_7Y |
Duration of account + 7 years post-closure | Contractual necessity during account life; regulatory record-keeping post-closure (user actions are embedded in audit logs) | Account deactivated on closure; PII anonymised after 7-year post-closure period; audit references preserved with anonymised identifiers | Lender staff, platform administrators |
|
Contractor communications Telegram messages, site progress photos, media files, EXIF metadata OPERATIONAL_3Y |
3 years from message date | Operational business need; construction defect liability period (typically 2 years under JCT); Limitation Act buffer | Automated database purge; S3 media files deleted via lifecycle policy; Telegram-side data not controlled by Mintstone | Contractors, subcontractors, site workers |
|
Property market data Valuation snapshots, Land Registry data, comparable sales, pre-sale agreement details REGULATORY_7Y |
7 years from project completion | Regulatory evidence for loan monitoring decisions; valuation audit trail; Limitation Act 1980 | Automated database purge; associated cache entries cleared | Borrowers, pre-sale buyers, neighbouring property owners (public data) |
|
Funder access & visibility records Funder-to-project attachment links, acceptance / decline / revocation status and timestamps, funder-scoped audit chain entries REGULATORY_7Y |
7 years from facility completion (access ends immediately on lender detachment) | Audit trail of which funder could see which loan and when; PRA monitoring evidence; Limitation Act 1980 | Automated database purge; deletion logged in audit trail | Funder users, lender staff (actor identities) |
|
Collateral & charge-check records Borrower company number / name, title number, normalised collateral keys, Companies House charge particulars, double-pledge match results REGULATORY_7Y |
7 years from facility completion | Fraud-detection and monitoring evidence; regulatory audit trail; Limitation Act 1980. Positive matches and charge evidence are retained for the period shown; no-match / negative results are not kept as history (only the latest check state is held, purged on facility closure). | Automated database purge; deletion logged in audit trail | Borrower companies and directors, charge holders (public register), guarantors |
|
Platform logs & analytics IP addresses, user-agent strings, page views, error logs, API response times OPERATIONAL_3Y |
3 years from collection | Security incident detection and investigation; service reliability; NIS Regulations 2018 | Automated log rotation; Vercel logs subject to Vercel retention policy; application logs purged from database | All platform users |
|
Website enquiries Contact form submissions, demo requests (name, email, company, message) 12 MONTHS |
12 months from submission | Legitimate interest in responding to business enquiries; no regulatory requirement for longer retention | Manual review and deletion from Formspree and email; or converted to customer record (Row 5 then applies) | Prospective customers, website visitors |
|
Open Banking consent tokens TrueLayer consent tokens, consent status, consent expiry timestamps 90 DAYS |
90 days (automatic expiry) | FCA Open Banking consent requirements; OBIE standards; TrueLayer platform enforced expiry | Automatic expiry at TrueLayer; expired tokens marked invalid in database; re-consent required for continued access | Borrowers with connected bank accounts |
Legal holds: If Mintstone or a customer is involved in active litigation, regulatory investigation, or a formal dispute, relevant data will be preserved until the matter is resolved, regardless of the standard retention period.
Data subject requests: Where an individual exercises their right to erasure under Article 17 UK GDPR, we will delete their data unless a legal obligation or regulatory requirement overrides the request. In such cases, we will restrict processing instead and notify the individual of the reason.
This schedule is reviewed annually (next review: April 2027) or when new processing activities are added to the ROPA.
The data controller (Shray Sharma, Director, Mintstone Ltd) is responsible for ensuring adherence to this schedule.
For questions about data retention or to exercise your rights: contact@mintstone.co.uk
Related documents: Privacy Policy · Data Processing Agreement · Trust & Security · Information Security Policy