Data retention schedule
How long we keep things.
Last updated: 15 May 2026
We don’t keep personal data longer than we need to. The table below lists every record type that lives in the portal, the reason we keep it, and how long we hold it for after the trigger event. Backups follow the same rules — deleted data drops out of rolling backups within 30 days.
| Record | Trigger | We keep it for |
|---|---|---|
| Customer account, sites, contacts | Contract ends | 7 years |
| Service certificates & log book | Issued | The longer of: 12 years (life-safety record-keeping practice) or contract + 7 |
| Asset register | Asset retired or contract ends | 7 years |
| Visits & engineer notes | Contract ends | 7 years |
| Callouts | Closed | 7 years |
| Invoices & payment records | Issued | 7 years (HMRC) |
| Direct Debit mandates | Cancelled | 2 years after final collection (DD scheme rules) |
| Internal notes (staff workspace) | Contract ends | 7 years, then redacted |
| Sign-in audit trail | Event recorded | 2 years rolling |
| Customer-facing files (e.g. RAMS) | Project closes | 7 years |
| Email server logs (Resend) | Email sent | Up to 30 days at Resend; metadata in HubSpot per its own policy |
| Error logs (Sentry) | Event captured | 30 days |
When the retention period ends
We either delete the record or, where minimising is the right call, irreversibly redact the personal data while keeping the statistical shell (e.g. for trend reporting on visit counts).
Asking us to delete sooner
You can ask us to delete data we hold about you at any time. Where we’re legally obliged to keep something (HMRC invoices, BS 5839-1 service records), we’ll tell you which records have to stay and delete the rest. Email hello@eburyfire.co.uk with “Privacy: deletion request” in the subject line.
The full privacy notice is here.