Data Retention & Deletion Policy
Last updated: April 2026
1. Overview
ICS Ops processes and stores data on behalf of tenants to provide our inventory management and operations platform. This policy explains what data we store, how long we retain it, and how you can request its deletion.
2. Data We Store
| Data Category | Examples | Lawful Basis |
|---|---|---|
| Account data | Tenant name, billing info, user emails, roles | Contract performance |
| Transactional | Orders, invoices, quotes, purchase orders, credit notes | Contract performance |
| Operational | Jobs, equipment records, bookings, work orders | Contract performance |
| Inventory | Parts catalogue, stock levels, stock takes, transfers | Contract performance |
| Documents | Uploaded files, generated PDFs | Contract performance |
| Authentication | User credentials | Contract performance |
| Audit logs | Action logs (who changed what, when) | Legitimate interest |
| Analytics | Anonymised product usage data | Legitimate interest |
| Communications | Support tickets, replies, announcements | Contract performance |
3. Retention Periods
- Active tenants: All data retained while your subscription is active
- Operational logs and backups: Short retention aligned with our internal log retention policy; available on written request from a tenant admin
- Demo tenants: Data is regularly reset for demonstration purposes
- Deleted tenants: 30-day grace period, then full data purge
4. Sub-processors
We rely on a small number of third-party processors to deliver the platform. All sub-processors are bound by data-processing terms aligned with UK GDPR and EU GDPR; all processing takes place in the UK or EU.
| Category | Purpose | Region |
|---|---|---|
| Infrastructure processor | Database, file storage, authentication, transactional email, application logs | UK / EU |
| Analytics processor | Anonymised product usage analytics | UK / EU |
Tenant administrators can request the full sub-processor identity list (including legal-entity names and the executed Data Processing Addenda) by emailing hello@ics-ops.com.
5. Data Deletion and Disposal
Tenant administrators can delete individual records directly through the portal. For full account deletion, contact us at hello@ics-ops.com.
Full account deletion process:
- 30-day cooling period after deletion request (can be cancelled during this time)
- All tenant-scoped data permanently removed from primary storage
- Authentication records permanently deleted
- All files in your tenant storage prefix permanently deleted
- Data is irrecoverable after purge once short-retention backups have rotated
- Confirmation email sent to the tenant admin upon completion
- Anonymised aggregate statistics may be retained (containing no personal information)
Following purge, primary data is rendered inaccessible immediately. Encrypted backup snapshots rotate within our standard backup retention cycle, consistent with regulator guidance on UK GDPR Article 17 - immutable backups need not be immediately destroyed, only ensured to fall out of the retention rotation in due course.
6. Your Rights
- Data access: Request a copy of your data via email
- Data portability: Export your data via portal (CSV) or request a full export
- Rectification: Update your data directly in the portal or contact support
- Erasure: Request full account deletion as described above
7. Policy Review
This policy is reviewed annually or when there are significant changes to our business operations, data processing activities, or applicable law. Last review date: March 2026.
8. Changes to This Policy
Material changes to this policy will be communicated via email to tenant administrators. Continued use of the platform after changes constitutes acceptance of the updated policy.
Contact Us
Email: hello@ics-ops.com