Every piece of data we hold has a retention period and a deletion method. Operational data (Amazon scorecard, concession records, driver performance metrics) is retained for 24 months, then automatically purged. Audit logs last 36 months. Rate-limiting counters last 24 hours. Billing records are retained for 7 years because HMRC says so. This page lists all of it, plus how deletion actually works, plus what happens when you cancel. For questions, contact privacy@nexusdsp.ai.
This policy implements UK GDPR Article 5(1)(e) — the data minimisation principle — by defining how long personal data is kept in a form that permits identification of data subjects. We review this policy annually, or whenever a material change occurs to our processing activities, regulatory environment, or infrastructure.
NEXUS · DSP processes operational performance data on behalf of DSP organisations. This policy defines the retention periods for every category of data processed by the platform and the driver application, and the mechanisms by which that data is deleted.
The policy is published so that DSPs, drivers, and the ICO can independently verify our commitments.
The table below sets out the retention period for each category of personal data, the justification for that period, and the method of deletion. Retention periods run from the date of collection or the most recent update of the record, whichever is later, unless otherwise stated.
| Category | Retention | Justification | Method |
|---|---|---|---|
| Account data | Active subscription + 30 days | Contract performance; 30-day reactivation grace period | Automated purge |
| Driver performance data (scorecard metrics) | 24 months | Operational analysis; covers Amazon review period | Automated weekly purge |
| Concession records | 24 months | Dispute evidence requires historical patterns | Automated weekly purge |
| Contact, POD, PHR, DWC, False Scan records | 24 months | Consistent with performance data retention | Automated weekly purge |
| Derived intelligence (scores, clusters, service-update drafts, coaching messages) | 24 months | Derived from source data; cascades when source expires | Cascade delete |
| Field reports (camera / voice / GPS from driver app) | 24 months | Operational evidence | Automated purge |
| Audit logs | 36 months | Security investigation and compliance | Automated purge |
| Login history | 90 days | Security audit trail | Automated purge (pg_cron) |
| Usage analytics | 12 months | Platform improvement | Automated purge |
| Push notifications and delivery receipts | 12 months | Driver communication audit trail | Automated purge |
| Error events (Sentry) | 90 days | Debugging | Sentry retention setting |
| Rate-limiting counters (Upstash Redis) | 24 hours | Sliding-window auto-expire | Redis TTL |
| Payment records (Stripe) | 7 years | UK HMRC tax requirement (Finance Act 2008) | Manual review at year-end |
| Support tickets | 24 months from resolution | Service quality reference | Automated purge |
| Database backups | 7 days | Disaster recovery (Supabase Pro Point-in-Time Recovery) | Natural expiry |
A scheduled weekly process identifies data that has exceeded its retention period and deletes it. The process runs outside peak hours and records each batch to the audit trail.
When an organisation cancels, access to the platform is revoked immediately. Associated data is permanently deleted within 30 days of cancellation, except for payment records, which are retained for 7 years to satisfy HMRC requirements. The 30-day window exists to support recovery from accidental cancellation and to allow export of data.
Under UK GDPR Article 17, a data subject may request erasure of their identifiable data. Requests are fulfilled within 30 calendar days. Where data has been anonymised and aggregated to the point that the data subject is no longer identifiable, that aggregate data may be retained for statistical purposes.
Drivers whose data has been uploaded to the platform by a DSP should direct erasure requests to the DSP in the first instance. The DSP is the controller of that data.
If an organisation record is deleted — whether by the DSP or by us on account closure — all data associated with that organisation is cascade-deleted across every table. This includes driver records, performance data, concession records, derived intelligence, coaching messages, field reports, and all uploaded files. Audit logs referencing the organisation are anonymised (organisation identifiers removed) at the end of their 36-month retention period.
Organisations are encouraged to export their data before cancelling a subscription. The platform provides three export routes:
We recommend completing all necessary exports before initiating cancellation. Data cannot be recovered after the 30-day deletion window has closed.
This policy is reviewed annually or whenever a material change occurs to the platform's data processing activities, regulatory environment, or infrastructure. Material changes include the introduction of new data categories, changes to sub-processors, or updates to UK data-protection legislation.
Next scheduled review: April 2027.
For questions about this policy: privacy@nexusdsp.ai. For our Data Protection Officer: dpo@nexusdsp.ai. For general support: support@nexusdsp.ai. For legal matters: legal@nexusdsp.ai.
VELLOX LTD, company number 17136312, registered in England and Wales. Registered office: Cranberrie Heights, Old Newport Road, Old St Mellons, Cardiff CF3 5FX. ICO registration: ZC115373.
See also — Privacy Policy · Terms of Service · Cookie Policy · Security