Data Handling & Retention Policy
Last updated: June 2026
Overview
This policy explains how DecisionOps Ltd collects, stores, processes, and deletes personal and business data. It is intended to be read alongside our Privacy Policy. All data handling is performed in accordance with UK GDPR and the Data Protection Act 2018.
Data types, storage, and retention
| Data type | Examples | Storage location | Retention |
|---|---|---|---|
| Account data | Name, email address, password hash, role | AWS eu-west-2 (London) | 90 days post-cancellation |
| Billing records | Transaction history, plan type, invoices | Stripe (PCI DSS certified) + AWS | 7 years |
| Pipeline data (Revenue OS) | Lead names, emails, CRM records, engagement signals | AWS eu-west-2 (London) | Duration of subscription |
| Personal decision data (Personal OS) | Goals, journal entries, Life Score inputs, habits | AWS eu-west-2 (London) | Duration of subscription |
| Usage and log data | IP addresses, feature usage, session logs | AWS eu-west-2 (London) | 12 months |
| Support communications | Email threads, support tickets | Support tooling (EU-based) | 2 years |
Storage security
All data is stored on AWS infrastructure in the eu-west-2 (London) region. Data is encrypted at rest using AES-256 and encrypted in transit using TLS 1.3. Access to production databases is restricted to authorised personnel only, with multi-factor authentication enforced and all access logged.
Deletion on account cancellation
When you cancel your DecisionOps subscription:
- Your account remains accessible until the end of your paid billing period.
- After your subscription ends, your account is placed in a 30-day grace period. You can reactivate your account within this period without losing data.
- After 30 days, all personal data and pipeline/decision data is permanently deleted from our systems, with the exception of billing records (retained for 7 years for legal compliance).
- You may request immediate deletion at any time by emailing ops@decisionopshq.com.
Data export
You can export your data at any time from within your account settings. Exports include:
- All pipeline data (Revenue OS): lead records, engagement history, recovery actions, and outcomes — in CSV or JSON format.
- All personal decision data (Personal OS): journal entries, goals, Life Score history, and habit logs — in JSON format.
Export requests are processed immediately for accounts below 100MB. Larger exports are prepared within 24 hours and delivered by email link.
Third-party data processors (sub-processors)
We share data with the following sub-processors, all bound by data processing agreements and equivalent data protection standards:
Amazon Web Services (AWS)
Cloud infrastructure and data storage
Location: UK (eu-west-2, London region)
Stripe
Payment processing
Location: US (UK IDTA in place)
Plausible Analytics
Privacy-first website analytics (no personal data)
Location: EU
Data requests
To submit a data subject access request (DSAR), request erasure, or ask any question about how we handle your data:
Email: ops@decisionopshq.com
Please include "Data Request" in the subject line. We respond within 30 days.