This schedule sets out HomeOrbit's standard retention approach. It should be read alongside the Privacy Notice, Platform Terms, and Data Processing Agreement.
1. General approach
HomeOrbit keeps personal data only for as long as reasonably necessary for the purpose for which it was collected, together with any additional period required for security, legal compliance, dispute handling, backups, or evidential needs.
Customers remain responsible for setting and applying their own retention rules for records they control in the platform, including any sector-specific retention obligations.
2. Controller-side retention periods
2.1 Website enquiries and sales enquiries
Standard retention: up to 12 months from the last meaningful contact, unless a longer period is needed to continue discussions or keep an accurate business record.
2.2 Customer contact records and implementation communications
Standard retention: for the duration of the customer relationship and up to 24 months afterwards, unless longer retention is needed for legal, tax, contractual, security, or dispute reasons.
2.3 Support tickets and troubleshooting correspondence
Standard retention: up to 24 months after closure of the relevant support issue, unless a longer period is reasonably required for recurring issues, security, or legal defence.
2.4 Security, authentication, and audit logs
Standard retention: retained for as long as reasonably necessary for security monitoring, incident investigation, platform integrity, and evidential needs. The exact period may vary depending on system design and provider defaults.
2.5 Billing and financial records
Standard retention: retained for the period required by applicable tax and accounting law.
3. Customer-controlled platform data
Customer-controlled data stored in the HomeOrbit platform is generally retained:
- throughout the active term of the customer relationship; and
- for a post-termination export period of 30 days, unless a different arrangement is agreed in writing.
After the export period, HomeOrbit may delete or render inaccessible Customer Data unless retention is required by law or reasonably necessary for security, backup integrity, fraud prevention, or dispute resolution.
4. Backups and residual copies
Deletion from live systems may not result in instantaneous removal from backups or disaster recovery copies. Where residual copies remain, they are expected to remain protected and to be overwritten in the ordinary backup lifecycle.
5. Early deletion requests
Where HomeOrbit acts as controller, individuals may request deletion subject to legal rights and exemptions.
Where HomeOrbit acts as processor, deletion requests relating to customer-controlled data should normally be directed to the relevant customer controller. HomeOrbit will assist where required under the DPA.
6. Litigation, incidents, and legal holds
HomeOrbit may retain data for longer than the standard period where reasonably necessary to:
- investigate incidents or misuse;
- comply with legal obligations;
- establish, exercise, or defend legal claims;
- preserve evidence;
- respond to regulators or law enforcement; or
- protect the rights, property, or safety of HomeOrbit, customers, or others.
7. Review
Retention periods and practices may be reviewed and updated from time to time as HomeOrbit matures operationally and legally.