Roveel Data Retention Policy

Last Updated: 26th September 2025

1. Purpose
   
   This policy provides guidelines for the secure retention, deletion, and anonymization of customer and financial mapping data in accordance with GDPR requirements.
   
   
2. Scope
   
   This policy applies to all customer-related data, including company records, financial mappings, and third-party connections managed within the Roveel platform.
   
   
3. Data Retention Periods
   
   
   1. Financial Mapping Data: Financial records imported for mapping are retained for up to 7 days after the trial or subscription period ends. Dashboard data derived from these records is deleted up to 90 days after the end of the trial or subscription.
   2. Third-Party Connections: Connections to third-party data sources are removed 7 days after the end of the trial or subscription period.
   3. General Data: For subscribed customers, all company and user data is removed 3 years after the end of their subscription period. For non-subscribing customers, all data is deleted 1 year after their trial concludes.
   4. Platform Backup Retention: Encrypted backups are retained for a maximum of 3 days for financial mapping data and 7 days for all other customer information.
   5. Customer Requests: If a customer requests data deletion before the standard retention period, Roveel will promptly purge all associated records and confirm in writing that this has been completed.
   6. Bespoke / Custom dashboard retention: In the event of the cancellation of a subscription, any custom or bespoke dashboards and reports which have been purchased by the subscriber shall be retained for a period of 3 months following cancellation. In the event of a customer re-subscribing during this 3 month period and requiring the bespoke / custom dashboards or reports to be added to the Company, a deployment and testing fee shall be payable.
      
      
4. Data Deletion and Anonymization Procedures
   
   
   1. Anonymization of Identifiers: Throughout the data retention and deletion process, all company identifiers are pseudonymized to ensure that retained records, such as audit logs, contain only anonymized references to the original customer.
   2. Post-Trial or Subscription Expiry: Once a company’s trial or subscription period ends, any non-essential data, including imported financial data, is securely deleted. Third-party connections and associated credentials are also removed from both the Roveel platform and the third-party provider.
   3. Complete Data Removal: Upon reaching the maximum retention period (1 year for non-subscribers, 3 years for subscribers), all data associated with that company is permanently erased.
   4. Financial Data Removal: Upon the end of a subscription, mapped financial data is securely deleted to ensure it remains inaccessible.
      
      
5. Monitoring and Documentation
   
   
   1. Audit Trail: Deletion actions are logged in the platform for auditing purposes, using anonymized customer identifiers, the type of data deleted, and the initiating party.
   2. Data Retention Tracking: Actions are monitored to confirm that customer data is retained only as long as operationally necessary.
   3. Third-Party Connections: Users may disconnect third-party data sources at any time via the Roveel platform or the third-party service. Inactive connections are removed automatically in accordance with section 3.2.
      
      
6. Policy Review
   
   
   1. Quarterly Review: This policy is reviewed quarterly to ensure compliance with GDPR and to reflect any changes in legal requirements.