Data Retention Policy
Effective date: 13 April 2026
This Data Retention Policy explains how KNEWTE UK LIMITED keeps, deletes,
anonymises, archives, and manages personal data and related records.
KNEWTE keeps data only for as long as reasonably necessary for the purposes for which it is processed,
for the duration of the relevant service relationship, and for any additional period required or permitted by law,
regulation, fraud prevention, audit, dispute resolution, security, or compliance needs.
1. Who This Policy Applies To
This policy applies to personal data and related records processed through:
- the KNEWTE platform and website;
- KNEWTE customer accounts and business profiles;
- subscriptions, trials, credits, and billing records;
- KNEWTE apps, including app-specific customer content and workflow records;
- support, operational, security, and audit records;
- communications sent through the platform or a KNEWTE app.
2. Retention Principles
KNEWTE applies the following retention principles:
- we keep data only for as long as reasonably necessary;
- we keep data only for lawful and clearly identified purposes;
- we restrict access to retained data to authorised persons who need it;
- we delete or anonymise data when it is no longer required, subject to lawful retention obligations;
- we may retain certain records longer where this is required for legal, tax, accounting, audit, fraud prevention, security, or dispute resolution reasons.
Important: Deletion from active systems does not always mean immediate removal from backups,
archives, logs, or third-party provider systems. Some records may need to be retained for legal, regulatory,
billing, audit, fraud-prevention, or security purposes.
3. General Retention Periods
3.1 Active Accounts and Active Services
While an account, subscription, or app relationship remains active, KNEWTE generally retains data needed
to provide the relevant service, administer the account, maintain security, provide support, and meet compliance obligations.
3.2 Closed or Ended Accounts and Services
Where an account, subscription, or relevant service relationship ends, KNEWTE may retain account data,
app data, and related customer data for up to 90 days before deletion, unless a longer period is required
or permitted by law, regulation, tax, accounting, audit, fraud prevention, dispute resolution, billing integrity,
security, or compliance obligations.
3.3 Financial, Tax, Contract, Audit, Billing, and Compliance Records
Certain financial, tax, contract, audit, billing, and compliance records may be retained for up to
6 years or for such longer period as required or permitted by law.
3.4 Backup and Archive Retention
Deleted data may remain in backups or archives for a limited period after deletion from live systems.
Where this occurs, KNEWTE aims to ensure such data is put beyond ordinary use and removed in accordance with
normal backup overwrite, archive rotation, or secure deletion cycles.
4. Retention Categories
4.1 Account and Profile Data
- kept while the account remains active;
- may be retained for up to 90 days after closure or termination before deletion;
- may be retained longer where required for legal, fraud-prevention, audit, dispute, or security reasons.
4.2 Business Profile and Subscription Data
- kept while the relevant business relationship, subscription, or app access remains active;
- may be retained for up to 90 days after closure or termination before deletion;
- billing, invoice, tax, and contract-related records may be retained for up to 6 years or longer where required or permitted by law.
4.3 App Data and Customer Content
- kept while needed to provide the relevant app or service;
- where the relevant service ends, may be retained for up to 90 days before deletion unless a longer period applies for lawful reasons;
- will be deleted and not returned except where the relevant app itself provides export, download, copy, or similar functionality.
4.4 Support and Communications Data
- support emails, tickets, and service communications may be retained for operational, audit, training, security, and dispute-resolution purposes;
- support-related records may be retained for as long as reasonably necessary and, where relevant, may be linked to account or compliance retention periods.
4.5 Security, Access, and Audit Logs
- security logs, authentication records, activity logs, and audit trails may be retained for security, abuse prevention, compliance, and operational monitoring;
- such records may be retained longer where necessary to investigate incidents, respond to disputes, support audits, or meet legal obligations.
4.6 Payment and Financial Administration Data
- payment administration records, billing references, invoice records, and transaction-related records may be retained for accounting, tax, audit, fraud-prevention, and legal purposes;
- KNEWTE does not store full bank card details on its own servers;
- payment processors such as Stripe may retain payment-related records under their own legal and operational retention policies.
5. Account Deletion and Service Endings
5.1 Account Deletion Requests
Where a user asks for account deletion, KNEWTE may remove or disable the account record, profile data,
security questions, invitation links, membership links, and access to subscriptions or apps where applicable and technically possible.
5.2 Ownership and Deletion Restrictions
If the requesting user is the owner of an entity, subscription, or billing relationship,
KNEWTE may block deletion until ownership is transferred or another authorised administrative action is completed.
5.3 Soft Deletion
KNEWTE may first apply a soft-deletion, disabling, restriction, or anonymisation step before permanent deletion.
This helps support recovery, fraud prevention, audit integrity, and lawful retention requirements.
5.4 Permanent Deletion
Permanent deletion may be irreversible. Once a record is permanently deleted from live systems,
it may no longer be recoverable except where limited copies remain temporarily in backups or archives.
6. Export, Return, and Deletion Position
Under the KNEWTE legal terms, KNEWTE's default position at the end of the relevant service relationship is
delete and not return customer data, except where the relevant app itself provides
export, download, copy, or similar functionality.
This means:
- if an app offers export, download, or copy functionality, the customer is responsible for using it before access ends;
- if an app does not offer such functionality, KNEWTE may delete data without providing a return copy;
- access to an app or subscription may end immediately where cancellation or termination takes immediate effect under the applicable terms.
7. Reference Check App Retention
Reference Check data is subject to the general retention and deletion framework in this policy,
the KNEWTE Terms, the KNEWTE Data Processing Addendum, and the Reference Check App Terms.
Depending on customer configuration and app use, Reference Check data may include candidate records,
referee records, reference responses, notes, communications, job-related details, and workflow or audit records.
Unless a longer lawful retention period applies:
- Reference Check data may be retained while the relevant subscription or service remains active;
- after the relevant account, subscription, or processing relationship ends, Reference Check data may be retained for up to 90 days before deletion;
- where the app provides export, download, or copy functionality, the customer is responsible for using those tools before access ends.
8. Legal Holds, Disputes, and Compliance Retention
KNEWTE may retain data for longer than the standard retention period where this is reasonably necessary:
- to comply with applicable law, regulation, tax, accounting, or reporting obligations;
- to establish, exercise, or defend legal claims;
- to investigate or resolve disputes, complaints, incidents, or chargebacks;
- to prevent fraud, abuse, or misuse;
- to preserve audit integrity, security evidence, or incident records.
9. Anonymisation and Restricted Retention
Where deletion is not immediately feasible or where only limited retention is justified,
KNEWTE may restrict access to data, minimise it, pseudonymise it, or anonymise it where appropriate.
In some cases, records may be retained in an anonymised or de-identified form for analytics,
service improvement, security analysis, audit, or business reporting purposes where lawful and appropriate.
10. Third-Party Providers
Some data processed through KNEWTE may also be stored or retained by third-party providers
under their own systems and legal obligations. This may include:
- Amazon Web Services (AWS) for hosting, storage, backup, and related infrastructure;
- Stripe or other payment providers for payment and transaction processing;
- other service providers supporting communications, infrastructure, support, or security.
Where data is retained by a third-party provider, KNEWTE will seek to ensure the provider is used under appropriate legal
and contractual arrangements, but the provider may apply its own retention rules where it acts independently
or where retention is required by law.
11. Deletion Requests and Data Rights
Individuals or customers may contact KNEWTE regarding deletion or retention questions at
support@knewte.co.uk.
KNEWTE may need to verify identity and authority before taking action, especially where the request relates to:
- a business-controlled account;
- data processed on behalf of a customer;
- an ownership, subscription, or billing relationship;
- a request made by someone other than the account owner or controller.
Where KNEWTE acts as processor on behalf of a customer, a deletion or rights request may need to be directed
first to the relevant customer acting as controller.
12. Changes to This Policy
KNEWTE may update this Data Retention Policy from time to time. Where appropriate, we will post the updated version
on our website or in the Service and update the effective date above.
13. Contact