Retention and Deletion Policy
Last updated: March 2026
AssessKit is operated by Crocker Digital Ltd (Company No. 17008789), a company registered in England and Wales.
Disclaimer: This document is provided for informational purposes and does not constitute legal advice. You should consult a qualified solicitor if you require formal legal guidance regarding data retention obligations.
Overview
This policy explains what data AssessKit stores, how long we keep it, and how you can request its deletion.
What Data We Store
When you use AssessKit, we store the following categories of data:
| Category | Examples |
|---|---|
| Account data | Your name, email address, hashed password |
| Organisation details | Company or organisation name, business address, contact information |
| Client and site data | Client names, contact details, site/building addresses |
| Assessment data | Fire risk assessment content — observations, findings, risk ratings |
| Actions | Recommended actions, priorities, responsible persons, completion status |
| Photos | Images uploaded as part of assessments |
| Generated reports | PDF or other format reports produced through AssessKit |
| Billing records | Subscription status, payment history, invoices (payment card details are held by Stripe, not by us) |
| Audit logs | Records of significant account and data events (e.g., logins, data changes) |
| Analytics events | Anonymised, aggregate page view data collected by GoatCounter (no personal data) |
Retention Schedule
While Your Account Is Active
All data listed above is retained for as long as your account remains active and your subscription is current. You can access, edit, and export your data at any time during this period.
On Cancellation (30-Day Read-Only Grace Period)
When you cancel your subscription:
- Your account remains active until the end of your current billing period.
- After your billing period ends, your account enters a 30-day read-only grace period.
- During the grace period, you can log in to view and export your data, but you cannot create new assessments or edit existing ones.
- After the 30-day grace period, your account is deactivated and your data is no longer accessible through the application.
This grace period exists to give you time to export your data or reactivate your subscription if you change your mind.
On Account Deletion Request
If you request deletion of your account:
- All your data is permanently deleted within 30 days of the confirmed request. This is a hard delete — your data is removed from our active database and is not recoverable.
- This includes: account data, organisation details, client and site data, assessment data, findings, actions, photos, and generated reports.
Exceptions to Deletion
The following data is retained even after account deletion, for the reasons stated:
| Data | Retention Period | Reason |
|---|---|---|
| Audit logs | 24 months from creation | Security, fraud prevention, and service integrity |
| Anonymised analytics | 24 months from creation | Understanding aggregate service usage (contains no personal data) |
| Billing records | Up to 6 years | UK tax law requires retention of financial records. These records are held by Stripe on our behalf. |
How to Request Deletion
You can request deletion of your account and data in two ways:
1. In-App Account Deletion
Use the account deletion feature within AssessKit's account settings. Follow the on-screen instructions to confirm deletion.
2. Email Request
Send an email to privacy@assesskit.co.uk from the email address associated with your account, requesting deletion. We will confirm your identity and process the request.
In both cases:
- We will confirm receipt of your request.
- Deletion will be completed within 30 days.
- We will notify you by email when deletion is complete (sent to your email address before it is deleted from our systems).
Data Export
Before deleting your account, we strongly recommend exporting your data. AssessKit provides:
- CSV export for assessment data, client records, and action items
- Report downloads for generated assessment reports
These features are available while your account is active and during the 30-day read-only grace period after cancellation.
Contact Us
If you have questions about data retention or wish to request deletion, contact us at:
- Email: privacy@assesskit.co.uk
- Company: Crocker Digital Ltd (Company No. 17008789)
- Website: assesskit.co.uk