24 hours
Uploaded PDFs (P60, PSS, chargeable-event certificates) are parsed, then permanently deleted from UK-region object storage 24 hours later. An hourly cron enforces the cutoff; nothing carries over between paraplanner sessions.
ParaplanAI · legal · DPA
Data Processing Agreement.
The Article 28 (UK GDPR) contract between your firm (controller) and ParaplanAI (processor). Required if your firm uploads any personal data about end clients — typically anonymised in our flow but the DPA covers the residual case where free-text fields carry PII.
Headline terms
- Roles. Your firm is the data controller. ParaplanAI is the data processor.
- Purpose limitation. We process personal data only to provide the calculator + audit-trail service you have subscribed to. No analytics, no AI training, no resale.
- Sub-processors. The current list is in /privacy §4. We notify you 30 days before adding any new sub-processor; you can object.
- Security. AES-256 at rest, TLS 1.3 in flight, RLS on every tenant-scoped table. See /security.
- Retention. Uploaded source PDFs are permanently deleted 24 hours after upload by an hourly automated job. As controller, you set how long finalised calculations are kept (six years by default) and can delete any client, policy or calculation on demand; drafts you never finalise are removed after 90 days. Output PDFs are kept with their calculation. See /data-minimisation.
- International transfers. We do not transfer client personal data outside the UK / EU. Document extraction runs on an EU-hosted AI service (AWS Bedrock) and the PDF is processed in-region; only billing data reaches our (international) payments processor. See /privacy §2.3 + §5.
- Breach notification. ICO + affected firms within 72 hours of detection.
- Sub-processor audit rights. Annual right of access to our latest controls report + sub-processor DPAs.
- Return / deletion on termination. Within 30 days of subscription end, we export your firm's calc audit trail (JSONL) and delete operational data per the retention schedule in /privacy §6.
Retention schedule
The numbers below are the operative retention horizons for personal data your firm passes to ParaplanAI. They are the same numbers documented in /privacy §6 and /data-minimisation — single source of truth across the three pages.
You decide
Clients, policies and calculations are yours to delete — one click, whenever you want. You hold your own FCA record; we never force a period on you. Finalised calculations you keep are auto-retained for the window your firm sets (six years by default), then deleted. Drafts you never finalise are removed after 90 days.
With the record
The compliance annex you download stays available so it can be re-fetched without re-running the calc. It is kept alongside its calculation under your firm’s retention policy, and goes the moment you delete the record — export it first if you need a copy.
See the data-minimisation page → /data-minimisation.
Signed PDF
The countersigned DPA PDF is available on request — email info@paraplanai.co.uk with your firm name and primary contact. We send a DocuSign link the same business day. The DPA stays in force for as long as we process any personal data on your behalf — through your subscription and any retention window you have set afterwards.
If your firm requires our DPA to be cross-signed onto your standard supplier contract instead, reply to the email above with your template attached and we'll review within 5 business days.
See also
- /privacy → — controller-side personal data, retention, sub-processors
- /data-minimisation → — what we hold, what we don't, and how long for
- /terms → — commercial terms, liability cap, billing
- /security → — controls + breach-notification commitment