Legal
Last updated: 17 June 2026
This policy explains how long Impacturi (operated by Clickonic Ltd) retains data, and what happens to your data when your subscription ends or you ask us to delete it.
We retain personal data only for as long as it is needed to provide our services or to comply with legal obligations. We do not keep data "just in case". When data is no longer needed, it is deleted.
| Data type | Retained while | After account closure | Lawful basis |
|---|---|---|---|
| Account profile (name, email, organisation) | Subscription is active | Deleted within 30 days | Contract performance (Art. 6(1)(b) UK GDPR) |
| Donor personal data (names, email addresses, giving history) | Subscription is active | Deleted within 30 days of account closure | Processing under contract with charity (Art. 28 UK GDPR processor obligation) |
| Financial transaction records | Required by UK law | Retained for 7 years (UK tax law requirement) | Legal obligation (Art. 6(1)(c) UK GDPR; Companies Act 2006; HMRC) |
| Anonymised and aggregated analytics | Indefinitely | Retained indefinitely (no personal data, cannot identify individuals) | Not personal data; UK GDPR does not apply |
| Support correspondence | 2 years from last contact | Deleted after 2 years | Legitimate interests (Art. 6(1)(f) UK GDPR) — defending potential legal claims |
| Impact pages and stories | Subscription is active | Unpublished immediately, deleted within 30 days | Contract performance (Art. 6(1)(b) UK GDPR) |
| Uploaded media (logos, photos) | Subscription is active | Deleted within 30 days | Contract performance (Art. 6(1)(b) UK GDPR) |
| CRM connection credentials | Connection is active | Deleted immediately on disconnection or account closure | Contract performance (Art. 6(1)(b) UK GDPR) |
| Payment and billing records | Required by law | Retained for 7 years (HMRC requirement), held by Stripe | Legal obligation (Art. 6(1)(c) UK GDPR; HMRC) |
| Application logs (error logs, access logs) | Rolling 90-day window | Automatically purged after 90 days | Legitimate interests (Art. 6(1)(f) UK GDPR) — security monitoring and service integrity |
| Automated database backups | Daily backups: max 30 days. Monthly backups: max 90 days. | Personal data in backups is purged when those backups age out of the retention window | Legitimate interests (Art. 6(1)(f) UK GDPR) — disaster recovery and service continuity |
Personal data present in automated backups at the time of deletion will be purged when those backups age out of the retention window. Current retention windows are: daily backups, maximum 30 days; monthly backups, maximum 90 days. This means that following a deletion request or account closure, personal data may persist in encrypted backups for up to 30 days before those snapshots are overwritten.
Clickonic does not restore personal data from backup solely for data access purposes after a deletion request has been fulfilled. Backups exist solely to allow service restoration in the event of data loss or system failure.
Before or during the 30-day grace period, you can export all your data. The platform provides CSV export of donor records and donation history. For a complete data export, contact us and we will provide it within 5 working days.
You can request deletion of your data at any time by contacting us. We will:
You can also delete individual donor records yourself at any time through the platform dashboard.
This policy is reviewed at least annually and updated as our platform and legal obligations evolve.
For data export requests, deletion requests, or questions about this policy:
Data Protection contact, Clickonic Ltd
data@impacturi.com
This policy is governed by the laws of England and Wales and supplements our Data Processing Agreement.