← Privacy Notice · Data Processing Agreement

Reference document. This policy is for customers and internal use. It is linked from our Privacy Notice and Data Processing Agreement. Staff users are not asked to accept it on login.

Version: 1.0

Last updated: 03/06/26

Provider: Stow Quill Ltd trading as House Desk

Company number: 15671718

Registered office: 47 Jerounds, Harlow, Essex, CM19 4HE

Email: support@bopple.co.uk

How long House Desk typically retains workplace data, account data, logs and backups.

House Desk Data Retention Policy

This Data Retention Policy explains how long House Desk typically keeps different categories of data, and how retention works when accounts are closed, data is deleted, or backups are used.

It is intended for House Desk customers, administrators and internal teams. It is not a document that staff end users are asked to accept on login. It should be read together with our Privacy Notice (https://housedesk.co.uk/privacy) and Data Processing Agreement (https://housedesk.co.uk/dpa).


1. Purpose of this policy

This policy helps customers understand:

  • who decides how long workplace data is kept;
  • what happens to data in active accounts;
  • what happens when data is deleted in the platform;
  • what happens when a customer account is closed;
  • how backups affect retention;
  • and what House Desk may keep for its own legal, security and business purposes.

Retention periods in this policy are default or typical positions unless a specific contract says otherwise. They may be updated from time to time as the platform, law or our operations change.


2. Controller vs processor

For most workplace data in House Desk (rotas, clock-in records, timesheets, training, incidents and similar records):

  • the customer/employer is the controller and decides the lawful purpose and retention period;
  • House Desk is the processor and keeps data according to the customer's use of the platform, this policy, the DPA and the Customer Terms.

Customers must set their own retention practices, export records they are required to keep, and delete data when it is no longer needed.


3. Active customer accounts

While a customer has an active House Desk account and uses the Services, Customer Data is generally retained in active systems for as long as the customer chooses to keep it in the platform.

House Desk does not automatically delete rota records, clock-in data, timesheets, training records or incident logs from active accounts solely because of age, unless:

  • the customer deletes the data;
  • the customer configures a feature that removes or archives data;
  • the customer closes the account;
  • or deletion is required by law or agreed in writing.

Customers should regularly review whether data is still needed and export or delete it when appropriate.


4. Retention by data category

The table below describes typical retention in House Desk systems. Customers may keep data for shorter or longer periods where they have a lawful basis to do so.

4.1 Rota, shifts and scheduling

  • Includes: rota templates, published rotas, shift records, shift responses, swap requests, staffing plans, availability linked to scheduling.
  • Active account: retained while the account is active and the customer has not deleted the records.
  • After deletion in app: removed from active systems when deleted by an authorised user, subject to audit logs and backups below.
  • Customer responsibility: export rota history if required for employment, payroll or dispute records.

4.2 Clock-in, clock-out and attendance

  • Includes: clock-in and clock-out events, attendance verification metadata (such as time stamps, site, device or location where enabled), break records, attendance corrections and approvals.
  • Active account: retained while needed for timesheets, payroll preparation and operational use.
  • After deletion in app: removed from active systems when deleted by authorised users, subject to audit logs and backups.
  • Customer responsibility: verify accuracy before payroll use; export before account closure if legally required.

4.3 Timesheets and payroll-related exports

  • Includes: timesheet periods, approvals, adjustments, pay rate history used in calculations, and payroll export files generated through House Desk.
  • Active account: retained while the account is active unless deleted by the customer.
  • Payroll export files: typically retained in active storage to allow re-download for a limited period (often up to 12 months from generation unless deleted earlier by the customer).
  • Customer responsibility: payroll exports must be checked before use; customers should store final payroll records in their own systems.

4.4 Holidays, availability and leave

  • Includes: holiday requests, entitlement records, availability patterns, absence information entered in the platform.
  • Active account: retained while the account is active unless deleted by the customer.
  • Customer responsibility: align retention with employment and holiday record-keeping obligations.

4.5 Training, SOPs, documents and acknowledgements

  • Includes: training modules, progress records, completions, quizzes, SOPs, policy documents, acknowledgement records, uploaded staff documents.
  • Active account: retained while the account is active and the content remains published or stored.
  • After unpublish or delete: removed from active user-facing systems when deleted or archived by the customer, subject to backups.
  • Customer responsibility: keep copies of signed contracts and critical HR documents outside House Desk where required.

4.6 Messages, updates and notifications

  • Includes: team messages, update posts, comments, in-app notifications and delivery logs.
  • Active account: generally retained while the account is active; older items may be archived or deleted by customer administrators depending on product features.
  • Notification logs: may be kept for a shorter period for troubleshooting (often up to 90 days).

4.7 Tasks, checks and operational logs

  • Includes: checklist templates, completed checks, opening/closing records, temperature logs, task instances, issue records and attachments.
  • Active account: retained while the account is active unless deleted by the customer.
  • Customer responsibility: food safety, health and safety and licensing records may need to be kept for years under customer obligations—customers should export where required.

4.8 Incident, accident and compliance records

  • Includes: incident forms, accident book entries, whistleblowing reports, compliance cases, evidence files and investigation notes.
  • Active account: retained while the account is active unless deleted by the customer.
  • Typical customer practice: many employers retain accident and incident records for 3 to 6 years or longer where required by law; the customer decides.
  • House Desk position: we do not auto-delete incident records by age during an active subscription.

4.9 Staff profiles and HR files

  • Includes: user profiles, roles, site assignments, disciplinary logs, staff file uploads, contract records in the platform.
  • Active account: retained while the user remains on the account or while the customer keeps the record.
  • When a staff user is removed: access is removed; profile and linked records may remain visible to administrators unless the customer deletes them.
  • Customer responsibility: delete or anonymise data when employment ends if no longer needed, subject to legal retention duties.

4.10 Audit logs and platform activity

  • Includes: security-relevant actions, permission changes, some administrative events, check audit trails where enabled.
  • Typical retention: up to 12 to 24 months in active or archive storage for security, dispute and troubleshooting purposes, unless a longer period is required for a specific investigation or legal hold.

4.11 Support and communications with House Desk

  • Includes: emails, tickets, in-app support messages, call notes, attachments sent to support.
  • Typical retention: up to 3 years from closure of the request, unless needed longer for legal, security or dispute purposes.

4.12 Billing, subscription and account administration

  • Includes: subscription history, invoices, payment status, plan changes, account owner contact details.
  • Typical retention: up to 6 years after the relevant tax year for UK accounting and tax purposes, or longer where required by law or dispute.

4.13 Security, error and infrastructure logs

  • Includes: authentication events, IP addresses, error logs, performance logs, abuse prevention records.
  • Typical retention: 90 days to 12 months, unless needed longer for incident investigation or legal obligations.

4.14 Marketing and sales records (House Desk as controller)

  • Includes: enquiries, demo requests, mailing list preferences.
  • Typical retention: until the relationship ends plus a reasonable period, or until opt-out, with suppression records kept as needed to honour unsubscribe requests.

5. Customer-initiated deletion

When a customer or authorised user deletes records in House Desk:

  • data is removed from active production systems used for day-to-day operation;
  • linked files in storage may be deleted or orphaned file cleanup may run on a schedule;
  • audit and security logs may still reference that an action occurred;
  • backups may still contain deleted data until those backups expire (see section 7).

Deletion in the app does not always mean immediate removal from all copies worldwide. Customers should export data before deletion if they need a permanent business record.


6. Account closure and trial expiry

When a customer subscription ends, an account is cancelled, or a trial expires without conversion:

6.1 Export period

  • Customers should export Customer Data before closure where required for employment, tax, health and safety, licensing or dispute purposes.
  • House Desk may allow a limited post-termination access or export window where agreed or enabled in the product.

6.2 Active systems

- After closure, Customer Data in active databases and file storage is typically scheduled for deletion within 30 to 90 days, unless: - a longer period is agreed in writing; - export or dispute processes require short-term extension; - or law requires retention.

6.3 Individual user removal

  • Removing a staff member from an account stops their access.
  • Their data may remain in the customer's account until an administrator deletes or anonymises it.
  • The customer remains responsible for retention decisions.

6.4 Slug and account identifiers

  • Some non-personal account metadata (such as account IDs in billing or fraud prevention records) may be retained longer in anonymised or pseudonymised form.

7. Backups and disaster recovery

House Desk maintains backups to protect against data loss and service failure.

  • Purpose: disaster recovery and resilience, not long-term archiving for customers.
  • Typical backup retention: rolling backups often kept for approximately 30 to 90 days before overwrite or deletion, depending on environment and provider settings.
  • Effect of deletion: data deleted from active systems may persist in backups until those backup cycles expire.
  • Restore: backups are not generally used to restore individual deleted records for customers on request unless operationally feasible and agreed.

Customers must not rely on House Desk backups as their own compliance archive.


8. Legal hold and exceptional retention

House Desk may retain data longer than usual where:

  • required by law, court order, regulator request or legal process;
  • needed for fraud prevention, security investigation or enforcement of terms;
  • needed for an active dispute involving House Desk or the customer;
  • or the customer requests a temporary legal hold in writing.

Where a legal hold applies, normal deletion schedules may be suspended for the affected data.


9. Anonymised and aggregated data

House Desk may retain anonymised or aggregated information that no longer identifies individuals for analytics, security reporting, service improvement and business operations.

Such information is not treated as personal data where individuals are not identifiable.


10. International storage

Customer Data may be stored and processed in the United Kingdom and, where subprocessors are used, in other locations subject to appropriate safeguards described in our Privacy Notice and DPA.

Retention periods apply regardless of storage location.


11. Customer configuration and responsibility

Customers are responsible for:

  • deciding lawful retention periods for workplace data;
  • documenting retention in their own staff privacy notices and HR policies;
  • deleting data that is no longer needed;
  • exporting records before account closure;
  • responding to data subject erasure requests where they are controller;
  • not using House Desk as the sole long-term archive for legally required records.

House Desk provides tools to export and delete data but does not provide legal advice on retention periods.


12. Changes to this policy

We may update this Data Retention Policy from time to time.

The version and last updated date are shown at the top of the published document. Material changes may be communicated to customers through the platform, email or account notices where appropriate.


13. Contact

Questions about this policy or retention practices:

House Desk Privacy Team Stow Quill Ltd trading as House Desk privacy@bopple.co.uk

For workplace data in your organisation's account, contact your employer or account administrator first.