ExactSum

from   TITAN

Zero Data Retention (ZDR) Policy

Document Version: 1.0  ·  Last Updated: March 2026

1. Overview

ExactSum (operated by Productimiser Ltd) implements a strict Zero Data Retention (ZDR) policy. All uploaded bank statements and converted files are automatically and permanently deleted within 24 hours of upload. No exceptions.

This policy applies to all data processed through the ExactSum platform, including data submitted via the web interface, API, and any white-label or partner integrations.

2. Scope

The following data is subject to automatic deletion within 24 hours of upload:

  • Original uploaded files - PDF bank statements and any other uploaded documents
  • Extracted data files - CSV, Excel, and JSON outputs generated from uploaded statements
  • Temporary processing data - Any intermediate files created during OCR extraction, parsing, and validation
  • Cached analysis results - Any stored outputs from analyser engines (balance, salary, affordability, etc.)

3. The 24-Hour Deletion Window

When a document is uploaded to ExactSum:

  • The file is processed, extracted, and analysed immediately upon receipt.
  • The customer has 24 hours to retrieve results via the API or web interface.
  • After 24 hours, all files and extracted data are permanently deleted.
  • Deleted data cannot be recovered by any party, including ExactSum.

4. Data Retained Outside ZDR Scope

The ZDR policy applies to uploaded documents and their derivatives. The following operational data is retained separately and does not contain bank statement content:

Data Type Purpose Retention Period
Account information Email, organisation name, API credentials Duration of account
Usage records Page counts, timestamps, file metadata (no content) Duration of account
Payment records Billing transactions 7 years (UK tax law)
Audit logs Access logs, processing timestamps 12 months

None of this retained data includes the actual content of bank statements, transaction data, or personal financial information.

5. Technical Implementation

The ZDR policy is enforced through the following technical controls:

  • Automated deletion jobs - Scheduled processes run continuously to identify and remove expired files from all storage locations.
  • No backup retention of file content - Deleted files are excluded from system backups. Bank statement content is never included in backup archives.
  • Secure erasure - Files are securely deleted from storage, not merely marked as deleted.
  • Storage isolation - Uploaded files are stored in dedicated, isolated storage (Cloudflare R2) separate from application databases and infrastructure.

6. Regulatory Alignment

The ZDR policy supports compliance with:

  • UK GDPR - Data minimisation principle (Article 5(1)(c)) and storage limitation principle (Article 5(1)(e)).
  • Data Protection Act 2018 - Processing limited to what is necessary for the stated purpose.
  • FCA Consumer Duty - Minimising risk to consumers by limiting the window during which sensitive financial data is held.

7. Customer Responsibilities

Customers using the ExactSum platform should be aware that:

  • API responses and exported files must be retrieved within 24 hours of upload.
  • Customers are responsible for storing results on their own systems once retrieved.
  • If re-processing is required after the 24-hour window, the original file must be uploaded again.

8. Contact

For questions about this policy:

Email: legal@exactsum.com

Web: exactsum.com

Company: Productimiser Ltd, InfoHub, 41 Petley Road, London, W6 9SU (Company No. 15016956)

This policy is reviewed annually and updated as necessary to reflect changes in technology, regulation, or business operations.