ADR-011: Regulatory Compliance & Data Retention
Status: Accepted Owner: @bilal @deen Date: 2025-01-10
Context
Envo operates in the UK property management sector, handling tenant personal data, communication records, property compliance documents, and future financial records. Subject to UK GDPR, HMO Licensing, Property Ombudsman requirements, and more.
Decision
1. Tiered Data Retention
| Tier | Retention | Data Types |
|---|---|---|
| Raw | 90 days | Full messages, media, call recordings |
| Transcripts + Summaries | 1 year | AI transcripts, conversation/issue summaries |
| Metadata | 7 years | Timestamps, counts, IDs, audit log entries |
Configurable per organisation via retention_policies table. Purge job runs daily, respects legal holds.
2. Consent Tracking
consent_records table tracks per-tenant consent for call recording, WhatsApp/email/SMS comms, marketing, and data processing. Captures consent method (verbal, written, checkbox, inferred) with evidence URL.
- Voice: VAPI greeting includes recording notice
- WhatsApp: First message includes consent notice
- Call recordings only stored for compliance-tier organisations
3. Property Document Compliance
property_documents table tracks required documents with expiry alerts:
| Document Type | Renewal Period |
|---|---|
| Gas Safety Certificate | Annual |
| EPC | 10 years |
| EICR | 5 years |
| HMO License | 5 years |
| Fire Risk Assessment | As needed |
| Legionella Assessment | As needed |
Compliance dashboard view shows per-property validity status and upcoming expiries.
4. Priority Flagging
Tenants and properties can have priority levels (low, normal, medium, high) with audit trail. Auto-calculated priority scores based on issue frequency, response time, escalation rate, compliance status.
5. Reporting & Export
Pre-built report types: communication log, issue summary, tenant activity, compliance status, priority history, regulatory export. Generated as PDF/CSV/XLSX and stored in Supabase Storage with signed download URLs.
6. GDPR Data Subject Requests
data_subject_requests table tracks access (SAR), deletion, portability, and rectification requests. Status workflow: pending → verified → processing → completed/rejected.
Implementation Notes
- Retention job: Daily cron — generate summary if missing, delete raw messages/media, archive conversation, log to audit
- Legal holds:
hold_until+hold_reasonon conversations prevents auto-purge - Export-on-demand: Package all data before deletion, signed URL with 24hr expiry
- Storage security: Private Supabase Storage buckets, org-scoped paths, RLS policies, signed URLs (15-60 min expiry)
Consequences
Positive
- Full regulatory compliance for UK property sector
- Defensible audit trail
- Proactive document expiry management
- Clear data retention reducing long-term storage costs
Negative
- Increased data model complexity
- Retention cleanup jobs required
- Report generation processing overhead