Data Tier Classification
Status: Published · Last reviewed: 2026-04-16 · Next review: 2027-04-16 Regulatory reference: Articles 5(1)(c) (data minimisation) and 5(1)(e) (storage limitation) GDPR.
Every category of personal data in the Data Inventory is classified into one of three tiers. The tier determines how and when the data is removed, which consents apply to it, and whether the user can clear it without closing their account.
Tier definitions
| Tier | What it means | When it is removed |
|---|---|---|
| Essential | Data without which the account cannot be operated, authenticated, billed, or kept safe. The account cannot function without this data. | When the account is closed, subject only to statutory retention (e.g. tax records). |
| Functional | Data that delivers specific contracted features. The account can exist without it, but the feature relying on it cannot. | When the user deletes the related item or when the account is closed. |
| Optional | Data used to improve or personalise the experience, or to produce aggregate insights. Not required for any contracted feature. | When the user changes the relevant preference, withdraws consent, or closes the account. |
Essential — required for account operation
| Category | Why it is Essential |
|---|---|
| Account identifier and sign-in email | Used to authenticate the user; without it the account cannot be recognised. |
| Authentication credentials (identity-provider linkage, active sessions, short-lived verification tokens, passkey registrations) | Without these the user cannot sign in. |
| Subscription and billing references (for paying users) | Required to verify entitlement and to invoice. |
| Access-control role | Required to enforce permissions. |
Retention: life of the account. Billing references are retained for the minimum statutory period applicable to financial records.
Functional — required for specific features
| Category | Feature served |
|---|---|
| User-supplied display name | Personalisation and attribution. |
| Task and crumb content | Core product. |
| Templates and export templates | Reusable-content features. |
| Comments, tags, assignments | Organisation and collaboration features. |
| Time-zone and working-hours configuration | Scheduling. |
| Progress and scheduling telemetry | Streaks, progress display, reminder accuracy. |
| User-issued API keys and user-configured integrations | The integrations themselves, at the user's request. |
Retention: until the user deletes the related item or closes the account. Integration credentials are destroyed when the integration is revoked.
Optional — analytics, improvement, convenience
| Category | Purpose |
|---|---|
| Country | Localisation. |
| Profile picture | Personalisation. |
| Onboarding state and optional onboarding answers | Product guidance and user-experience improvement. |
| Opt-in reminder-email preference | Non-essential communication preference. |
| Aggregate product analytics | Understanding how the product is used overall. |
Retention: retained while the user's consent or preference remains in place. Any Optional item may be cleared by the user without affecting their ability to use the service.
Cross-tier guarantees
1. Cascading deletion. When an account is closed, every piece of Essential, Functional, and Optional data associated with it is deleted, subject only to statutory retention for records Syncflow is obliged to keep (principally financial records). 2. Minimisation at collection. Syncflow only collects the data described in the Data Inventory. New data cannot be added to the product without updating this classification and the inventory. 3. Self-service export. Essential and Functional data can be exported by the user through the data-export feature. Optional data is available on request. 4. Downgrade path. A user may clear every Optional item — analytics consent, profile picture, country, onboarding answers, reminder-email preference — without losing access to the paid features they are entitled to.
Review triggers
This classification is reviewed when:
- A new type of personal data is introduced into the product;
- A new processor is engaged;
- A consent requirement changes (for example, following guidance from a supervisory authority);
- Or at least annually.