Data Retention & Deletion Policy
Effective date: April 12, 2026 · Next scheduled review: April 12, 2027
1. Purpose
This policy describes how long BudgetMaxxing retains personal and financial information, when we delete it, and how users and authorized parties can request deletion. It is intended to comply with applicable data privacy laws including the GDPR, the CCPA/CPRA, and the requirements of our financial data partners.
2. Scope
This policy applies to all personal and financial information processed by BudgetMaxxing, including data retrieved from Plaid on behalf of an end user.
3. Retention windows
| Data category | Retention window | Trigger for deletion |
|---|---|---|
| Account profile (name, email) | Life of account + 30 days | Account deletion request or 12 months of inactivity |
| Workspace content (categories, budgets, rules, notes) | Life of workspace + 30 days | Workspace deletion or account deletion |
| Financial accounts & transactions retrieved via Plaid | Life of linked institution + 30 days | Disconnecting the institution or account deletion |
| Plaid access tokens | Until the linked institution is disconnected | User-initiated disconnect or account deletion |
| Authentication logs & security audit events | 13 months | Rolling expiration |
| Application logs | 30 days | Rolling expiration |
| Backups | 30 days | Rolling expiration |
| Billing & tax records | 7 years | Required by tax law |
4. Deletion process
4.1 User-initiated deletion
- A user can delete their account from Settings → Account → Delete account inside the application.
- Account deletion immediately revokes all Plaid access tokens associated with the account using Plaid's
/item/removeendpoint. - Workspace content and financial data are marked for deletion and removed from production systems within 30 days.
- Backups containing the deleted data expire on the standard 30-day rotation.
4.2 Email-initiated deletion request
Users may also request deletion by emailing cole@promptmaxxing.ai. Requests are verified using the email address on file and acknowledged within 7 business days. Deletion completes within 30 days of verification.
4.3 Plaid-initiated deletion
BudgetMaxxing honors Plaid end-user data deletion requests routed through Plaid. Upon receipt, we follow the same process described in section 4.1 and confirm completion to Plaid.
5. Exceptions
We may retain certain information beyond the windows above where required by law, to resolve disputes, to enforce our Terms of Service, or to detect and prevent fraud. Retained data is minimized, isolated from production access, and deleted as soon as the obligation ends.
6. Policy review
This policy is reviewed at least annually by the BudgetMaxxing security contact. The next scheduled review date is shown at the top of this document. Material updates will be reflected on this page and announced to active users.
7. Contact
Questions or requests related to this policy can be sent to cole@promptmaxxing.ai.