MyMoney — Data Retention and Deletion Policy
Version: 1.0 Effective Date: 2026-05-02 Owner: Andrew Walsh, Owner Review Cycle: Annually
1. Purpose
This policy defines how MyMoney retains, manages, and deletes consumer data in compliance with applicable data privacy laws including CCPA (California Consumer Privacy Act) and general privacy best practices.
2. Data Retention Schedule
| Data Type | Retention Period | Reason |
|---|---|---|
| Account profile (name, email, preferences) | Life of account | Required to operate the service |
| Financial account metadata (names, types, balances) | Life of account | Core app functionality |
| Transaction history | Life of account | Core app functionality |
| Plaid access tokens | Life of account or until disconnected | Required for ongoing sync |
| Coinbase API keys | Life of account or until disconnected | Required for ongoing sync |
| Tax documents (user-uploaded files) | Life of account or until user deletes | User-controlled |
| Tax estimates and calculations | Life of account | Core app functionality |
| Budget and goal history | Life of account | Core app functionality |
| AI Advisor conversation history | 12 months from last message | Functionality; older history not useful |
| Application log data | 90 days | Security monitoring and debugging |
| Authentication session tokens | Duration of session (max 7 days) | Security |
| Push notification subscriptions | Life of account or until browser unsubscribes | Notification delivery |
3. Data Deletion
3.1 Account Deletion (User-Initiated)
When a user deletes their account:
- All personal data is flagged for deletion immediately
- Supabase Storage files (tax documents) are deleted within 24 hours
- All database records tied to the user's ID are permanently deleted within 30 days
- Plaid access tokens are revoked via the Plaid API before deletion
- Coinbase API key records are permanently deleted
- Backups containing user data are overwritten within 30 days per Supabase's backup retention cycle
Users can initiate account deletion from: Settings → Danger Zone → Delete Account
3.2 Partial Deletion (User-Initiated)
Users may delete individual items without closing their account:
- Disconnect a bank/account: Plaid access token is revoked, associated account and transaction records are deleted within 24 hours
- Delete a tax document: File is removed from Supabase Storage immediately, metadata record deleted immediately
- Delete a transaction: Record permanently deleted immediately
- Clear advisor history: Conversation record deleted immediately
3.3 Automated Deletion
The following data is deleted automatically without user action:
- AI Advisor conversation history older than 12 months: deleted on a monthly automated job
- Application log data older than 90 days: deleted on a monthly automated job
- Expired household invitations (older than 7 days): deleted on a daily automated job
- Expired session tokens: managed automatically by Supabase Auth
4. Data Deletion Requests
Users may submit a formal data deletion request by:
- Using the in-app account deletion feature (Settings → Danger Zone), or
- Emailing andrewdanawalsh@gmail.com with the subject line "Data Deletion Request"
We will process all deletion requests within 30 days and confirm completion via email.
5. Third-Party Data
When a user disconnects a financial account or deletes their MyMoney account, we take the following steps with third-party providers:
- Plaid: Plaid access tokens are revoked via
POST /item/remove. Plaid retains its own logs per their privacy policy. - Coinbase: API key records are deleted from our system. Coinbase retains its own account data per their privacy policy.
- Supabase: Data is deleted from the hosted database. Supabase's infrastructure backups cycle within 30 days.
- Anthropic: No persistent data is stored by Anthropic from MyMoney conversations beyond their standard API logging practices.
- Vercel: Log data is retained for 90 days on Vercel's infrastructure per their data practices.
6. Legal Holds
In the event that applicable law requires retention of specific data beyond the periods listed above (e.g., a legal hold or regulatory investigation), the relevant data will be retained for the legally required period, with access restricted to authorized personnel only.
7. Policy Review
This policy is reviewed annually or when:
- Applicable privacy laws change
- A significant data incident occurs
- Material changes are made to data handling practices
Last reviewed: 2026-05-02 Next review due: 2027-05-02