Legal
Data Retention Policy
Effective July 6, 2026 · Next review July 2027
This policy states how long Stirpi retains each category of data, what triggers deletion, and how deletion is verified. It is reviewed annually and after any material change to our data-processing practices.
Deletion requests initiated from Settings are executed immediately in the primary database. Backup rollover completes within 30 days, at which point no copy of the data remains under our control.
| Data category | Retention window | Deletion trigger |
|---|---|---|
| Account credentials (email, password hash) | Duration of active account; deleted ≤30 days after closure. | Account deletion. |
| Household profile and member data | Duration of active account; deleted ≤30 days after closure. | Account deletion. |
| Plaid access tokens | Duration of the linked item; revoked immediately on unlink or deletion. | User unlinks item OR account deletion. |
| Bank/brokerage account balances and transactions | Duration of active account; deleted ≤30 days after closure. | Account deletion. |
| Manual assets, liabilities, and vault items | Duration of active account; deleted ≤30 days after closure. | Account deletion OR user-initiated row deletion (immediate). |
| Consumer credit reports and scores | Rolling 24 months of score history; report bodies retained 90 days. | Automatic rollover; immediate deletion on monitoring disable. |
| Consent records (Plaid Link, FCRA disclosure) | 7 years after account closure. | Regulatory retention; required to demonstrate lawful basis. |
| Server access logs | 30 days rolling. | Automatic rollover. |
| Application error and audit logs | 90 days rolling. | Automatic rollover. |
| Backups | 30 days rolling. | Automatic rollover; deletion propagates within one backup cycle. |
Deletion mechanics
When you delete your account, the following happens in order:
- Every linked Plaid item is revoked via Plaid's
/item/removeendpoint, immediately halting further data transmission. - Your authentication record is deleted. This cascades through every household, account, transaction, manual asset, liability, vault item, credit record, and consent row associated with you.
- Backup snapshots containing your data age out within 30 days on a rolling window.
Regulatory retention obligations (for example, consent records under the Fair Credit Reporting Act) are the only exception. Those records are retained for the period required by law and then deleted.
Review cadence
This policy is reviewed annually by the responsible owner and updated whenever a new data category is introduced, a retention window changes, or a new subprocessor is added. Historical versions are available on request at privacy@stirpi.com.