Legal

Data Retention Policy

Effective July 6, 2026 · Next review July 2027

This policy states how long Stirpi retains each category of data, what triggers deletion, and how deletion is verified. It is reviewed annually and after any material change to our data-processing practices.

Deletion requests initiated from Settings are executed immediately in the primary database. Backup rollover completes within 30 days, at which point no copy of the data remains under our control.

Data categoryRetention windowDeletion trigger
Account credentials (email, password hash)Duration of active account; deleted ≤30 days after closure.Account deletion.
Household profile and member dataDuration of active account; deleted ≤30 days after closure.Account deletion.
Plaid access tokensDuration of the linked item; revoked immediately on unlink or deletion.User unlinks item OR account deletion.
Bank/brokerage account balances and transactionsDuration of active account; deleted ≤30 days after closure.Account deletion.
Manual assets, liabilities, and vault itemsDuration of active account; deleted ≤30 days after closure.Account deletion OR user-initiated row deletion (immediate).
Consumer credit reports and scoresRolling 24 months of score history; report bodies retained 90 days.Automatic rollover; immediate deletion on monitoring disable.
Consent records (Plaid Link, FCRA disclosure)7 years after account closure.Regulatory retention; required to demonstrate lawful basis.
Server access logs30 days rolling.Automatic rollover.
Application error and audit logs90 days rolling.Automatic rollover.
Backups30 days rolling.Automatic rollover; deletion propagates within one backup cycle.

Deletion mechanics

When you delete your account, the following happens in order:

  1. Every linked Plaid item is revoked via Plaid's /item/remove endpoint, immediately halting further data transmission.
  2. Your authentication record is deleted. This cascades through every household, account, transaction, manual asset, liability, vault item, credit record, and consent row associated with you.
  3. Backup snapshots containing your data age out within 30 days on a rolling window.

Regulatory retention obligations (for example, consent records under the Fair Credit Reporting Act) are the only exception. Those records are retained for the period required by law and then deleted.

Review cadence

This policy is reviewed annually by the responsible owner and updated whenever a new data category is introduced, a retention window changes, or a new subprocessor is added. Historical versions are available on request at privacy@stirpi.com.