CashCaptain

Data Retention & Disposal Policy

Effective May 4, 2026

This policy describes how long CashCaptain retains user data and how we dispose of it. It is reviewed at least annually by the company's founder and security lead.

1. Scope

This policy applies to all personal and financial data CashCaptain collects, processes, or stores in connection with the Service, including:

  • User account records (email, hashed password)
  • Plaid Items, access tokens, accounts, balances, and transactions
  • User-created data (categories, budgets, rules, splits, notes, dashboard layout)
  • Session and authentication records
  • Operational logs (request logs, error logs, login attempt logs)

2. Retention Periods

Active accounts

While your account is active, we retain your account and financial data so the Service can function. Plaid transactions are kept as far back as your financial institution provides them (typically 24 months).

After account deletion

When you delete your account through the in-app "Delete account" option, we:

  • Within 1 hour:revoke our access to your linked financial institutions by calling Plaid's /item/remove endpoint for every Item you authorized.
  • Within 24 hours: permanently delete your user record from the production database. Cascading deletes remove all linked Items, accounts, transactions, transaction metadata, splits, categories, budgets, rules, sessions, password reset tokens, and dashboard layouts.
  • Within 30 days: remove your data from automated database backups as those backups age out of the rolling backup window.

Operational logs

  • HTTP access logs: retained 14 days
  • Application error logs: retained 30 days
  • Failed login attempts (for rate-limiting): retained 90 days

Records we may retain longer

We may retain a minimal subset of data after deletion when legally required, including:

  • Records needed to comply with tax, accounting, or audit obligations (typically 7 years)
  • Records needed to investigate or defend against fraud, security incidents, or legal claims
  • Records subject to a legal hold

Such records are stored separately, with restricted access, and used only for the stated purpose.

3. Disposal Methods

  • Database records are removed via SQL DELETE statements with foreign-key cascades. No soft-delete flags are used for personal data.
  • Plaid access tokens are both revoked at Plaid (via their API) and removed from our database.
  • Backups are kept on a rolling 30-day window. Deleted user data ages out of backups within that window.
  • Application logs are auto-rotated and overwritten per the retention periods above.

4. Roles & Responsibilities

  • The founder owns this policy and reviews it annually.
  • Access to production data is restricted to personnel with a documented operational need; access is logged.
  • Any policy exception requires documented justification and a defined end date.

5. User Rights

At any time, you may:

  • Disconnect a single financial institution from the Settings page (this triggers a Plaid Item removal for that institution only)
  • Delete your entire account (triggers the full deletion described in Section 2)
  • Email support@cashcaptain.us to request a copy of your data or to ask questions about retention

6. Policy Review

This policy is reviewed at least once per year and updated whenever material changes occur to our infrastructure, data flows, or applicable law.

7. Contact

For questions about this policy or to make a data request, email support@cashcaptain.us.