Data Retention Policy

1. Introduction

1. Purpose and Scope

1. General Retention Principles

1. Account Data

1. Transaction and Financial Data

1. Banking and Investment Data

1. Communication Records

1. Analytics and Usage Data

1. Security and Audit Logs

1. AI Conversation Data

1. Payment and Tax Records

1. Support and CRM Data

1. Marketing and Referral Data

1. Backup and Disaster Recovery

1. Legal Holds and Exceptions

1. User Deletion Requests

1. Data Subject Rights Requests

1. Retention Schedule Summary

1. Compliance and Legal Requirements

1. Contact Information

---

INTRODUCTION

INTRODUCTION

INTRODUCTION

INTRODUCTION

---

PURPOSE AND SCOPE

Purpose:

PURPOSE AND SCOPE

• Ensure compliance with legal and regulatory retention requirements

• Define clear retention periods for different data types

• Minimize data storage to respect user privacy

• Support business operations and service delivery

• Enable data subject rights (access, deletion, portability)

• Protect against litigation risks

Scope:

Protect against litigation risks

• All personal data processed by XPlus Finance

• Data stored in production systems, backups, and archives

• Data processed by subprocessors on our behalf

• All user types (active, inactive, deleted accounts)

All user types (active, inactive, deleted accounts)

• Aggregated, anonymized data with no personal identifiers

• Internal business records not containing personal data

• Public information available from third-party sources

---

GENERAL RETENTION PRINCIPLES

Data Minimization:

GENERAL RETENTION PRINCIPLES

1. Service Delivery: Providing requested services to users

1. Legal Obligations: Compliance with tax, financial, and regulatory requirements

1. Legitimate Interests: Fraud prevention, security, dispute resolution

1. Consent Duration: As long as consent remains valid (for consent-based processing)

Retention Criteria:

Consent Duration: As long as consent remains valid (for consent-based processing)

• Legal Requirements: Statutory retention obligations (e.g., 7 years for financial records)

• Contractual Obligations: Service agreements and business contracts

• Operational Needs: Business processes and service delivery

• User Expectations: Reasonable retention for account functionality

• Risk Management: Litigation, disputes, and fraud prevention

Automatic Deletion:

• Data is automatically deleted when retention periods expire

• Automated deletion processes run monthly

• Manual review for exceptions (legal holds, active disputes)

Secure Deletion:

Manual review for exceptions (legal holds, active disputes)

• Permanent Deletion: Data is irreversibly removed from production systems

• Backup Deletion: Data is flagged for deletion in next backup rotation cycle

• Subprocessor Notification: We instruct subprocessors to delete data

• Verification: Deletion completion is logged and verified

---

ACCOUNT DATA

Active Account Data:

ACCOUNT DATA

ACCOUNT DATA

ACCOUNT DATA

• Required for service delivery while account is active

• 30-day grace period allows account recovery if closure was accidental

30-day grace period allows account recovery if closure was accidental

• Full name, email address, phone number

• Account creation date, last login date

• User preferences and settings

• Profile information (optional fields)

• Account status (active, suspended, closed)

Account status (active, suspended, closed)

---

Inactive Account Data:

Account status (active, suspended, closed)

Account status (active, suspended, closed)

• Accounts with Zero Balance: 24 months of inactivity, then account closure notice sent

• Accounts with Balance: Retained indefinitely until user logs in or requests closure

• After Closure Notice: 90 days to respond before automatic closure and data deletion

After Closure Notice: 90 days to respond before automatic closure and data deletion

• Balance-holding accounts retained to protect user funds

• Inactive accounts without balances are low-value and increase security risk

Inactive accounts without balances are low-value and increase security risk

1. After 24 months of inactivity (zero balance accounts):

• Email notice sent warning of upcoming closure

• 90-day response period provided

1. If no response after 90 days:

• Account closed

• Data deleted per standard deletion schedule (30 days after closure)

---

Deleted Account Data:

Data deleted per standard deletion schedule (30 days after closure)

Data deleted per standard deletion schedule (30 days after closure)

Data deleted per standard deletion schedule (30 days after closure)

• Financial transaction records: 7 years (legal requirement)

• Tax reporting data: 7 years (IRS requirement)

• Fraud/dispute-related data: Up to 5 years or until resolution

• Data subject to legal hold: Duration of hold

Data subject to legal hold: Duration of hold

• Allow account recovery if deletion was accidental

• Final opportunity to withdraw funds or export data

• Fraud investigation window

Fraud investigation window

• All personal identifiers removed

• Transaction records anonymized (amounts retained for accounting)

• Irreversible deletion from production systems

---

TRANSACTION AND FINANCIAL DATA

Transaction History:

TRANSACTION AND FINANCIAL DATA

TRANSACTION AND FINANCIAL DATA

TRANSACTION AND FINANCIAL DATA

• IRS Requirement: 7 years for tax audit purposes

• Accounting Standards: Generally Accepted Accounting Principles (GAAP)

• Legal Disputes: Statute of limitations for financial disputes

Legal Disputes: Statute of limitations for financial disputes

• Transaction ID, date, amount, currency

• Transaction type (payment, withdrawal, commission)

• Payment method used

• Status (completed, failed, refunded)

• Related user account (anonymized after account deletion)

Related user account (anonymized after account deletion)

• After account deletion, user identifiers replaced with anonymized reference ID

• Transaction amounts and types retained for accounting and regulatory compliance

• Personal names and contact information removed

---

Referral Commission Records:

Personal names and contact information removed

Personal names and contact information removed

Personal names and contact information removed

• Tax reporting requirements (Form 1099-NEC issuance)

• Commission dispute resolution

• Fraud detection and prevention

Fraud detection and prevention

• Referrer and referee relationships (anonymized after account deletion)

• Commission amounts and rates

• Vesting dates and status

• Payout history

• Commission adjustments and reversals

---

Subscription and Billing Records:

Commission adjustments and reversals

Commission adjustments and reversals

Commission adjustments and reversals

• Tax reporting and audit requirements

• Accounting standards compliance

• Refund and dispute resolution

Refund and dispute resolution

• Subscription plan details and pricing

• Billing dates and amounts

• Payment method used (last 4 digits only)

• Invoices and receipts

• Refund and chargeback records

---

BANKING AND INVESTMENT DATA

Bank Account Connection Data (Plaid - Coming Soon):

BANKING AND INVESTMENT DATA

BANKING AND INVESTMENT DATA

• Active Connections: Duration of connection

• After Disconnection: 90 days, then deletion

• Transaction History: Imported transactions treated as user-generated data (retained until account deletion + 30 days)

Transaction History: Imported transactions treated as user-generated data (retained until account deletion + 30 days)

• Short retention after disconnection allows re-connection without re-authentication

• Imported transactions belong to user and follow account data retention

Imported transactions belong to user and follow account data retention

• Bank account names and institution

• Account numbers (encrypted, last 4 digits visible)

• Account types (checking, savings, credit)

• Connection status and last sync date

• Imported transaction data (user's financial transactions)

Imported transaction data (user's financial transactions)

• Upon disconnection, Plaid is instructed to delete data

• Our cache of Plaid data deleted after 90 days

• User-imported transactions remain until account deletion

---

Investment Portfolio Data:

User-imported transactions remain until account deletion

User-imported transactions remain until account deletion

• Active Accounts: Duration of account

• After Account Deletion: 30 days (grace period), then deletion

After Account Deletion: 30 days (grace period), then deletion

• User-generated data for personal tracking

• No legal retention requirement (not actual brokerage accounts)

No legal retention requirement (not actual brokerage accounts)

• Stock tickers and quantities

• Purchase prices and dates (user-entered)

• Cryptocurrency holdings and wallet addresses

• Portfolio performance calculations

• Watchlists and alerts

Watchlists and alerts

---

COMMUNICATION RECORDS

Email Communications:

COMMUNICATION RECORDS

COMMUNICATION RECORDS

• Transactional Emails: 3 years

• Marketing Emails: Until user unsubscribes or deletes account

• Support Emails: 3 years (see Support Data section)

Support Emails: 3 years (see Support Data section)

• Audit trail for account actions

• Dispute resolution

• Compliance with email regulations (CAN-SPAM, GDPR)

Compliance with email regulations (CAN-SPAM, GDPR)

• Email addresses (to/from)

• Email content and attachments

• Send dates and delivery status

• Open and click tracking data (if enabled)

Open and click tracking data (if enabled)

Open and click tracking data (if enabled)

---

SMS Records:

Open and click tracking data (if enabled)

Open and click tracking data (if enabled)

Open and click tracking data (if enabled)

• Security audit trail

• Account takeover investigation

• Compliance with telecommunications regulations

Compliance with telecommunications regulations

• Phone numbers (to)

• Message content (2FA codes, alerts)

• Send dates and delivery status

• Carrier information

Carrier information

Carrier information

---

Push Notifications:

Carrier information

Carrier information

Carrier information

• Temporary engagement tracking

• No long-term retention need

No long-term retention need

• Device tokens

• Notification content

• Send and delivery status

• Engagement metrics (opened, dismissed)

Engagement metrics (opened, dismissed)

Engagement metrics (opened, dismissed)

---

ANALYTICS AND USAGE DATA

Usage Analytics:

ANALYTICS AND USAGE DATA

ANALYTICS AND USAGE DATA

ANALYTICS AND USAGE DATA

• Product improvement and optimization

• Understanding user behavior patterns

• GDPR Article 89 (research and statistics)

GDPR Article 89 (research and statistics)

• User IDs (pseudonymized)

• Pages visited and features used

• Session duration and frequency

• Device and browser information

• IP addresses (anonymized to city-level)

IP addresses (anonymized to city-level)

IP addresses (anonymized to city-level)

• IP addresses anonymized (last octet removed)

• User IDs pseudonymized (not directly linked to accounts without access controls)

User IDs pseudonymized (not directly linked to accounts without access controls)

---

Cookie Data:

User IDs pseudonymized (not directly linked to accounts without access controls)

User IDs pseudonymized (not directly linked to accounts without access controls)

User IDs pseudonymized (not directly linked to accounts without access controls)

• Essential Cookies: Session duration or up to 1 year

• Analytics Cookies: 26 months

• Preference Cookies: 1 year

• Marketing Cookies: Not currently used

Marketing Cookies: Not currently used

• Essential cookies required for service functionality

• Analytics cookies comply with GDPR standard retention

• Preference cookies enhance user experience

Preference cookies enhance user experience

• Users can clear cookies via browser settings

• Cookie consent can be withdrawn in Account Settings

---

SECURITY AND AUDIT LOGS

Security Logs:

SECURITY AND AUDIT LOGS

SECURITY AND AUDIT LOGS

SECURITY AND AUDIT LOGS

• GDPR Article 30 (record of processing activities)

• Security incident investigation

• Fraud detection and prevention

• Compliance audits

Compliance audits

• Login timestamps and IP addresses

• Authentication success/failure

• Multi-factor authentication events

• Password change events

• Session creation and termination

• Suspicious activity alerts

Suspicious activity alerts

• Restricted access (security team, compliance officers)

• Encrypted storage

• Tamper-proof logging

Tamper-proof logging

---

Audit Logs:

Tamper-proof logging

Tamper-proof logging

Tamper-proof logging

• Regulatory compliance (SOX, GDPR Article 30)

• Internal audit requirements

• Accountability and transparency

Accountability and transparency

• Administrative user actions

• Data access and modifications

• System configuration changes

• Database queries (administrative)

• API access logs (admin endpoints)

API access logs (admin endpoints)

---

AI CONVERSATION DATA

AI Assistant Conversations:

AI CONVERSATION DATA

AI CONVERSATION DATA

AI CONVERSATION DATA

• Short-term retention for conversation continuity and quality improvement

• Balance between functionality and privacy

• Minimize sensitive data retention

Minimize sensitive data retention

• User prompts and questions

• AI-generated responses

• Conversation timestamps

• User ID (for conversation threading)

User ID (for conversation threading)

• We do not send sensitive personal information (SSN, passwords, full bank account numbers) to AI

• Financial data is anonymized or generalized before processing

Financial data is anonymized or generalized before processing

• XPlus Finance database (conversation history for user access)

• OpenAI (API requests, 30-day retention per OpenAI policy)

OpenAI (API requests, 30-day retention per OpenAI policy)

• Automatic deletion after 90 days from our database

• OpenAI deletes API data after 30 days (per their policy)

• User can delete conversation history manually at any time

---

PAYMENT AND TAX RECORDS

Payment Method Information:

PAYMENT AND TAX RECORDS

PAYMENT AND TAX RECORDS

• Active Payment Methods: Duration of use

• After Removal/Expiration: Immediate deletion from our database (Stripe retains per their policy)

After Removal/Expiration: Immediate deletion from our database (Stripe retains per their policy)

• Minimize sensitive financial data retention

• Stripe is PCI DSS compliant and handles secure storage

Stripe is PCI DSS compliant and handles secure storage

• Last 4 digits of card/account number

• Expiration dates

• Billing addresses

• Payment method tokens (Stripe IDs)

Payment method tokens (Stripe IDs)

Payment method tokens (Stripe IDs)

---

Tax Reporting Records:

Payment method tokens (Stripe IDs)

Payment method tokens (Stripe IDs)

Payment method tokens (Stripe IDs)

• IRS requirement: Retain tax records for 7 years

• Audit defense

• Amended return support

Amended return support

• Taxpayer Identification Numbers (SSN, EIN)

• Tax year earnings summaries

• Withholding records (if applicable)

• Filed forms and submission confirmations

Filed forms and submission confirmations

• Encrypted storage (AES-256)

• Access restricted to finance and compliance teams

• Regular security audits

Regular security audits

---

Chargeback and Dispute Records:

Regular security audits

Regular security audits

Regular security audits

• Fraud pattern analysis

• Dispute evidence preservation

• Risk management

Risk management

• Dispute details and outcomes

• Supporting evidence and documentation

• Communication with payment processors

• Fraud investigation notes

Fraud investigation notes

---

SUPPORT AND CRM DATA

Customer Support Tickets:

SUPPORT AND CRM DATA

SUPPORT AND CRM DATA

SUPPORT AND CRM DATA

• Quality assurance and training

• Pattern identification for product improvement

• Accountability and transparency

Accountability and transparency

• User questions and issues

• Support agent responses

• Ticket status and resolution

• Attachments and screenshots (if provided)

• Communication timestamps

Communication timestamps

---

CRM Data (Customer Relationship Management):

Communication timestamps

Communication timestamps

• Active Users: Duration of account

• After Account Deletion: 90 days, then deletion

After Account Deletion: 90 days, then deletion

• Personalized service delivery

• Relationship continuity

• Moderate retention after account deletion for potential re-activation support

Moderate retention after account deletion for potential re-activation support

• User communication preferences

• Service interaction history

• Notes from support or account management

• Relationship stage and status

Relationship stage and status

---

MARKETING AND REFERRAL DATA

Referral Program Data:

MARKETING AND REFERRAL DATA

MARKETING AND REFERRAL DATA

• Active Referrals: Duration of relationship + 30 days after referral account deletion

• Commission Records: 7 years (see Transaction Data section)

Commission Records: 7 years (see Transaction Data section)

• Relationship tracking for commission calculation

• Fraud prevention (referral abuse detection)

• Tax reporting (commissions paid)

Tax reporting (commissions paid)

• Referrer-referee relationships

• Referral codes and tracking links

• Referral source and campaign

• Conversion dates and status

Conversion dates and status

• After account deletion, personal identifiers replaced with anonymized references

• Relationship structure retained for analytics (no personal data)

Relationship structure retained for analytics (no personal data)

---

Marketing Campaign Data:

Relationship structure retained for analytics (no personal data)

Relationship structure retained for analytics (no personal data)

• Active Preferences: Duration of account

• Opt-Out Records: Permanent (indefinite retention)

Opt-Out Records: Permanent (indefinite retention)

• Respect marketing preferences

• Comply with CAN-SPAM and GDPR

• Prevent re-addition to marketing lists

Prevent re-addition to marketing lists

• NEVER DELETED - Required by law to prevent unwanted marketing

• Even after account deletion, opt-out status is retained

Even after account deletion, opt-out status is retained

---

BACKUP AND DISASTER RECOVERY

Backup Retention:

BACKUP AND DISASTER RECOVERY

BACKUP AND DISASTER RECOVERY

• Daily Backups: 30 days

• Weekly Backups: 12 weeks (3 months)

• Monthly Backups: 12 months

Monthly Backups: 12 months

• Business continuity and disaster recovery

• Protection against data loss from system failures

• Compliance with backup best practices

Compliance with backup best practices

• Complete copy of all user data (as of backup date)

• Includes data that may have been deleted from production since backup

Includes data that may have been deleted from production since backup

• Data deleted from production is flagged for deletion

• Deleted data is removed from backups during next rotation cycle

• Maximum: 12 months for deleted data to be purged from all backups

Maximum: 12 months for deleted data to be purged from all backups

• User deletes account on January 1

• Production data deleted on January 31 (30-day grace period)

• Data may persist in monthly backups until January of following year

• All backups containing data are fully purged by January next year

All backups containing data are fully purged by January next year

• Backups encrypted (AES-256)

• Stored in geographically separate locations

• Access restricted to infrastructure team

---

LEGAL HOLDS AND EXCEPTIONS

Legal Hold Definition:

LEGAL HOLDS AND EXCEPTIONS

• Pending or active litigation

• Government investigations or subpoenas

• Regulatory audits or inquiries

• Internal investigations (fraud, policy violations)

Legal Hold Process:

Internal investigations (fraud, policy violations)

1. Legal or compliance team identifies need for hold

1. Specific user accounts or data categories flagged

1. Automated deletion processes suspended for flagged data

1. Hold documented with reason and date

1. Regular review to determine if hold can be lifted

Regular review to determine if hold can be lifted

• Until litigation/investigation concludes

• Until regulatory requirement is satisfied

• Until internal investigation is complete and all appeals exhausted

Until internal investigation is complete and all appeals exhausted

• We may be prohibited from notifying users of legal holds (e.g., active investigation)

• Where legally permissible, users are informed of holds affecting their data

Where legally permissible, users are informed of holds affecting their data

• Normal retention periods resume

• Data is deleted according to standard schedule

• If retention period has expired during hold, immediate deletion (after brief review period)

---

Exceptions to Deletion:

If retention period has expired during hold, immediate deletion (after brief review period)

1. Active Legal Dispute: User is party to lawsuit or arbitration with XPlus Finance

1. Fraud Investigation: Account is under investigation for fraud or abuse

1. Outstanding Debt: User owes money to XPlus Finance (e.g., chargeback debt)

1. Regulatory Request: Government or regulator has requested data preservation

Regulatory Request: Government or regulator has requested data preservation

• Users can request information about legal holds affecting their data

• Objections to legal holds can be submitted (reviewed case-by-case)

---

USER DELETION REQUESTS

Right to Deletion (GDPR Article 17, CCPA):

USER DELETION REQUESTS

Deletion Request Process:

USER DELETION REQUESTS

1. Email [email protected] with subject "Data Deletion Request"

1. Verify identity (for security)

1. Specify scope (full account deletion or specific data)

1. Acknowledge understanding of consequences (account closure, data loss)

Acknowledge understanding of consequences (account closure, data loss)

• Email verification (sent to registered email)

• OR login to account and submit deletion request via Account Settings

OR login to account and submit deletion request via Account Settings

• Verification: 1-3 business days

• Deletion execution: 30 days (grace period)

• Confirmation: Email sent upon completion

What Gets Deleted:

Confirmation: Email sent upon completion

• User profile and account information

• Preferences and settings

• Uploaded files and documents

• Cached data and sessions

Cached data and sessions

• Transaction records (anonymized, retained for 7 years per legal requirement)

• Tax reporting data (anonymized, retained for 7 years)

• Aggregated analytics (no personal identifiers)

Aggregated analytics (no personal identifiers)

• Data subject to legal hold

• Fraud investigation records (up to 5 years)

• Opt-out records (permanently, to honor opt-out)

30-Day Grace Period:

• Purpose: Allow account recovery if deletion was accidental

• User Actions During Grace Period:

• Cancel deletion request

• Export data one final time

• Withdraw remaining funds

• After Grace Period:

• Deletion is irreversible

• Account cannot be recovered

---

DATA SUBJECT RIGHTS REQUESTS

GDPR and CCPA Requests:

DATA SUBJECT RIGHTS REQUESTS

• Access Request: Copy of all personal data we hold

• Portability Request: Machine-readable export of data

• Rectification Request: Correction of inaccurate data

• Deletion Request: (See Section 16)

• Objection Request: Object to specific processing activities

• Restriction Request: Limit how we process data

Restriction Request: Limit how we process data

1. Submit request to [email protected]

1. Verify identity

1. We respond within 30 days (GDPR) or 45 days (CCPA)

1. Provide requested data or explanation if request is denied

Documentation Retention:

Provide requested data or explanation if request is denied

• Retention Period: 3 years from completion date

• Purpose: Demonstrate compliance, audit trail, dispute resolution

Purpose: Demonstrate compliance, audit trail, dispute resolution

• Request details (type, date, requestor)

• Verification records

• Actions taken (data provided, deleted, corrected)

• Correspondence with user

• Denial reasons (if applicable)

Denial reasons (if applicable)

---

RETENTION SCHEDULE SUMMARY

---

COMPLIANCE AND LEGAL REQUIREMENTS

Regulatory Framework:

COMPLIANCE AND LEGAL REQUIREMENTS

• GDPR: Article 5(1)(e) storage limitation, Article 30 record-keeping

• CCPA: Data retention transparency requirements

• IRS Regulations: 7-year retention for tax records

• GAAP: Accounting standards for financial records

• SOX: Sarbanes-Oxley audit trail requirements (if applicable)

• Bank Secrecy Act (BSA): AML record-keeping requirements

• State Laws: Data breach notification and retention laws

Regular Review:

State Laws: Data breach notification and retention laws

• Annually: Comprehensive review and updates

• As Needed: When laws change or new data types are introduced

• Audit-Driven: Following compliance audits or regulatory guidance

---

CONTACT INFORMATION

CONTACT INFORMATION

• Email: [email protected]

• Subject Line: "Data Retention Inquiry"

Subject Line: "Data Retention Inquiry"

• Email: [email protected]

• Subject Line: "Data Deletion Request"

Subject Line: "Data Deletion Request"

• Email: [email protected]

• See Privacy Policy for comprehensive information

See Privacy Policy for comprehensive information

See Privacy Policy for comprehensive information

See Privacy Policy for comprehensive information

See Privacy Policy for comprehensive information

---

See Privacy Policy for comprehensive information

See Privacy Policy for comprehensive information

See Privacy Policy for comprehensive information

• Privacy Policy

• Subprocessor List

• Terms of Service

• Security Policy

---

Security Policy