Beta · Life Budgets is under active development. Features may change.
← Life Budgets

Data Retention & Deletion Policy

Effective date: April 7, 2025  ·  Next scheduled review: April 7, 2026

Summary. We keep your data only as long as necessary to provide the service or meet legal obligations. When you delete your account, all personal and financial data is permanently erased within 30 days. You may submit a deletion request at any time — no waiting period applies. Third-party processors (Plaid, Stripe) retain limited data under their own policies for legal and fraud-prevention purposes.

1. Scope and Applicable Laws

This policy applies to all personal data processed by Life Budgets ("we", "us", "our") in connection with our personal-finance application, including data collected via the web application, Plaid-connected bank accounts, and transactional emails.

We design our data-handling practices to comply with the following laws and regulations, as applicable to our users:

  • GDPR — EU/EEA General Data Protection Regulation (Regulation 2016/679), including UK GDPR post-Brexit.
  • CCPA / CPRA — California Consumer Privacy Act (Cal. Civ. Code §1798.100 et seq.) and the California Privacy Rights Act amendments.
  • PIPEDA — Canada's Personal Information Protection and Electronic Documents Act, and applicable provincial equivalents (PIPA BC/AB, Law 25 in Québec).
  • LGPD — Brazil's Lei Geral de Proteção de Dados Pessoais (Law 13,709/2018).
  • COPPA — U.S. Children's Online Privacy Protection Act (Life Budgets is not directed at children under 13; see Section 9).
  • GLBA — Gramm-Leach-Bliley Act (applicable to financial data collected from U.S. consumers).

Where laws conflict, we apply the standard that provides the greatest protection to the individual.

2. Data Retention Principles

We apply the following principles when determining how long to retain data:

Purpose limitation: Data is retained only for the specific purpose for which it was collected, as described in our Privacy Policy.

Storage minimisation: We retain data only for as long as strictly necessary. Once the retention period expires, data is permanently deleted or irreversibly anonymised.

Legal obligation: Where law requires us to retain data for a specified period (e.g., tax, fraud prevention, anti-money-laundering), we retain it for that period and no longer.

Security: Short-term security and audit logs are retained to detect and investigate incidents, then purged on a rolling schedule.

No indefinite retention: No category of personal data is retained indefinitely without a documented lawful basis.

3. Retention Schedule

The table below sets out each category of personal data we hold, with its retention period and the legal basis for that period.

Data categoryExamplesRetention periodLegal basis
Account profileName, email address, hashed password, life stage, budgeting preferenceUntil account deletion + 30-day purge windowContract performance; user consent
Consent recordterms_accepted_at timestamp recorded at signup7 years after account deletionLegal obligation (GDPR Art. 7(1); CCPA §1798.185; GLBA)
Financial account metadataAccount names, types, institution names, current balancesUntil account disconnected or user account deletedContract performance
Plaid access tokensEncrypted Plaid Item access tokensDeleted immediately on Plaid disconnect or account deletionContract performance; data minimisation
Transaction dataAmount, date, merchant, category, bucket, notes, tagsUntil account deletion + 30-day purge windowContract performance; user consent
Budget dataBudget allocations, categories, ZBB rollover balancesUntil account deletion + 30-day purge windowContract performance
Goals & withdrawalsGoal targets, linked accounts, withdrawal historyUntil account deletion + 30-day purge windowContract performance
Net worth snapshotsMonthly total assets, liabilities, net worthUntil account deletion + 30-day purge windowContract performance
Household dataHousehold name, member roles, privacy levels, IOUs, splits, settlementsUntil account deletion + 30-day purge window (archived households retained 90 days then deleted)Contract performance; legitimate interests (dispute resolution)
Email verification tokensOne-time token sent at signup24 hours; deleted immediately on use or expiryContract performance; security
Subscription & billing eventsStripe customer ID, subscription status, plan changes, payment events7 years after subscription endLegal obligation (tax, GLBA, anti-fraud); contract performance
Alert preferencesBudget thresholds, notification channelsUntil account deletion + 30-day purge windowContract performance
Server / application logsRequest paths, HTTP status codes, server-side error traces30 days rollingLegitimate interests (security, debugging)
Security & audit logsLogin events, failed authentication attempts, admin actions90 days rollingLegitimate interests (fraud prevention, security)
Database backupsFull encrypted snapshots of the Supabase database30-day rolling window; backups older than 30 days are automatically purgedLegitimate interests (disaster recovery)

All periods begin from the trigger event noted (e.g., account deletion, token use). Anonymous or fully de-identified aggregate statistics (e.g., "500 users in this cohort") are not personal data and are not subject to retention limits.

4. Deletion Process

4.1 Self-service deletion

You may delete your account at any time via Settings → Delete Account in the application. Deletion is permanent and irreversible. You will be asked to type DELETE to confirm.

Upon confirmation, the following steps execute automatically:

  1. Stripe subscription cancelled — any active or trialling subscription is immediately cancelled via the Stripe API.
  2. Owned households transferred or archived — if you own a household with other members, ownership is transferred to another member; if you are the sole member, the household is archived and scheduled for deletion within 30 days.
  3. Cascading database deletion — Supabase Auth deletion cascades to all rows in every table linked to your user ID: profiles, accounts, transactions, budgets, budget_categories, goals, goal_accounts, goal_withdrawals, household membership rows, plaid_items, alerts, alert_preferences, personal_ious, net_worth_snapshots.
  4. Plaid items revoked — access tokens for all linked bank accounts are revoked via the Plaid API so Plaid can no longer retrieve your data on our behalf.
  5. Auth user deleted — the Supabase Auth record (email, hashed password) is permanently removed.

The database cascade is synchronous. Residual data in the 30-day rolling backup window is overwritten as backups expire. All personal data is permanently gone within 30 days of the deletion trigger.

Exception — consent records: The timestamp recording that you accepted our Terms of Use and Privacy Policy is retained for 7 years in an isolated audit log after all other personal data is deleted. This record contains only your email address (hashed) and the acceptance timestamp — no financial data — and is required by law to demonstrate lawful processing under GDPR Art. 7, CCPA, and GLBA.

4.2 Deletion request (right to erasure)

If you cannot access the in-app deletion flow, you may submit a deletion request by emailing support@lifebudgets.com with the subject line "Data Deletion Request" and the email address associated with your account. We will:

  1. Acknowledge your request within 5 business days.
  2. Verify your identity (we may ask you to confirm from the registered email address).
  3. Complete deletion within 30 calendar days of verification (GDPR Art. 17; CCPA §1798.105(d); PIPEDA Principle 4.5).
  4. Send a written confirmation once deletion is complete.

4.3 Erasure limitations

The right to erasure does not override legal obligations to retain data. We may decline a deletion request, or retain specific data, where necessary to:

  • Complete a transaction or fulfil a contract in progress (e.g., a pending subscription billing cycle).
  • Comply with a legal obligation (e.g., tax record retention under 26 U.S.C. §6001; GLBA; anti-money-laundering regulations).
  • Exercise or defend legal claims (e.g., a dispute under Stripe's payment processing terms).
  • Detect, investigate, or prevent security incidents or fraud (limited to security logs, 90-day window only).

Where we decline erasure in full, we will notify you of the specific reason and the data categories retained, within the same 30-day response window.

5. Your Rights

Depending on where you are located, you have some or all of the following rights regarding your personal data. All requests can be submitted to support@lifebudgets.com.

RightGDPR (Art.)CCPA/CPRAPIPEDA / Others
Access / Right to KnowArt. 15§1798.100Principle 9
Rectification / CorrectionArt. 16§1798.106 (CPRA)Principle 9
Erasure / DeletionArt. 17§1798.105Principle 4.5
Restriction of processingArt. 18
Data portabilityArt. 20§1798.100(d)
Object to processingArt. 21§1798.120 (opt-out of sale)
Withdraw consentArt. 7(3)§1798.120Principle 3
Non-discrimination§1798.125
Lodge a complaintArt. 77CA Attorney GeneralOPC (Canada)

We respond to all rights requests within 30 calendar days. If a request is complex or numerous, we may extend this by a further 60 days (GDPR) or 45 days (CCPA) and will notify you of the extension and reason.

We do not sell personal data. We do not engage in cross-context behavioural advertising. CCPA opt-out rights therefore apply only to the sharing of data with household members, which you control via your privacy level settings.

6. Third-Party Processor Retention

When we use sub-processors, those processors maintain their own data under their own policies. We require all sub-processors to provide data-protection guarantees consistent with applicable law. Key processor retention commitments:

PlaidFinancial account connectivity and transaction data
Plaid Privacy Policy

Plaid retains transaction data and account metadata for up to 24 months after the last sync, for fraud prevention and legal compliance. Revoking a Plaid Item (disconnecting your bank account from Life Budgets) instructs Plaid to cease new data collection; residual data is governed by Plaid's Privacy Policy and Data Retention Policy.

StripeSubscription billing and payment processing
Stripe Privacy Policy

Stripe is required by law to retain payment records (including your name and last-four card digits) for up to 7 years under financial services regulations. Stripe customer records are not deleted when you delete your Life Budgets account; however, no new charges can be made after deletion.

SupabaseDatabase, authentication, and storage infrastructure
Supabase Privacy Policy

Supabase processes data as a data processor acting on our behalf. Data residency is in the AWS region selected at project creation. Supabase retains database backups for 7 days (free) or 30 days (Pro) and purges them automatically. Supabase complies with GDPR via Standard Contractual Clauses.

Google (Gmail API)Transactional email delivery (account verification, household invitations)
Google Privacy Policy

Email content is processed in transit by Google's infrastructure. We use domain-wide delegation with a service account, which means email bodies are not stored in a user mailbox. Sent-message metadata may appear in the delegated account's Sent folder, retained per Google Workspace retention settings.

7. Backups and Disaster Recovery

We maintain automated encrypted database backups provided by Supabase. These backups:

  • Are retained on a 30-day rolling window. Backups older than 30 days are automatically and permanently purged by Supabase's infrastructure.
  • Are encrypted at rest using AES-256 and accessible only to Life Budgets infrastructure accounts — not to support staff or third parties.
  • Are used exclusively for service restoration in the event of data loss or system failure. They are never used to "resurrect" data that a user has explicitly requested deleted.
  • Mean that a deletion completed today will be fully absent from backups within 30 days.

If you delete your account and subsequently request confirmation that your data has been removed from backups, we will provide written confirmation once the 30-day backup expiry window has elapsed.

8. Security and Audit Logs

We retain limited security and audit logs to detect, investigate, and respond to security incidents, in accordance with our legitimate interests and applicable data protection laws:

Log typeRetentionData minimisation
Application request logs30 daysPath, status code, timestamp — no request body or financial data
Authentication events (login, logout, failed attempts)90 daysUser ID (hashed), event type, timestamp, IP address
Plaid webhook events30 daysItem ID, event type, timestamp — no account or transaction content
Stripe webhook events90 daysEvent type, customer ID, subscription status, timestamp — no card data
Account deletion audit trail7 yearsUser email (hashed), deletion timestamp, confirmation ID — no financial data

Log entries do not contain financial account numbers, transaction details, budget data, or unencrypted personal identifiers. Access to logs is restricted to authorised engineering and security personnel.

9. Children's Data

Life Budgets is not directed at or intended for use by individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal data from children under 13 as defined by COPPA, or under 16 as defined by GDPR Art. 8.

If we become aware that we have inadvertently collected personal data from a child without appropriate parental consent, we will delete that data within 72 hours of discovery. To report a suspected minor's account, contact support@lifebudgets.com.

10. Cross-Border Data Transfers

Our infrastructure is hosted in the United States (AWS region). Users in the EU/EEA, UK, Canada, or Brazil should be aware that their data may be transferred to and processed in the U.S.

We rely on the following transfer mechanisms:

  • EU/EEA & UK → US: Standard Contractual Clauses (SCCs) as adopted by the European Commission (Decision 2021/914), incorporated into our Data Processing Agreements with Supabase, Stripe, and Google. UK addendum applied for UK transfers.
  • Canada → US: PIPEDA permits transfers to service providers for processing on the transferring organisation's behalf; we maintain contractual protections with all U.S. sub-processors.
  • Brazil → US: LGPD Art. 33 permits transfers where the receiving country provides an adequate level of protection or where the controller provides specific contractual guarantees.

A copy of our Data Processing Agreements is available on request at support@lifebudgets.com.

11. Policy Changes

We review this policy at least annually (next review: April 7, 2026). Material changes — defined as any change to retention periods, new categories of data collected, new sub-processors, or new legal bases — will be:

  • Published on this page with an updated Effective Date.
  • Communicated to registered users by email at least 30 days before taking effect.
  • Flagged with an in-app notice on the Dashboard.

Where a material change requires fresh consent (e.g., a new processing purpose), we will obtain explicit re-consent before the change takes effect, consistent with GDPR Art. 7 and CCPA §1798.100.

12. Contact & Complaints

For any questions, rights requests, or concerns about this policy, contact our privacy team:

Life Budgets — Privacy Team

Email: support@lifebudgets.com

Subject line: "Privacy / Data Retention Request"

Response SLA: 5 business days (acknowledgement); 30 calendar days (resolution)

If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority:

  • EU/EEA: Your national Data Protection Authority (full list ↗).
  • UK: Information Commissioner's Office (ico.org.uk ↗).
  • California: California Privacy Protection Agency / California Attorney General (cppa.ca.gov ↗).
  • Canada: Office of the Privacy Commissioner of Canada (priv.gc.ca ↗).
  • Brazil: Autoridade Nacional de Proteção de Dados (anpd.gov.br ↗).
Terms of UsePrivacy PolicyLife Budgets