Export
Consumers can export their data from Settings.
Exports include consumer-owned application data and exclude internal sensitive fields such as password hashes and Plaid access tokens.
Data Retention and Disposal Policy
How SpendSense retains, exports, deletes, and disposes of consumer data.
This policy applies to production consumer data processed by SpendSense, including account data, Plaid-derived account and transaction data, user-created budgeting data, operational logs, backups, and support records.
Last updated: April 19, 2026
Delete
Account deletion removes active application data.
Confirmed deletion removes profile data, connected bank records, accounts, transactions, budgets, goals, and related app data from the active production database.
Review
The policy is reviewed periodically.
SpendSense reviews this policy at least annually and when material data, infrastructure, or compliance requirements change.
Retention schedule
| Data category | Retention period | Disposal method |
|---|---|---|
| Active consumer app data | While the account remains active | Deleted from the active production application database after account deletion or when no longer required |
| Plaid access tokens | While the linked institution is active and needed to sync data | Deleted from the active production application database when the connected institution or consumer account is deleted |
| Password reset codes | Short-lived for account recovery | Expired automatically and overwritten or removed by recovery flows |
| Product analytics and consent records | Only as long as needed for reliability, security, and aggregate usage analysis | Deleted or anonymized when no longer needed |
| Application logs, monitoring events, and error reports | For operational, security, debugging, and audit needs | Deleted or aged out under provider retention settings |
| Backups and disaster recovery snapshots | According to managed infrastructure provider schedules | Expired through provider-managed backup lifecycle controls |
| Legal hold data | While the hold, investigation, dispute, or regulatory obligation remains active | Deleted after the hold is released and retention is no longer required |
Consumer account deletion
Consumers can request account deletion from application Settings. Account deletion requires authentication and password confirmation. When deletion succeeds, SpendSense deletes consumer-owned data from the active production application database, including:
- Review dismissals
- AI feedback, AI cache entries, AI categorization rules, and AI categorization runs
- Recurring transactions
- Savings goals
- Budgets
- Custom categories
- Transactions
- Accounts
- Plaid item records and stored Plaid access tokens
- The consumer user profile
Backups and residual copies
Deleted data may remain temporarily in backups, database snapshots, logs, monitoring systems, or provider-managed disaster recovery copies until those systems expire data under their normal lifecycle controls, unless a legal hold or legal obligation requires longer retention.
SpendSense does not restore deleted consumer data back into active use except when required for disaster recovery, security investigation, legal obligations, or correction of an operational incident. If deleted data is restored during disaster recovery, SpendSense will re-apply deletion requests where technically and operationally feasible.
Contact and related policies
Questions about this policy or consumer data requests can be sent to support@getspendsense.com. For broader privacy disclosures, review the SpendSense Privacy Policy.