Data Retention and Disposal Policy
Last updated: March 28, 2026
This Data Retention and Disposal Policy describes how Moneyline ("we," "us," or "our") retains, archives, and disposes of data collected through the Moneyline website, application, and services (the "Service"). This policy ensures we retain data only as long as necessary for legitimate business purposes and legal obligations.
1. Principles
Our data retention practices are guided by the following principles:
- Purpose limitation: Data is retained only for as long as it is needed to fulfill the purpose for which it was collected
- Data minimization: We collect and retain only the data necessary to provide the Service
- Secure disposal: When data is no longer needed, it is securely deleted or anonymized
- Compliance: Retention periods comply with applicable legal and regulatory requirements
2. Retention Schedules
Account data
| Data Type | Retention Period | Trigger for Disposal |
|---|---|---|
| User profile (email, name) | Duration of account + 30 days | Account deletion request |
| Authentication tokens (magic links) | 15 minutes | Automatic expiry after use or timeout |
| Session data | Until logout or 14 days of inactivity | Logout or session expiry |
Financial data
| Data Type | Retention Period | Trigger for Disposal |
|---|---|---|
| Accounts and balances | Duration of account + 30 days | Account deletion request |
| Trades and holdings | Duration of account + 30 days | Account deletion request |
| Net worth snapshots | Duration of account + 30 days | Account deletion request |
| Budget and expense data | Duration of account + 30 days | Account deletion request |
| Watchlist items | Duration of account + 30 days | Account deletion request |
Uploaded documents
| Data Type | Retention Period | Trigger for Disposal |
|---|---|---|
| Bank statements (uploaded for import) | Deleted after processing (max 24 hours) | Successful data extraction or processing failure |
| Trade confirmations (uploaded for import) | Deleted after processing (max 24 hours) | Successful data extraction or processing failure |
| Extracted/parsed data | Duration of account + 30 days | Account deletion request |
Global (non-user) data
| Data Type | Retention Period | Notes |
|---|---|---|
| Security metadata (ticker, name, sector) | Indefinite | Public market data, not user-specific |
| Daily price history | Indefinite | Public market data, not user-specific |
| Institution data (bank names, logos) | Indefinite | Public reference data, not user-specific |
System and operational data
| Data Type | Retention Period | Trigger for Disposal |
|---|---|---|
| Server access logs | 90 days | Automatic rotation |
| Error and application logs | 90 days | Automatic rotation |
| Database backups | 30 days | Rolling deletion of oldest backup |
3. Account Deletion Process
When a user requests account deletion:
- Immediate: Account is deactivated and the user is logged out
- Within 30 days: All user-scoped data (accounts, trades, holdings, snapshots, budgets, watchlist items) is permanently deleted from the primary database
- Within 60 days: Data is purged from all database backups through natural backup rotation
- Exceptions: We may retain minimal data (e.g., email address and deletion timestamp) for up to 1 year to comply with legal obligations, prevent fraud, or resolve disputes
4. Data Disposal Methods
We use the following methods to dispose of data securely:
- Database records: Hard deletion (DELETE) from PostgreSQL with cascading removal of related records. Row-Level Security policies ensure no orphaned data remains accessible.
- Uploaded files: Secure deletion from storage with no recovery possible
- Backups: Encrypted backups are destroyed through scheduled rotation; individual record deletion from backups is not feasible, but expired backups are securely destroyed
- Logs: Automatically rotated and deleted per the retention schedule
- Third-party data: We request deletion from third-party processors (Anthropic, Plaid) in accordance with their data retention policies
5. Data Export
Before account deletion or at any time, you can export all of your data from Settings > Export. Exports include your accounts, balances, trades, holdings, snapshots, and budget data in standard formats (CSV/JSON).
6. Legal Holds
In the event of litigation, regulatory investigation, or other legal proceedings, we may be required to suspend normal disposal procedures and retain data beyond the standard retention period. Data subject to a legal hold will be preserved until the hold is lifted, at which point normal retention schedules resume.
7. Review and Updates
This policy is reviewed annually and updated as needed to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated by updating the "Last updated" date at the top of this page.
8. Contact
If you have questions about this policy or wish to request data deletion, please contact us at [email protected].