Data Retention & Deletion Policy
Version 1.0 · May 28, 2026 · Reviewed annually by the Privacy Officer.
1. Principles
BillSlash keeps personal data only as long as necessary for the purpose it was collected, applicable legal obligations, or legitimate business interests. Data minimization is enforced at collection time.
2. Retention windows
| Category | Retention | Basis |
|---|---|---|
| Account profile | Life of account + 30 days | Contract performance |
| Bills, receipts, transactions | Life of account + 30 days | Contract performance |
Plaid access_token / item_id | Until disconnect or account deletion (revoked via /item/remove) | Contract / consent |
| Payment & tax records | 7 years | IRS / state tax law |
| Security audit logs | 13 months | Security, fraud prevention |
| Email delivery logs | 90 days | Deliverability troubleshooting |
| Encrypted backups | 90 days rolling | Disaster recovery |
| Marketing email subscribers | Until unsubscribe + 30 days | Consent |
3. Account deletion
- Users may self-delete at any time from Settings → Delete account, or by writing to privacy@billslash.app.
- Within 30 days we delete or irreversibly anonymize all live records, revoke connected Plaid Items, and disable user authentication.
- Encrypted backups containing your data are overwritten within the 90-day backup roll-off window.
- Data we are legally required to retain (e.g., financial records, fraud evidence) is moved to a restricted-access archive and deleted at the end of the statutory window.
4. Verification
We verify deletion requests using your account email. Authorized agents are accepted with signed authorization.
5. Review
This policy is reviewed at least annually and after any material change to the service or applicable law. See also our Privacy Policy and Security Overview.