1. Purpose and Scope
This Data Retention and Deletion Policy describes how Skyline Revenue Solutions, LLC (operating as aiSmartBudget) retains, manages, and deletes personal data and consumer financial data collected through the aiSmartBudget platform. This policy applies to all data collected from users of aiSmartBudget, including data accessed through the Plaid API.
aiSmartBudget is committed to retaining data only as long as necessary to provide its services, comply with legal obligations, and support legitimate business purposes. Data is deleted securely and permanently when no longer needed.
2. Data We Retain
aiSmartBudget retains the following categories of data:
- Account profile information (name, email address, account preferences)
- Bank account connection credentials (Plaid access tokens, account identifiers)
- Transaction history retrieved from connected financial accounts
- Account balance information
- User-uploaded bank statements and financial documents (PDF files)
- Application access logs (non-personally identifiable)
- Database backup snapshots
3. Retention Schedule
| Data Category | Retention Period | Deletion Method |
|---|---|---|
| Account profile & credentials | Duration of account | Permanent deletion on account closure |
| Transaction history & balances | Duration of account; up to 7 years if legally required | Permanent deletion on account closure or request |
| Plaid access tokens | Until account disconnected or closed | Token revocation via Plaid API |
| Uploaded bank statements (PDFs) | Duration of account | Permanent deletion from Supabase Storage |
| Application access logs | 90 days | Automatic expiration |
| Database backup snapshots | 30 days | Automatic expiration via Supabase |
4. Legal and Regulatory Basis for Retention
Data retention periods are determined by the following considerations:
- Contract performance: Data necessary to provide the aiSmartBudget service is retained for the duration of the user's account.
- Legal obligations: Financial transaction records may be retained for up to 7 years to comply with applicable tax and financial recordkeeping requirements.
- Legitimate interests: Application logs are retained for 90 days for security monitoring and fraud prevention purposes.
- User consent: Data collected with specific user consent is retained until that consent is withdrawn or the account is deleted.
5. User Rights and Data Deletion Requests
5.1 Right to Deletion
Users have the right to request deletion of their personal data and consumer financial data at any time. Upon a verified deletion request, aiSmartBudget will:
- Permanently delete the user's account and profile data from the Supabase authentication system.
- Permanently delete all transaction history, balance data, and financial records from the database.
- Revoke all Plaid access tokens and disconnect all linked financial accounts.
- Permanently delete all uploaded bank statements and documents from Supabase Storage.
- Complete deletion within 30 days of a verified request.
5.2 How to Submit a Deletion Request
Users may submit a data deletion request by emailing aismartbudget@gmail.com. Please include your registered email address and a clear statement requesting account and data deletion. We will confirm receipt within 5 business days and complete deletion within 30 days.
5.3 Exceptions to Deletion
We may retain certain data beyond the requested deletion date where required by law, ongoing legal proceedings, fraud investigation, or other legitimate legal obligations. In such cases, we will inform the user of the reason and expected retention period.
6. Backup Data
Database backups are retained for 30 days by Supabase infrastructure and expire automatically. Backup data is encrypted and access-controlled. In the event a user requests deletion of their data, we will ensure their data is excluded from future backup restoration cycles. We cannot retroactively delete data from existing backup snapshots within the 30-day window, but we will notify users of this limitation upon request.
7. Third-Party Data Processors
aiSmartBudget relies on the following third-party processors who maintain their own data retention practices:
- Plaid Technologies, Inc.: Plaid may retain certain data per its own privacy policy. Upon disconnection of a financial account, aiSmartBudget revokes the associated Plaid access token. Users should review Plaid's privacy policy at plaid.com/legal for details on Plaid's own data retention.
- Supabase: Database and file storage provider. Data is retained in Supabase per this policy and deleted upon account closure.
- Vercel: Application hosting provider. Access logs are retained for 90 days per Vercel's standard log retention.
8. Policy Review
This policy will be reviewed at least annually and updated as necessary to reflect changes in the platform, applicable laws, or regulatory requirements. Material updates will be communicated to active users via email with at least 30 days notice before taking effect.
Questions about this policy? Email us at aismartbudget@gmail.com.
Questions? Contact us · Privacy Policy · Terms of Service · Data Retention · Security