Data Retention & Disposal Policy

This policy describes how Billendar collects, retains, and securely disposes of user data, including financial transaction data retrieved via Plaid, in compliance with applicable data privacy laws including CCPA and GDPR principles.

Section 01

Scope & Applicability

This policy applies to all personal and financial data processed by Billendar, including data collected directly from users and data retrieved from third-party sources such as Plaid (bank accounts), Gmail (billing emails), and Stripe (subscription billing).

Section 02

Data Categories & Retention Periods

Account Data

Life of account

Email, name, preferences. Stored in Supabase Auth.

Financial Transactions

Life of account

Plaid data synced for bill detection. Supabase DB.

Plaid Access Tokens

Until disconnected

Revoked immediately on bank disconnect or account deletion.

Uploaded Receipts

Life of account

Stored in Supabase Storage. Deleted with account.

Stripe Billing Records

7 years

Required for tax compliance. Managed by Stripe.

App Logs / Analytics

90 days

Error monitoring via Sentry. Auto-purged.

Section 03

Data Deletion Lifecycle

User initiates deletion request

Via in-app account settings or by emailing support@billendar.app

Plaid tokens revoked immediately

All linked bank access tokens are invalidated via Plaid API within minutes

App data purged within 30 days

Bills, transactions, receipts, and account data deleted from Supabase

Stripe billing records retained 7 years

Required for financial/tax compliance. Managed entirely by Stripe.

Confirmation sent to user

Email confirmation of deletion sent upon completion

Users may also disconnect individual bank accounts at any time without deleting their account. Upon disconnection, the Plaid access token for that institution is revoked immediately and associated transaction history is removed within 30 days.

Section 04

Storage Infrastructure & Security

All data is stored in Supabase (hosted on AWS, US region) with encryption at rest enabled by default (AES-256)
All data in transit is protected by TLS 1.2+ enforced by Vercel and Supabase
Row-Level Security (RLS) policies on all database tables ensure users can only access their own data
Plaid access tokens are stored server-side only and never exposed to the client
Production secrets are managed via Vercel environment variables, never hardcoded or committed to version control
Admin database access requires Supabase MFA-protected login

Section 05

User Rights & Compliance

Billendar respects user rights under applicable data privacy laws including CCPA (California) and GDPR principles. Users have the right to:

Access: Request a copy of all personal data held
Correction: Request correction of inaccurate data
Deletion: Request full account and data deletion at any time
Portability: Receive data in a structured, machine-readable format
Opt-out: Disconnect third-party integrations (Plaid, Gmail) at any time

All privacy rights requests are handled by contacting support@billendar.app. Full privacy policy available at billendar.app/privacy.html

Section 06

Policy Review Schedule

This policy is reviewed annually or upon any of the following triggering events:

Addition of new third-party data processors (e.g., new integrations)
Changes to applicable data privacy laws or regulations
Security incident or identified data handling gap
Significant growth in user base requiring enhanced data governance

Next scheduled review: April 2027

Official Attestation

I, the undersigned, attest that this Data Retention and Disposal Policy accurately represents the data handling practices of Billendar as of the effective date above, and that I am authorized to represent this organization.

Frederik Martinez

Title / Role

Date

Data Retention &Disposal Policy

Data Retention &
Disposal Policy