Data Retention and Disposal Policy

Application: Lifeline
Effective Date: December 14, 2025
Version: 1.0

This policy outlines the specific principles, retention periods, and disposal methods Lifeline employs regarding user data. This policy is designed to ensure compliance with GDPR, CCPA, and the security requirements of our financial data partners (Plaid, Stripe).

1. General Retention Principles

Lifeline adheres to the principle of Storage Limitation. We retain personal data only for as long as necessary to:

Provide the financial tracking and analysis services requested by the user.
Comply with legal, tax, and accounting obligations.
Resolve disputes and enforce our agreements.

2. Specific Retention Schedules

A. Active Accounts

As long as an account remains active (user has logged in within the last 12 months), we retain:

Profile Data: Email, Name, Preferences.
Financial Data: Transactions, Mileage Logs, Expenses, and Asset History (stored in Firestore).
Integration Tokens: Plaid Access Tokens (encrypted) to maintain bank syncing.

B. Inactive Accounts

If an account is inactive for 24 months, we will notify the user via email. If no action is taken within 30 days of notification, the account is classified as "Abandoned," and data disposal procedures are initiated.

C. Payment Records

We do not store full credit card numbers. Payment records (invoices, subscription history) held via Stripe are retained for a minimum of 7 years as required by US tax law and standard accounting practices.

3. Data Disposal and Deletion

Upon a user's request for account deletion ("Right to Erasure") or upon the expiration of the retention period for inactive accounts, Lifeline executes the following disposal process within 30 days:

Step 1: Database Purging (Firestore)

We execute a cryptographic delete operation on the user's document root (users/{userId}) and all associated sub-collections (transactions, assets, mileage). Once deleted from Google Cloud Firestore, this data is removed from active storage immediately and from backup systems within the provider's standard lifecycle (typically 30 days).

Step 2: Financial Connection Revocation (Plaid)

We call the Plaid API /item/remove endpoint. This invalidates the access_token and permanently disconnects Lifeline from the user's financial institution. Plaid then deletes the associated transaction data according to their own retention policies.

Step 3: Account Credentials (Firebase Auth)

The user's authentication record (Email/Password hash) is permanently deleted from the Firebase Authentication system, rendering the account inaccessible.

4. Backups and Archives

Disaster recovery backups are encrypted and stored in Google Cloud Storage. These backups are retained on a rolling 30-day window. Data deleted from the live application will naturally age out of backups after 30 days. We do not manually scrub individual records from backups unless legally compelled.

5. Requesting Deletion

Users may request immediate data deletion at any time by:

Using the "Delete Account" feature within the application settings (if available).
Emailing a formal request to our Data Protection Officer at: support@smacktax.com