Data Retention Policy
Version 1.0
Effective Date: May 18, 2026
Last Updated: May 18, 2026
Purpose
This policy defines how long Kaevo retains different categories of user data, when and how data is deleted, and how user requests for export or deletion are handled. It is designed to comply with applicable data protection laws (GDPR, CCPA/CPRA, Florida Information Protection Act, and similar) and to provide users with clear expectations.
Scope
This policy applies to all personal information processed by Kaevo, whether stored in Supabase, transmitted through Netlify, processed by Stripe, Plaid, Anthropic, or any other subprocessor.
1. Retention Principles
- Retain only what is needed. Each data category has a stated retention period tied to a business or legal purpose.
- Delete when the purpose ends. Data outside its retention window is deleted as part of regular operations or upon user request.
- Honor user requests promptly. Users can request export or deletion at any time. We respond within the timelines set by applicable law (see Section 5).
- Apply legal holds when required. If data is subject to a legal hold (litigation, regulatory request), retention is extended until the hold is released.
2. Retention Schedule by Data Category
| Data Category | Retention Period | Reason |
|---|---|---|
| Account credentials (email, password hash) | Duration of active account + 30 days after deletion request | Account access; allows reversal of accidental deletion within 30 days |
| Profile and household composition (names, DOBs, relationships, ZIP/city/state) | Duration of active account + 30 days after deletion request | Operate the Service |
| Financial transactions (income, bills, expenses, accounts, transfers) | Duration of active account + up to 7 years from the date of the transaction, or earlier upon deletion request | Users may need historical records for tax filing, dispute resolution, or financial review. 7 years aligns with common US tax record-keeping recommendations. |
| Account balances and snapshots | Duration of active account + 30 days after deletion request | Operate the Service |
| Retirement and investment account information | Duration of active account + 30 days after deletion request | Operate the Service |
| Medical and health information | Duration of active account + 30 days after deletion request | Operate the Service. Treated as sensitive — deleted promptly on request. |
| Vehicle, home, vacation, recipe, chore, and other household data | Duration of active account + 30 days after deletion request | Operate the Service |
| Document Vault metadata and contents (descriptions, types, dates; no sensitive document uploads at launch) | Duration of active account + 30 days after deletion request | Operate the Service |
| Calendar events | Duration of active account + 30 days after deletion request | Operate the Service |
| Support communications (email correspondence with support@kaevo.ai) | 3 years from date of last message | Service quality, dispute resolution, internal training |
| Application logs (access logs, error logs) | 90 days | Security monitoring, debugging |
| Database backups | 30 days rolling | Disaster recovery |
| Analytics (usage data, page views, feature engagement) | 14 months from collection date | Product improvement. Aggregated analytics may be retained indefinitely in non-identifiable form. |
| Payment records held by Kaevo (subscription state, billing events) | Duration of active account + 7 years | Tax, accounting, and audit obligations |
| Payment processor records held by Stripe | Per Stripe's retention policies | Stripe acts as a separate controller for payment data and applies its own retention. |
| AI processing logs (Anthropic Claude API) | Per Anthropic's retention; we do not separately persist AI prompts beyond the immediate request lifecycle | Operate AI features |
| Plaid bank account data (when bank linking is enabled and the user has connected an account) | Duration of active connection + 30 days after disconnection or account deletion | Bank linking feature. Currently disabled at launch. |
| Security incident records | Minimum 3 years from incident closure | Regulatory compliance, post-incident analysis, future investigations |
3. Deletion Mechanics
3.1 User-initiated deletion
Users can request deletion of their account and associated data by emailing support@kaevo.ai. Upon receiving a verified request:
- We acknowledge the request within 5 business days.
- We complete the deletion within 30 days of the request (extendable by up to 60 additional days where reasonably necessary, with notice to the user).
- Deletion includes user-entered data across all categories above, except where retention is required by law or where data is held by a subprocessor under its own retention policies (Stripe payment records, for example).
- We will provide written confirmation when deletion is complete.
3.2 Inactive accounts
Accounts that have been inactive (no login or API activity) for 24 months will receive an email notice. If no activity occurs within 60 days of the notice, the account may be closed and the data deleted in accordance with this policy.
3.3 Backups
Data deleted from primary systems will persist in backup snapshots for up to 30 days. Backups are not used to restore individual user data — they exist solely for disaster recovery. Backup snapshots older than 30 days are overwritten or deleted in the normal backup lifecycle.
3.4 Aggregated and de-identified data
We may retain aggregated, anonymized, or de-identified data (data that cannot reasonably be linked to an individual) indefinitely for product analytics, research, and improvement.
3.5 Subprocessor data
Where data is held by a subprocessor (Supabase, Netlify, Stripe, Plaid, Anthropic, Google), deletion is propagated to the extent the subprocessor's systems and contracts allow. Stripe and Anthropic retain certain records under their own policies and legal obligations; we do not control those retention windows.
4. Data Export
4.1 What can be exported
Upon request, users may receive a machine-readable export (typically JSON or CSV) of:
- Profile and household information
- Financial data (accounts, transactions, bills, income, budgets)
- Medical, health, and other household information they entered
- Document Vault metadata
- Calendar events
- Support communications (if requested)
4.2 How to request
Users email support@kaevo.ai with the request. We may verify the requester's identity before fulfilling the export.
4.3 Turnaround
- We acknowledge within 5 business days.
- We provide the export within 30 days of the request (extendable by up to 60 additional days for complex requests, with notice).
4.4 Format
Exports are provided in commonly readable formats (JSON or CSV by default). Users may request alternative formats; we will provide them where reasonably feasible.
5. Statutory Deadlines
We honor the deadlines set by applicable laws:
- GDPR / UK GDPR: 30 days from request, extendable by 60 additional days where complex.
- CCPA / CPRA: 45 days from request, extendable by an additional 45 days with notice.
- Florida Information Protection Act (FIPA): breach notification within 30 days.
- Other state laws: as applicable.
When a request is subject to multiple laws with different deadlines, we apply the shorter deadline.
6. Legal Holds
If Kaevo receives notice of pending litigation, a regulatory investigation, or any legal obligation to preserve data, the affected data is placed on legal hold. Retention is extended for the duration of the hold, overriding the schedule in Section 2. Legal holds are documented in writing and released when the underlying obligation is resolved.
7. Verification of Requests
To prevent unauthorized requests:
- We may ask the requester to confirm identifying information associated with the account.
- For sensitive requests (full account deletion, export of medical or financial data), we may require additional verification.
- We will not honor requests we cannot reasonably verify; we will explain why and offer alternative verification methods.
8. Children's Data
The Service is not directed to children under 13 (or under 16 where applicable). We do not knowingly retain personal information of children. If we become aware that such information has been provided, we will delete it promptly.
9. Changes to This Policy
We may update this policy as our practices or legal obligations evolve. When we make material changes, we will update the "Last Updated" date and notify users by email or through the Service. Material changes will not be applied retroactively to data already collected, except where required by law.
10. Contact
For data retention, export, or deletion questions:
Kaevo Group LLC
Florida, United States
support@kaevo.ai