How STALLZERO retains, manages, and deletes your personal data in compliance with applicable privacy laws.
Last Updated: January 30, 2026
•Next Scheduled Review: July 30, 2026
STALLZERO ("we," "our," or "us") is committed to responsible data management. This Data Retention Policy outlines how long we retain different categories of personal data, the criteria used to determine retention periods, and the processes for secure data deletion.
This policy is designed to comply with applicable data protection regulations including:
This policy applies to all personal data collected, processed, and stored by STALLZERO, including:
The following table outlines our retention periods for different categories of data:
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Account Information | Duration of account + 30 days | Contractual necessity, account recovery |
| User Content (Tasks, Goals, Journal) | Duration of account + 30 days | Service delivery, user request |
| Financial Data (Transactions) | 7 years from transaction date | Tax/legal requirements, financial regulations |
| Bank Connection Tokens | Until disconnected or account deletion | Service functionality, Plaid requirements |
| Authentication Data (Passwords) | Duration of account | Security, access control |
| MFA/2FA Factors | Until disabled or account deletion | Security requirements |
| Session Tokens | 24 hours - 30 days (depending on type) | Session management, security |
| Google OAuth Tokens | Until revoked or account deletion | Integration functionality |
| Support Tickets | 3 years from resolution | Quality assurance, dispute resolution |
| Usage Analytics | 2 years (anonymized thereafter) | Service improvement, legitimate interest |
| Consent Records | Duration of account + 7 years | Legal compliance, audit trail |
| Backup Data | 90 days from primary deletion | Disaster recovery, data integrity |
Financial data connected through Plaid and similar services receives special handling to comply with financial industry regulations and our partnership agreements:
Important: Upon account deletion, we immediately revoke all Plaid access tokens and cease fetching new financial data. Historical transaction data may be retained in anonymized form for the legally required period.
Users may request deletion of their account and personal data at any time through:
Immediate (Within 24 hours)
Account access disabled, third-party tokens revoked, active sessions terminated
Within 30 days
Primary data deleted from production systems, anonymization of retained analytics
Within 90 days
Removal from backup systems, confirmation email sent to user
Certain data may be retained beyond the deletion request due to legal obligations:
We implement automated processes to ensure data is not retained beyond necessary periods:
All retained data is protected using industry-standard security measures:
This Data Retention Policy is reviewed and updated on a regular schedule:
Review History:
You have the following rights regarding your data retention:
To exercise these rights, visit Settings → Privacy & Consent or contact us at privacy@stallzero.com
For questions about this Data Retention Policy or to exercise your data rights:
© 2026 STALLZERO. All rights reserved.