Data Retention and Disposal Policy

Effective Date: March 30, 2026

Last Reviewed: March 30, 2026

Contact: security@thrivn.app

1. Purpose

This policy defines how Thrivn collects, retains, and disposes of consumer financial data, including data retrieved from third-party services such as Plaid.

2. Data Collected via Plaid

Data Type Description Retention Period
Access Tokens Plaid access tokens for bank connections Retained while the connection is active; deleted immediately upon user disconnection or account deletion
Account Information Bank account names, types, balances, masks Retained while the user account is active
Transaction Data Transaction history, amounts, merchant names, categories Retained while the user account is active
Institution Info Bank name, institution ID Retained while the connection is active

3. Data Storage and Encryption

  • All consumer data is stored in Supabase (PostgreSQL) with AES-256 encryption at rest.
  • All data transmission uses TLS 1.2+ encryption in transit.
  • Plaid access tokens are stored server-side only in a secured table with Row Level Security (RLS). They are never exposed to the client application.
  • The mobile application stores a local cache of transactions and accounts using an encrypted SQLite database on the user's device.

4. Data Access Controls

  • Database access is controlled via Supabase Row Level Security (RLS) policies -- users can only access their own data.
  • Administrative access to the database requires multi-factor authentication (MFA).
  • Plaid API credentials (client_id, secret) are stored as environment variables in Supabase Edge Functions, never in client code.

5. Data Deletion

5.1 User-Initiated Account Deletion

Users can delete their account at any time from within the application (Settings > Delete Account). Upon deletion:

  1. The Plaid access token is revoked via the Plaid API (/item/remove).
  2. All user data is permanently deleted from the server database, including:
    • User profile
    • Bank accounts and Plaid connection data
    • All transactions
    • Budgets, goals, debts, and related records
    • Transaction rules
    • Push notification tokens
  3. The local device cache is cleared.
  4. This process is irreversible.

5.2 Plaid Connection Disconnection

Users can disconnect individual bank connections. Upon disconnection:

  1. The Plaid access token is revoked via the Plaid API.
  2. The Plaid Item record is deleted from the database.
  3. Associated bank accounts are converted to manual accounts (Plaid metadata is cleared).
  4. Historical transactions are retained for the user's reference but are no longer updated.

5.3 Inactive Account Policy

  • Accounts inactive for more than 12 months (no login activity) may be flagged for deletion.
  • Users will be notified via email 30 days before deletion.
  • If no action is taken, the account and all associated data will be permanently deleted following the same process as Section 5.1.

6. Data Disposal Methods

  • Database records: Permanently deleted via SQL DELETE operations with cascading foreign key constraints.
  • Plaid tokens: Revoked via Plaid API before deletion from the database.
  • Device cache: Cleared by deleting the local SQLite database file.
  • Backups: Supabase automated backups follow a 7-day retention window. Deleted data is purged from backups after this period.

7. Third-Party Data Sharing

Thrivn does not sell, share, or distribute consumer financial data to any third parties. Data retrieved from Plaid is used exclusively to provide the app's financial management features to the authenticated user.

8. Policy Review

This policy is reviewed at least annually or whenever significant changes are made to data handling practices. The last review date is noted at the top of this document.

Thrivn

security@thrivn.app