Debit Card Wrapped

Effective Date: May 10th, 2026

1. Introduction

Debit Card Wrapped (“we,” “our,” or “us”) is a mobile application that provides users with insights into their spending habits using financial data obtained through the Plaid API. This Data Deletion and Retention Policy explains how long we retain user data and how users can request deletion of their data.

2. Scope

This policy applies to all personal and financial data processed by Debit Card Wrapped, including data obtained via third-party financial data providers such as Plaid.

3. Types of Data Collected

We may collect and process the following categories of data:

• Bank transaction data (via Plaid)
• Account metadata (e.g., account type, balances where applicable)
• User profile information (e.g., email address, authentication credentials)
• App usage and analytics data

We do not sell user data or use it for advertising purposes.

4. Data Retention

We retain user data only for as long as necessary to provide the core functionality of the app and comply with legal obligations.

4.1 Active Accounts

While a user maintains an active account, we retain:

• Transaction data retrieved via Plaid for up to 12 months of historical analysis or the maximum allowed by Plaid access scopes
• Derived insights and summaries generated by the application
• User account information required for authentication and service delivery

4.2 Inactive Accounts

If an account is inactive for more than 24 months, we may:

• Delete or anonymize associated personal data
• Retain anonymized, aggregated insights that cannot identify the user

4.3 Legal and Security Retention

We may retain certain data for longer periods if required to:

• Comply with legal obligations
• Resolve disputes
• Enforce agreements
• Maintain security and prevent fraud

5. Data Deletion Requests

Users may request deletion of their data at any time.

5.1 How to Request Deletion

Users can request deletion by:

• Using the in-app “Delete My Data” feature (if available), or
• Contacting us at: [Insert Support Email]

5.2 Deletion Process

Upon receiving a verified request, we will:

• Delete or anonymize personal account data within 30 days
• Revoke Plaid access tokens associated with the user’s accounts
• Delete stored transaction data and derived insights, unless retention is required by law

5.3 Third-Party Data (Plaid)

We will also request deletion or token invalidation through Plaid where applicable. However, certain data may remain in aggregated or de-identified form within Plaid systems subject to their own policies.

6. Data Anonymization

In some cases, we may anonymize user data instead of deleting it. Anonymized data:

• Cannot be linked back to an individual user
• May be used for improving product features and analytics

7. Backup Systems

Deleted data may persist in encrypted backups for up to 90 days before being permanently overwritten as part of our disaster recovery systems.

8. Security Measures

We implement reasonable technical and organizational safeguards to protect user data, including:

• Encryption in transit and at rest
• Access controls and authentication requirements
• Regular security reviews

9. Changes to This Policy

We may update this policy from time to time. Users will be notified of material changes through the app or email.

10. Contact Information

If you have questions about this policy or your data, contact us at:

Email: chris@topherpedersen.com
Company: Debit Card Wrapped