SpendCaddie Logo
SpendCaddie
LoginGet Started

Data Retention Notice

Version: 2.0Effective Date: May 21, 2026Last Updated: May 21, 2026

This Data Retention Notice explains how Bobby Built Ventures, LLC d/b/a SpendCaddie ("SpendCaddie," "we," "us," or "our") retains and deletes personal information. It supplements the Privacy Policy.

This notice describes public retention principles. It does not promise a universal fixed deletion schedule for every record, because retention depends on the type of data, account status, legal obligations, security needs, provider practices, billing status, disputes, and technical limitations.

1. Retention principles

We retain personal information for as long as reasonably necessary to:

  • provide the Service;
  • maintain your account;
  • deliver debt planning, linked-account, AI explanation, export, and notification features;
  • process billing and subscription entitlements;
  • provide support;
  • maintain security;
  • prevent fraud and abuse;
  • comply with legal obligations;
  • resolve disputes;
  • enforce agreements;
  • maintain audit and compliance records; and
  • maintain business records.

We aim to retain no more personal information than reasonably needed for these purposes.

2. General retention categories

Data categoryGeneral retention approach
Account profile dataRetained while your account is active and as needed for account, support, security, legal, and compliance purposes.
Manual debt and plan dataRetained while your account is active and as needed to provide planning, payment logging, progress, and export features.
Plaid-linked account dataRetained while the connection or account is active and as needed for planning, alerts, sync, support, security, and compliance.
Plaid access tokensStored encrypted while needed to maintain authorized connections; deleted or deactivated from active app records when the connection/account is deleted, subject to exceptions.
Transaction and liability dataRetained while needed for debt planning, alerts, exports, support, security, and compliance.
AI explanation dataOutputs/cache/usage metadata may be retained while needed to operate, secure, monitor, debug, and improve AI features, subject to account deletion and exceptions.
Subscription and billing recordsRetained as needed for billing, tax, accounting, chargeback, fraud-prevention, provider reconciliation, legal, and dispute purposes.
Consent recordsRetained as needed to document legal compliance, policy acceptance, and user preferences.
Data-rights request recordsRetained as needed to document request handling, verification, response, appeal, and legal compliance.
Audit and security logsRetained as needed for security, fraud prevention, incident response, abuse prevention, and compliance.
Support communicationsRetained as needed to provide support, investigate issues, maintain business records, and resolve disputes.
Local app/device dataRetained on your device until removed by the app, device, operating system, account action, or user action such as clearing cache or deleting the app.
Provider backups and logsRetained according to provider practices, contracts, backup cycles, legal obligations, and technical constraints.

3. Account deletion

You may request account deletion through account settings where available or by contacting privacy@spendcaddie.com.

When you delete your account, SpendCaddie deletes or deactivates configured app account data from active systems, subject to legal, security, billing, fraud-prevention, audit, dispute-resolution, and compliance exceptions.

Account deletion may include deletion or deactivation of configured records such as profile data, manual debt records, plan records, payment logs, linked-account local records, AI insight/cache records, household membership records, and other user-owned application data.

Account deletion may preserve or retain certain records, such as:

  • consent records;
  • privacy request records;
  • audit and security logs;
  • billing, invoice, subscription, payment, and tax records;
  • fraud, abuse, and incident records;
  • provider webhook receipts;
  • legal and dispute records;
  • support records; and
  • records needed to comply with law, enforce agreements, protect rights, or maintain security.

4. Linked financial account deletion and Plaid

When you disconnect a linked account or delete your account, SpendCaddie will attempt to remove the Plaid connection and delete or deactivate local connection records. If a Plaid removal request fails or is delayed, SpendCaddie may still proceed with local deletion or deactivation and may log the error for security, support, and audit purposes.

Plaid, financial institutions, and other providers may retain records according to their own legal obligations, retention practices, and policies.

5. Account deletion does not cancel subscriptions

Deleting your SpendCaddie account does not automatically cancel active subscriptions. You must cancel web subscriptions through the SpendCaddie billing portal or Stripe-supported flow and iOS subscriptions through Apple subscription settings. If you delete your account without canceling, the payment provider or app store may continue billing until you cancel through the applicable provider.

6. Data export

SpendCaddie may provide a privacy export in JSON or another available format. Exports may redact sensitive tokens, credentials, payment identifiers, internal IDs, fraud-prevention metadata, security fields, or information that cannot be disclosed for legal, security, privacy, or trade-secret reasons.

Report exports, CSV/PDF/Markdown exports, or product analytics exports may be separate from privacy exports and may be available only on certain plans.

7. Aggregated and de-identified information

We may retain aggregated or de-identified information that does not reasonably identify you, subject to applicable law. We will not attempt to reidentify de-identified information except as permitted by law, such as to test whether deidentification works.

8. Backups and provider retention

Deletion from active systems may not immediately remove data from backups, provider logs, security records, email systems, or disaster-recovery systems. Backups and provider records may persist for a limited period according to provider retention practices, legal obligations, security needs, and technical constraints.

9. Legal holds and disputes

We may suspend deletion, preserve records, or retain information longer if needed for legal holds, disputes, investigations, security incidents, chargebacks, fraud prevention, regulatory requirements, or enforcement of our Terms.

10. Contact

Privacy Inquiries: privacy@spendcaddie.com