Data Retention & Deletion

OctoWealth retains user data only as long as reasonably necessary to provide the app, maintain user accounts, secure the service, comply with legal or platform requirements, resolve disputes, prevent fraud, maintain business records, support users, and operate our infrastructure.

When a user deletes their account, OctoWealth takes reasonable steps to delete or de-identify active account data, revoke Plaid-connected items where applicable, remove Plaid access tokens from active use, stop future financial account syncing, and delete or de-identify user data from active application systems, subject to retention exceptions.

Some data may remain temporarily in logs, backups, disaster recovery copies, audit records, billing records, support records, or legally required records. Backup and recovery data is deleted or overwritten according to applicable lifecycle schedules.

This policy applies to data processed in connection with the OctoWealth mobile app and related services, including:

• account and profile data;
• authentication data;
• consent records;
• Plaid-connected financial account data;
• manually entered financial data;
• budgets, rules, reports, exports, and insights;
• receipt images and OCR data;
• subscription and billing-related records;
• support tickets and support communications;
• device, app, diagnostic, telemetry, and crash information;
• logs, security records, and audit records;
• cloud backups and disaster recovery copies;
• local app data stored on a user’s device, where applicable.

This policy applies to OctoWealth’s active systems, AWS-hosted backend systems, mobile app storage, support systems, logs, backups, and operational records.

This policy does not control data retained independently by third parties, such as Plaid, Apple, Google, Stripe, financial institutions, AWS, Sentry, Atlassian Jira Service Management, or other service providers. Those third parties may retain data under their own policies, contracts, and legal obligations.

OctoWealth follows these retention principles:

• Purpose limitation: We retain data for defined app, security, support, legal, compliance, billing, or operational purposes.
• Data minimization: We aim to retain only the data reasonably needed for the purpose for which it is processed.
• User control: Users may request account deletion and data deletion as described in this policy.
• Security retention: Certain logs and audit records may be retained temporarily to detect abuse, investigate incidents, maintain security, and protect users.
• Backup lifecycle: Deleted active data may remain temporarily in backups or disaster recovery systems until those systems expire, rotate, or are overwritten.
• Legal and operational exceptions: Some records may be retained where necessary or permitted for legal compliance, accounting, dispute resolution, fraud prevention, security, platform requirements, contractual obligations, or business records.
• No indefinite active retention without purpose: We do not intend to retain active personal data indefinitely where there is no business, legal, security, user-requested, or operational need.

The table below describes OctoWealth’s general retention practices. Actual retention may vary depending on feature usage, user requests, legal requirements, security needs, technical constraints, and operational requirements.

Users may request deletion of their OctoWealth account through the app, where available, or by contacting:

support@octowealthapp.com

OctoWealth may also provide a public deletion page, such as:

https://octowealthapp.com/delete-account

When account deletion is requested, OctoWealth may use a scheduled deletion process with a grace period, such as 14 days. During the grace period, the user may be able to cancel deletion by signing back in or following the cancellation process provided in the app.

After the grace period ends and deletion is executed, OctoWealth takes reasonable steps to delete or de-identify active account data, revoke Plaid items where applicable, remove Plaid tokens from active use, stop future syncing, and disable account access.

When an OctoWealth account deletion is executed, OctoWealth generally takes reasonable steps to:

• close or delete the user’s OctoWealth account;
• delete or disable the user’s Cognito authentication record;
• revoke connected Plaid items through Plaid’s item removal process where applicable;
• remove Plaid access tokens from active use;
• stop future Plaid data syncing;
• delete or de-identify DynamoDB tenant data associated with the user;
• delete or de-identify account records;
• delete or de-identify transaction records;
• delete or de-identify budgets;
• delete or de-identify transaction rules;
• delete or de-identify debt strategies;
• delete or de-identify consent records, except where limited retention is needed for compliance;
• delete or de-identify support-linked app data where appropriate;
• delete or de-identify S3 user artifacts, such as receipts, exports, and user files, where applicable and technically feasible;
• clear local app storage where supported by the app;
• disable future push notifications associated with the account where applicable.

Deletion may not be instant across all systems. Some systems process deletion asynchronously, through scheduled jobs, lifecycle policies, queue processing, or backup expiration.

Deletion from active application systems is different from deletion from backups, logs, audit records, and disaster recovery systems.

When a user deletes an account, OctoWealth aims to remove or de-identify active account data within a reasonable period after deletion is executed, subject to verification, system processing, and legal or operational exceptions.

However:

• CloudWatch logs may remain for approximately 14 days;
• SQS dead-letter queue messages may remain for approximately 14 days;
• DynamoDB point-in-time recovery copies may remain recoverable for up to approximately 35 days;
• AWS Backup snapshots may remain for approximately 90 days;
• S3 access logs may remain for approximately 90 days;
• CloudTrail and audit logs may remain according to security, audit, and operational retention schedules;
• support records and billing records may remain where reasonably necessary;
• legal, security, fraud-prevention, dispute, or compliance records may remain where required or permitted.

Backup, disaster recovery, and audit systems are generally not designed to delete individual user records immediately from historical recovery copies. Instead, those copies expire, rotate, or are overwritten according to applicable retention schedules.

If backup data is restored, OctoWealth will take reasonable steps to reapply deletion requests where technically feasible and appropriate.

Disconnecting a financial institution is different from deleting an OctoWealth account.

A. Disconnecting a Financial Institution

When a user disconnects a financial institution, OctoWealth generally takes reasonable steps to:

• stop future syncing from that institution;
• revoke the applicable Plaid item where technically available;
• remove the applicable Plaid access token from active use;
• prevent future data refreshes from that institution unless reconnected.

Disconnecting a financial institution does not necessarily delete all previously synced data. Previously synced data may remain in OctoWealth for historical dashboards, budgets, reports, exports, user records, security, backup, legal, or operational purposes unless the user deletes it, requests deletion, or deletes the OctoWealth account.

If a per-institution disconnect feature is not yet available in the app, users may contact:

support@octowealthapp.com

B. Deleting an OctoWealth Account

Deleting an OctoWealth account is broader than disconnecting a financial institution.

Account deletion generally closes the user’s account, revokes Plaid-connected items where applicable, removes Plaid tokens from active use, stops future syncing, and deletes or de-identifies active account data associated with the user, subject to retention exceptions.

To protect users and prevent unauthorized deletion, OctoWealth may require verification before processing certain deletion or privacy requests.

Verification may include:

• requiring the user to be signed into the app;
• requiring re-authentication;
• confirming account email ownership;
• sending a confirmation link;
• asking for information reasonably necessary to locate the account;
• using support workflows to verify account control.

OctoWealth will not process deletion requests where we cannot reasonably verify that the requester is the account owner or authorized to act on behalf of the account owner.

OctoWealth aims to process verified deletion requests within a reasonable period.

Where applicable, OctoWealth aims to process verified privacy deletion requests within 30 days, subject to:

• identity verification;
• scheduled deletion grace periods;
• technical processing;
• queue processing;
• system availability;
• legal exceptions;
• security exceptions;
• fraud-prevention needs;
• backup and lifecycle limitations;
• service provider processing timelines.

If additional time is needed, OctoWealth may notify the user where required or appropriate.

After account deletion, OctoWealth may retain limited information where necessary or permitted for:

• legal compliance;
• tax and accounting records;
• billing and subscription records;
• fraud prevention;
• security monitoring;
• dispute resolution;
• enforcement of Terms of Service;
• audit logs;
• backup and disaster recovery;
• incident investigation;
• compliance with app store, payment provider, Plaid, AWS, or other service provider requirements;
• protecting the rights, property, and safety of OctoWealth, users, and third parties;
• demonstrating that a deletion request was processed;
• preventing reactivation of deleted accounts where necessary.

Retained information is limited to what OctoWealth reasonably needs for the applicable purpose.

Support records may include:

• support ticket content;
• email communications;
• user-submitted screenshots;
• issue descriptions;
• diagnostic details;
• attachments;
• support metadata;
• Jira Service Management ticket records where used.

Support records may be retained after account deletion where reasonably necessary for:

• customer support history;
• dispute resolution;
• security investigation;
• service improvement;
• business records;
• fraud prevention;
• legal or compliance needs.

Users should avoid submitting unnecessary sensitive financial information, account credentials, full account numbers, Social Security numbers, or other sensitive information in support tickets.

Where a user requests deletion, OctoWealth may delete, redact, or de-identify support records where technically feasible and where retention is not required or reasonably necessary.

OctoWealth may retain subscription and billing-related records as needed to:

• verify subscription status;
• manage entitlements;
• process support requests;
• investigate billing disputes;
• prevent fraud;
• maintain accounting and tax records;
• comply with app store or payment processor requirements;
• comply with applicable laws.

Subscription and billing records may include:

• plan type;
• trial status;
• subscription status;
• purchase date;
• renewal date;
• expiration date;
• cancellation status;
• refund status;
• payment processor customer or transaction identifiers;
• app store transaction identifiers;
• entitlement records.

If a user purchases a subscription through Apple, Google, Stripe, or another payment provider, that provider may retain billing records under its own policies.

Deleting an OctoWealth account may not automatically cancel a subscription. Users may need to cancel through Apple App Store, Google Play, Stripe, or the applicable billing portal.

The OctoWealth mobile app may store certain data locally on a user’s device, such as:

• app preferences;
• cached data;
• session information;
• local deletion schedule state;
• security settings;
• offline or temporary app data;
• locally stored exports;
• locally stored files;
• local receipt or OCR processing artifacts where applicable.

When a user logs out, deletes an account, clears app data, or uninstalls the app, local data may be deleted depending on operating system behavior, app implementation, and device settings.

OctoWealth cannot control all copies of data that a user exports, screenshots, downloads, stores, shares, or backs up outside OctoWealth.

Users are responsible for protecting exported files, screenshots, downloaded reports, and device-level backups.

OctoWealth may allow users to export data in formats such as CSV, PDF, JSON, or other supported formats.

Export files may contain sensitive financial information.

Data exports may be retained temporarily by OctoWealth, such as approximately 30 days, depending on implementation and storage lifecycle settings. Export files may be deleted earlier if the user deletes the account or if the file expires according to lifecycle policies.

Once a user downloads or shares an export file outside OctoWealth, OctoWealth cannot control how that copy is stored, shared, retained, or deleted.

If receipt scanning is enabled, OctoWealth may process:

• receipt images;
• OCR text;
• extracted merchant names;
• extracted dates;
• extracted amounts;
• extracted line items where available;
• receipt-to-transaction matching data.

Receipt data may be retained while the account is active and as needed to provide user-requested receipt tracking, expense records, support, legal, accounting, or operational functionality.

Depending on implementation, some receipt-related records may have longer lifecycle settings than other data categories. Users may request deletion of receipt data by deleting the relevant records where the feature is available, requesting support assistance, or deleting their OctoWealth account, subject to retention exceptions.

OctoWealth retains logs and security records to operate and secure the service.

Logs may include:

• API request metadata;
• timestamps;
• authentication events;
• security events;
• error logs;
• Lambda logs;
• API Gateway logs;
• WAF logs;
• mobile client logs where enabled;
• crash diagnostics;
• infrastructure events;
• queue processing events;
• backup and job execution logs.

Logs help OctoWealth:

• detect unauthorized access;
• troubleshoot errors;
• monitor performance;
• investigate incidents;
• protect accounts;
• prevent abuse;
• maintain auditability;
• enforce Terms of Service;
• comply with operational and legal requirements.

Operational logs such as CloudWatch logs are generally retained for approximately 14 days unless a different retention period applies. Audit and security logs may be retained longer where necessary for security, audit, compliance, or operational purposes.

OctoWealth aims to avoid intentionally logging sensitive financial data, Plaid access tokens, credentials, or unnecessary sensitive information. However, users should avoid submitting sensitive data in support messages, free-text fields, or screenshots unless necessary.

In some cases, OctoWealth may de-identify, aggregate, or anonymize data instead of deleting it, where permitted by law and appropriate for the purpose.

De-identified or aggregated data may be used for:

• service analytics;
• reliability monitoring;
• product improvement;
• business reporting;
• security analysis;
• operational planning;
• debugging;
• compliance reporting.

OctoWealth does not use de-identification as a way to avoid a valid deletion request where active identifiable personal data can reasonably be deleted. De-identified or aggregated data should not reasonably identify a specific user.

OctoWealth uses service providers to operate the app. These providers may include:

• Plaid;
• Amazon Web Services;
• Apple;
• Google;
• Stripe or other payment processors;
• Sentry;
• Atlassian Jira Service Management;
• Financial Modeling Prep;
• CoinGecko;
• exchange rate providers;
• notification infrastructure providers;
• other vendors or service providers.

These providers may retain information under their own terms, policies, contracts, and legal obligations.

When a user deletes an OctoWealth account, OctoWealth takes reasonable steps to delete, de-identify, disable, or revoke relevant data in systems we control or configure. However, third-party providers may retain certain records independently where required or permitted by their own policies, legal obligations, security requirements, billing records, audit logs, or platform rules.

OctoWealth may suspend deletion, preserve data, or retain certain information if reasonably necessary to:

• comply with legal process;
• respond to subpoenas, court orders, or lawful requests;
• preserve evidence;
• investigate fraud, abuse, security incidents, or Terms violations;
• resolve disputes;
• enforce agreements;
• protect the rights, property, or safety of OctoWealth, users, service providers, or third parties;
• comply with legal, regulatory, platform, or contractual obligations.

If a legal hold applies, affected data may be retained until the hold is lifted or the retention purpose no longer applies.

OctoWealth’s internal retention practices are intended to follow these standards:

• assign retention periods to major data categories;
• avoid retaining unnecessary sensitive data;
• restrict production data access to authorized personnel;
• use least-privilege access controls;
• encrypt sensitive data where appropriate;
• store Plaid access tokens encrypted;
• avoid sending Plaid access tokens to the mobile app;
• avoid logging sensitive financial data where possible;
• expire logs and backups according to configured lifecycle policies;
• review retention practices as the product changes;
• update public disclosures when retention practices materially change;
• document deletion workflows for account deletion, Plaid item removal, and data deletion.

These internal standards are operational goals and may evolve as OctoWealth’s systems, vendors, features, and compliance needs change.

Users are responsible for:

• submitting accurate account information;
• protecting login credentials;
• securing their devices;
• managing connected financial institutions;
• downloading and protecting export files;
• deleting local files they no longer need;
• cancelling subscriptions through the applicable payment provider when required;
• avoiding unnecessary sensitive information in support tickets or free-text fields;
• contacting OctoWealth if they need help with deletion or disconnection.

Deleting the mobile app from a device does not necessarily delete the user’s OctoWealth account or cancel any subscription.

OctoWealth may update this Data Retention and Deletion Policy from time to time.

If we make material changes, we may provide notice by email, in-app notice, app update notice, posting an updated policy, or another reasonable method.

The updated policy will become effective when posted or as otherwise stated in the notice.

If a change requires renewed consent or user acknowledgment, we may request that consent or acknowledgment through the app.

If you have questions about this Data Retention and Deletion Policy, account deletion, data deletion, Plaid disconnection, or retention practices, contact us at:

OctoPath LLC d/b/a OctoWealth Email: support@octowealthapp.com Website: https://octowealthapp.com

This summary is for convenience only. The full policy above controls.

• OctoWealth keeps account and financial data while your account is active and the data is needed to provide the app.
• Plaid access tokens are encrypted and stored only on OctoWealth backend systems.
• When you delete your account, OctoWealth revokes Plaid connections where applicable, removes Plaid tokens from active use, stops future syncing, and deletes or de-identifies active account data.
• OctoWealth may use a 14-day scheduled deletion grace period.
• CloudWatch logs are generally retained for approximately 14 days.
• SQS dead-letter queue messages are generally retained for approximately 14 days.
• DynamoDB point-in-time recovery may retain recoverable copies for up to approximately 35 days.
• AWS Backup snapshots may persist for approximately 90 days.
• Some audit logs, support records, billing records, legal records, and security records may be retained longer where necessary.
• Deleting the app from your phone does not necessarily delete your OctoWealth account.
• Deleting your OctoWealth account may not automatically cancel your subscription.
• Exported files, screenshots, downloaded reports, and device backups outside OctoWealth are your responsibility.