1. Overview

This Data Retention Policy outlines how TradeTrackers manages, stores, and disposes of user data. Our goal is to retain data only as long as necessary to provide our services while respecting user privacy and complying with applicable laws.

2. Data Categories and Retention Periods

2.1 User Account Data

Data Type	Retention Period	Deletion Method
Account Credentials Email, hashed password	Account lifetime + 30 days	Hard delete
Profile Information Name, preferences	Account lifetime + 30 days	Hard delete
Password History Last 5 password hashes	Rolling (last 5 only)	Auto-purge
MFA Settings TOTP secrets, backup codes	Account lifetime	Secure wipe
Email Verification Tokens	24 hours	Auto-expire
Password Reset Tokens	1 hour	Auto-expire

2.2 Trading Data

Data Type	Default Retention	User Control
Active Trades Open positions	Indefinite	User can delete
Closed Trades Completed trades	Indefinite	User can delete
Expired Trades Expired options	Indefinite	User can delete
Trade Notes User annotations	With parent trade	Deleted with trade
Trade Tags Custom labels	Indefinite	User can delete
Imported Transactions Raw import data	90 days	Auto-purge

2.3 Analytics and Logs

Data Type	Retention Period	Purpose
Access Audit Logs Permission changes, admin actions	365 days	Security compliance
Login Activity Authentication events	365 days	Security monitoring
Failed Login Attempts Failed auth tracking	24 hours (count), 90 days (log)	Lockout protection
Session Data Active sessions	7 days after expiry	Session management
API Request Logs Application logs	90 days	Debugging

2.4 Integration Data

Data Type	Retention Period	User Control
Plaid Connection Tokens Broker links	Until disconnected	User can disconnect
Plaid Transaction Cache Imported transactions	24 hours	Auto-refresh
CSV/JSON Import Files Upload files	Not stored	Processed and discarded

3. User-Controlled Retention

3.1 Individual Data Deletion

Users can delete their data at any time through the application:

3.2 Admin-Controlled Retention Policies

Administrators can configure custom retention policies:

Settings Location: Settings → Admin Panel → Data Retention

• Closed trades retention period
• Expired trades retention period
• Audit log retention period
• Session data retention
• Global retention enforcement

4. Account Deletion

When a user requests account deletion:

5. Automated Retention Processes

5.1 Scheduled Cleanup Jobs

Job	Frequency	Action
Token Cleanup	Hourly	Remove expired verification/reset tokens
Session Cleanup	Daily	Remove expired session data
Audit Log Cleanup	Daily	Remove logs older than retention period
Trade Cleanup	Daily	Apply retention policies to trade data
Lockout Reset	Hourly	Reset expired account lockouts

5.2 Soft Delete vs. Hard Delete

Type	Description	Recovery
Soft Delete (Grace Period)	Data is marked as deleted but retained	Recoverable during grace period
Hard Delete (Permanent)	Data is permanently removed from database	No recovery possible

6. Data Export and Portability

6.1 Export Formats

Export Type	Format	Contents
Trade Export	CSV	All trade data with calculations
Full Account Export	JSON	Complete account data
Analytics Report	CSV	Performance statistics

6.2 Export Contents

Trade Export includes:

• All trade details (symbol, dates, prices, quantities)
• Calculated P&L
• Tags and notes
• Strategy information
• Entry and exit lots

Full Export includes:

• Account information (email, name)
• All trades
• All tags
• User settings
• Analytics data

7. Backup and Recovery

7.1 Backup Schedule

Backup Type	Frequency	Retention
Full Database	Daily	30 days
Transaction Logs	Continuous	7 days
Configuration	On change	90 days

7.2 Backup Deletion

When user data is deleted:

• Active database: Immediate deletion
• Recent backups (7 days): Marked for exclusion from restore
• Older backups (7-90 days): Purged during rotation

8. Legal and Compliance

8.1 Regulatory Compliance

Regulation	Requirement	Our Compliance
GDPR	Right to erasure	30-day deletion + 90-day backup purge
CCPA	Right to delete	Same as GDPR
SOC 2	Audit trail retention	365 days audit logs

8.2 Legal Hold

Data subject to legal proceedings or regulatory investigation:

• Will be retained beyond normal retention periods
• Will be preserved in its current state
• Will not be modified or deleted
• Will be clearly marked as under legal hold

9. Contact Information

For questions about data retention:

Email: support@tradetrackers.ai

Data Deletion Requests: Can be submitted through:

• Settings → Account → Delete Account
• Email to support@tradetrackers.ai

---

Quick Reference: Retention Summary

Data Category	Default Retention	User Can Delete	Auto-Purge
Account data	Account + 30 days	Yes	On account deletion
Trade data	Indefinite	Yes	Per policy settings
Closed trades	Indefinite	Yes	Configurable
Expired trades	Indefinite	Yes	Configurable
Audit logs	365 days	No	Yes
Security logs	365 days	No	Yes
Session data	7 days	N/A	Yes
Tokens	1-24 hours	N/A	Yes
Backups	90 days	N/A	Yes

© 2026 TradeTrackers. All rights reserved.