Data Retention & Deletion

Last updated: April 12, 2026

1. Overview

This policy describes how CyriLiNa.IT LLC retains, manages, and deletes your personal and financial data in SharkFinEnhance™. We are committed to data minimization and only retain information necessary to provide our services.

2. Self-hosted vs. hosted data

2.1 Self-hosted

When you run SharkFinEnhance™ on your own infrastructure, all data is stored on your servers. You are fully responsible for data retention, backup, and deletion. This policy describes our recommendations for self-hosted users and the mandatory practices for our hosted service.

2.2 Hosted service

When you use our hosted service, we manage your data according to the retention schedule below. All data is encrypted at rest and subject to our security controls.

3. Data retention schedule

Data type	Retention	Deletion trigger
Account credentials	Until account deletion	User request
User profile	Until account deletion	User request
Plaid® connections	Until disconnected	User disconnects or deletes account
SimpleFIN® connections	Until token revoked	User revokes or deletes account
SnapTrade™ connections	Until disconnected	User disconnects or deletes account
Transaction history	Until account deletion	Account deletion
Investment holdings	Until account deletion	Account deletion
Categories & budgets	Until account deletion	Account deletion
Bills & savings goals	Until account deletion	Account deletion
Login history	90 days	Automatic expiration
Failed login attempts	24 hours	Automatic reset
IP ban records	1 hour	Automatic expiration
Refresh tokens	7 days	Expiration or logout
Household invitations	7 days	Accepted, rejected, or expired
Audit logs	1 year	Automatic expiration
AI processing data	0 — not retained	Discarded after processing

4. Your deletion rights

4.1 Delete individual data

Bank connections: Disconnect via Settings → Connectors
Brokerage connections: Disconnect via Settings → Connectors
Transactions: Individual transactions can be deleted from the transaction list
Categories/Tags: Delete via respective management pages
Bills/Goals: Delete via respective management pages
Household membership: Leave via Household settings

4.2 Delete entire account

Account deletion is permanent and irreversible. Export your data first.

To delete your entire account, go to Profile → Delete Account. This removes:

Your user account and credentials
All linked bank and brokerage connections
All transaction and investment history
All categories, tags, budgets, and rules
All bills and savings goals
All household memberships (owned households are transferred or deleted)
All login history, audit logs, and security records

5. Connector data handling

5.1 Plaid®

When you connect: We store an encrypted access token (AES-256-GCM) that allows us to retrieve your account and transaction data.

When you disconnect: We immediately delete the access token and revoke access with Plaid's API. Historical transaction data is retained unless you specifically request deletion.

To manage data Plaid has collected directly, visit my.plaid.com.

5.2 SimpleFIN®

When you connect: We store your SimpleFIN access URL to retrieve account and transaction data.

When you disconnect: We delete the access URL. Historical data is retained unless you request deletion.

5.3 SnapTrade™

When you connect: We create a SnapTrade user linked to your account and store connection credentials.

When you disconnect: We delete the brokerage connection via SnapTrade's API and remove stored credentials. Historical holdings data is retained unless you request deletion.

6. AI data handling

6.1 Self-hosted Ollama

All AI processing happens on your server. No data leaves your network.

6.2 CyriLiNa Private AI™

When using the CyriLiNa Private AI™ add-on, transaction data is sent to our AI server for processing. This data is processed in memory, never logged, and immediately discarded after the response is returned. No financial data is stored on our AI infrastructure.

6.3 Third-party AI providers

If you connect your own OpenAI, Anthropic, or other API keys, your financial data is sent to those providers. Their data retention policies apply. We do not control how third-party AI providers handle your data.

7. Data export

Before deleting your account, you may export your data. This includes:

All transaction history (CSV format)
Account balances and history
Investment holdings and performance
Categories, tags, and budgets
Bills and savings goals

To export, go to Profile → Export Data.

8. Deletion process

8.1 Timeline

Immediate: Account access is revoked
Within 24 hours: All user data removed from primary database
Within 30 days: Data removed from all backups

8.2 Exceptions

We may retain certain data beyond deletion requests if required for:

Legal compliance or regulatory requirements
Fraud prevention and security
Resolving disputes or enforcing agreements

9. Automatic data cleanup

We automatically purge the following:

Login history: Entries older than 90 days
IP bans: Expire after 1 hour
Failed login counters: Reset after 24 hours
Expired refresh tokens: Cleaned up daily
Expired invitations: Removed after 7 days
Audit logs: Entries older than 1 year

10. Contact us

For data deletion requests or questions about this policy:

Email: privacy@sharkfinenhance.xyz

Company: CyriLiNa.IT LLC