Data Retention & Deletion Policy

Last updated: April 1, 2026

Blueprint Finance LLC, doing business as Blueprint AI ("Blueprint," "we," "us," or "our"), is committed to handling user data responsibly. This policy defines how long we retain different categories of data, when and how data is deleted, and how users can request deletion of their data. This policy is reviewed at least annually to ensure compliance with applicable laws including GDPR, CCPA, and other applicable data privacy regulations.

1. Scope

This policy applies to all personal data and consumer financial data collected, processed, or stored by Blueprint in connection with our web application, mobile application, and related services.

2. Data Retention Schedule

Blueprint retains data only for as long as necessary to fulfill the purpose for which it was collected, or as required by applicable law.

Account & Profile Data

Name, email address, authentication credentials, account preferences

Retention: Retained for the duration of the active account. Deleted within 30 days of account closure or deletion request.

Financial & Transaction Data

Bank account connections, transaction history, budget data, Plaid access tokens

Retention: Retained for the duration of the active account. Plaid access tokens and linked account data are deleted within 30 days of account closure. Transaction history is purged within 30 days of account deletion.

Calendar & Event Data

Connected calendar tokens, synced calendar events

Retention: OAuth tokens are stored only while the integration is active. Revoked or disconnected tokens are deleted immediately. All calendar data is purged within 30 days of account deletion.

Payment & Subscription Data

Subscription status, Stripe customer ID, billing history

Retention: Retained for a minimum of 7 years as required by financial recordkeeping regulations. Raw payment card data is never stored by Blueprint — all payment processing is handled by Stripe.

Log & Usage Data

Application logs, error reports, usage analytics

Retention: Retained for up to 90 days for operational and security purposes, then automatically purged.

Backup Data

Database backups containing user data

Retention: Backups are retained for up to 90 days, after which they are permanently and irreversibly deleted.

3. Data Deletion Process

When a user requests account deletion or closes their account:

Personal data is flagged for deletion immediately upon request
Production systems are purged of user data within 30 days
Linked bank connections (Plaid tokens) are revoked and deleted
Calendar OAuth tokens are revoked and deleted
Residual copies in backups are purged within 90 days as part of the normal backup rotation cycle
Users receive email confirmation once their data has been deleted

4. User Rights

Depending on your location, you may have the following rights regarding your data:

Right to Access — Request a copy of the data we hold about you
Right to Deletion — Request that your data be deleted (subject to legal retention requirements)
Right to Portability — Request your data in a portable format
Right to Correction — Request that inaccurate data be corrected

To exercise any of these rights, contact us at blueprintappai@outlook.com. We will respond to all requests within 30 days.

5. Legal Holds

In certain circumstances, we may be required to retain data beyond the standard retention periods described above — for example, in response to a legal hold, regulatory inquiry, or litigation. In such cases, the affected data will be retained until the legal obligation is resolved.

6. Third-Party Data Processors

Blueprint uses third-party service providers that may retain data according to their own retention policies. Key providers include:

Supabase — database hosting; data is deleted from production systems upon account closure
Plaid — bank connectivity; Plaid's data retention practices are governed by Plaid's own privacy policy
Stripe — payment processing; financial records retained per Stripe's compliance requirements
Resend — email delivery; email logs retained per Resend's data retention policy

7. Policy Review

This policy is reviewed at least annually and updated as needed to reflect changes in applicable law, our systems, or our data practices. Users will be notified of material changes via email or in-app notification.

For questions about this policy, contact us at blueprintappai@outlook.com.