Data Retention Policy

This page explains how long PointAlchemy keeps your data and what happens when you disconnect a card or delete your account. It is a companion to our Privacy Policy.

1. Account & Financial Data

PointAlchemy retains your account information, manually-entered card data, point balances, and Plaid-derived transaction history for the lifetime of your account. We keep this data because it powers the historical portfolio charts, redemption logs, and optimization reports that make the product useful.

2. Inactive Accounts (18 months)

If you do not sign in to PointAlchemy for 18 consecutive months, we treat your bank-data authorization as withdrawn. Within seven days of the 18-month mark we will revoke your Plaid connections at Plaid, hard-delete the underlying transactions and linked-card records, and overwrite the encrypted access tokens. This is the same lifecycle that runs when you disconnect a connection yourself (see Section 3 below).

Your PointAlchemy account, manually-entered cards, point balances, optimization history, and subscription status remain untouched so you can resume where you left off whenever you sign back in. If you would prefer that we delete the account in full, you can do that yourself anytime from Settings → Account.

3. When You Disconnect a Card

When you disconnect a connection in Settings → Connections, we release the access token at Plaid and permanently delete all transaction history and linked-card records associated with that connection within 60 seconds. The connection record itself is retained as a revocation marker, with the access token blanked, so we have an audit trail of when access ended.

The same hard-deletion happens automatically when your bank or Plaid Link signals that you have revoked access (Plaid webhook codes USER_ACCOUNT_REVOKED and USER_PERMISSION_REVOKED).

4. When You Delete Your Account

When you delete your account in Settings → Account, we run a cascading delete that removes all data tied to your user record within 60 seconds. This includes credit cards, point balances, optimization reports, transactions, notifications, household memberships, and subscription metadata.

Two narrow exceptions are retained for compliance reasons, both with no PII:

• Anonymized admin audit records. When an admin granted a free membership, processed a refund, or performed any other support action, the audit row is preserved with your user identifier replaced by [deleted]. This keeps our records of admin activity intact for tax and accountability purposes.
• Aggregated, non-identifying analytics. Counts of total users on each plan tier and similar aggregate metrics may continue to reflect your past membership in anonymized form.

5. Operational Logs & Transient Tokens

The four append-only tables that record incoming webhook events, background-job runs, analytics events, and email-delivery events are capped at 90 days. A daily cleanup job deletes any row older than 90 days from these tables. None of these tables contain payment card numbers, account credentials, or full transaction contents. They are operational telemetry only.

Transient authentication tokens are single-use and short-lived: email verification tokens expire after 24 hours; password reset tokens expire after 1 hour; two-factor authentication setup tokens expire after 10 minutes. Session tokens expire after 30 days of inactivity. Newsletter subscriber records are deleted immediately upon unsubscription. Plaid access tokens are encrypted at rest while a connection is active, and are blanked (overwritten with empty strings) on disconnect or revocation.

6. Authorization & Revocation Records (CFPB § 1033)

Under CFPB Section 1033 (Personal Financial Data Rights Rule), we retain records of each authorization and revocation event for at least three years after the most recent authorization, so we can demonstrate compliance. These records contain only the user identifier, the timestamp of the authorization or revocation, and the institution connected. They do not contain transaction data, account numbers, credentials, or Plaid access tokens. Your authorization to share data with us is valid for up to 12 months; before it expires we will prompt you to re-authorize the connection.

7. Backups

Our database provider (Neon) maintains point-in-time backups for up to 7 days for disaster recovery. Deletions you make through the product propagate to these backups on the same 7-day rolling window.

8. We Do Not Sell or Share Your Individual Data

PointAlchemy does not sell, rent, or share your individual personal data with third parties for their own marketing or analytics. This includes your transactions, card portfolio, point balances, email, and account activity. Those never leave our infrastructure for outside use.

We may use or publish aggregated, anonymized statistics that cannot identify any individual user. For example, we might publish a figure like “the average PointAlchemy user holds 4.2 credit cards” or “Chase cards represent 38% of tracked cards on the platform.” Aggregate statistics like these are built from data that has been stripped of identifying information and cannot be reverse-engineered back to any individual user.

The third-party services listed in our Privacy Policy (Plaid, Stripe, Resend, and others) act as data processors on our behalf. They are bound by written agreements with us and by their own privacy commitments, and they use your data only to deliver the specific service we hired them for.

9. Your Rights

You can disconnect a card, delete your account, or request a copy of your data at any time from Settings. For other privacy requests, including requests under CCPA, GDPR, or similar regulations, email privacy@pointalchemy.com.