Last updated: March 12, 2026
Data Deletion & Retention Policy
RewardRoute maintains a defined and enforced data deletion and retention policy. Our device-first architecture means we retain minimal data server-side, and users have direct, self-service control over the deletion of all their data.
1. Data Categories and Retention
RewardRoute processes two distinct categories of data, each with different retention characteristics:
A. On-Device Financial Data
- What: Transaction history, card details, spending analysis, reward calculations, and Plaid access tokens.
- Where: Stored exclusively on the user’s device, encrypted with AES-256 and hardware-backed keys.
- Retention: Persists only while the App is installed. Uninstalling the App permanently deletes all on-device data. No server-side copy exists.
- User control: Users can delete this data at any time through the account deletion flow (see Section 3 below).
B. Server-Side Account Data
- What: Email address, Firebase Authentication record, Plaid item references (item IDs and institution metadata — not financial data), and user profile information.
- Where: Firebase Authentication and Firestore (Google Cloud).
- Retention: Maintained while the user’s account is active. Deleted immediately and permanently upon account deletion request.
- No financial data: Our servers never store transaction data, account balances, card numbers, or any other financial information.
2. Retention Schedule
| Data Type | Location | Retention Period | Deletion Trigger |
|---|---|---|---|
| Transaction data | User device only | While App installed | App uninstall or account deletion |
| Card details | User device only | While App installed | App uninstall or account deletion |
| Spending analysis | User device only | While App installed | App uninstall or account deletion |
| Plaid access tokens | User device only | While App installed | Account deletion (tokens revoked via Plaid API) |
| Email address | Firebase Auth | While account active | Account deletion |
| Plaid item references | Firestore | While account active | Account deletion |
| Anonymous analytics | Firebase Analytics | Per Google retention defaults | Non-identifiable; no user deletion needed |
3. Account Deletion Process
Users can permanently delete all their data through the App at any time via Settings → Delete My Account. This is a self-service, immediate process that executes the following steps:
- Plaid token revocation: All Plaid access tokens associated with the account are revoked via the Plaid API, permanently severing the connection to the user’s financial institutions.
- Firestore data deletion: All Plaid item records and user profile data stored in Firestore are permanently deleted.
- Firebase Auth deletion: The user’s Firebase Authentication account is permanently deleted.
- Local data erasure: All on-device data (transactions, cards, analysis, cached tokens) is erased from the device.
This process is irreversible. Once initiated, all data is permanently removed and cannot be recovered. Users are presented with a confirmation dialog that clearly describes what will be deleted before proceeding.
4. Third-Party Data Deletion
- Plaid: When a user deletes their account, RewardRoute calls Plaid’s item removal API to revoke access tokens. Plaid’s own data retention and deletion practices are governed by Plaid’s Privacy Policy. Users may also contact Plaid directly to request deletion of data Plaid holds.
- Firebase: Account deletion removes the user’s authentication record and associated Firestore documents. Firebase’s data handling is governed by Google’s Privacy Policy.
5. Compliance with Data Privacy Laws
Our data retention and deletion practices are designed to comply with applicable data privacy regulations, including:
- CCPA (California Consumer Privacy Act): Users can delete all personal information through the in-App account deletion flow. Our device-only architecture means we hold minimal personal information server-side to begin with.
- GDPR (General Data Protection Regulation): Users can exercise their right to erasure (Article 17) through the account deletion flow. Data minimization (Article 5) is inherent in our device-only storage model.
- Right to be forgotten: Account deletion removes all identifiable data from our systems. Because financial data is never stored on our servers, there is no server-side financial data to forget.
To request data deletion without access to the App, users may contact privacy@rewardroute.app with the email address associated with their account.
6. Enforcement
Data deletion is enforced through application code — the account deletion flow is automated and executes the full deletion sequence described in Section 3 without manual intervention. There are no manual overrides, grace periods, or soft-delete mechanisms. Deletion is immediate and permanent.
7. Policy Review
This policy is reviewed periodically and updated when:
- New data types are introduced to the application
- Changes are made to our storage architecture or third-party integrations
- Applicable data privacy laws are updated or new regulations take effect
- At minimum on an annual basis
Material changes are reflected in the “Last updated” date above.
8. Related Policies
- Privacy Policy — full data collection and usage practices
- Information Security Policy — encryption and security controls
- Terms of Service — user obligations and service terms
9. Contact
For questions about data retention or to request data deletion, contact us at: privacy@rewardroute.app