Legal
Data Retention & Deletion Policy
1. Objective
This policy defines how Vera Level Apps Inc retains and deletes data collected through our applications, in compliance with applicable privacy laws including GDPR and CCPA.
2. Scope
This policy applies to all data collected and processed by Vera Level Apps Inc through our products, including the Breather app.
3. Data We Collect and Retention Periods
| Data Type | Where Stored | Retention Period |
|---|---|---|
| Financial planning data (savings, expenses, projections) | On-device only (Hive) | Until user deletes the app |
| Plaid access tokens | Supabase (server-side) | Until user requests deletion or disconnects accounts |
| Device ID (anonymous) | Supabase (server-side) | Until user requests deletion |
| Crash/analytics data | Third-party services | Per third-party provider policy |
4. Data Deletion
4.1 User-Initiated Deletion
- App data: Automatically deleted when the user uninstalls the app
- Plaid connections: Users can disconnect accounts at any time within the app, which triggers immediate deletion of the associated access token from our servers
- Account deletion requests: Users may request full deletion of their data by emailing support@veralevel.app. Requests are fulfilled within 30 days.
4.2 Automatic Deletion
- Plaid access tokens that have not been used for 12 months are automatically deleted
- No financial data is retained on our servers after account disconnection
5. Data We Do NOT Store
- Bank credentials or passwords (handled entirely by Plaid)
- Transaction history
- Account numbers
- Social Security Numbers or government IDs
6. Third-Party Data Processors
We use the following third-party processors who maintain their own retention policies:
- Plaid Inc — financial account connectivity
- Supabase Inc — backend infrastructure
- Apple Inc — app distribution and analytics
7. Review
This policy is reviewed annually or when significant changes to our data practices occur.
8. Approval
Board of Directors
Vera Level Apps Inc
May 2026