1. Purpose and Scope
This Data Retention Policy explains how long AlgoXL retains personal data and the criteria used to determine retention periods. This policy applies to all personal data we collect and process.
2. Data Retention Principles
We retain personal data based on these principles:
- Necessity: Data is retained only as long as necessary for specified purposes
- Proportionality: Retention periods are proportionate to the purpose
- Transparency: Clear retention periods communicated to users
- Security: Secure deletion when retention period expires
3. Retention Periods by Data Type
Account and Profile Data
| Data Type | Retention Period | Purpose |
|---|---|---|
| Email address, name | Until account deletion | Account identification and communication |
| Profile information | Until account deletion | Service personalization |
| Login history | 2 years | Security monitoring |
| Authentication tokens | 30 days or logout | Session management |
Financial and Subscription Data
| Data Type | Retention Period | Purpose |
|---|---|---|
| Subscription history | 7 years | Tax compliance, accounting |
| Payment information | 7 years | Financial records, disputes |
| Billing addresses | 7 years | Tax compliance |
| Refund records | 7 years | Financial audit, compliance |
Usage and Analytics Data
| Data Type | Retention Period | Purpose |
|---|---|---|
| Watchlists, portfolios | Until account deletion | Service provision |
| Alert preferences | Until account deletion | Service personalization |
| Usage analytics | 2 years | Service improvement |
| Feature usage logs | 1 year | Product development |
Communication Data
| Data Type | Retention Period | Purpose |
|---|---|---|
| Support tickets | 3 years | Customer service, training |
| Email communications | 2 years | Customer support, legal |
| Marketing preferences | Until unsubscribe | Marketing compliance |
| Newsletter subscriptions | Until unsubscribe | Communication preferences |
Technical and Security Data
| Data Type | Retention Period | Purpose |
|---|---|---|
| Server logs | 90 days | Security monitoring, debugging |
| IP addresses | 90 days | Security, fraud prevention |
| Security incident logs | 5 years | Security analysis, compliance |
| Cookies and session data | 30 days or logout | Session management |
4. Account Deletion Process
When you delete your account:
Immediate Deletion (Within 30 days)
- Profile information and preferences
- Watchlists and portfolio data
- Alert configurations
- Personal settings
Retained for Legal/Compliance Purposes
- Financial records (7 years)
- Support communications (3 years)
- Security incident records (5 years)
Anonymized Data
- Usage statistics (anonymized, no personal identifiers)
- Product improvement metrics (anonymized)
5. Data Deletion Procedures
Automated Deletion
- Automated processes run monthly to delete expired data
- Secure deletion using industry-standard methods
- Database records permanently removed
- Backup systems purged of expired data
Manual Deletion Requests
- Users can request early deletion via privacyxl@algoxl.com
- Verification required for security
- Processing within 30 days
- Confirmation provided upon completion
6. Legal and Regulatory Requirements
Financial Compliance
- SEC requirements for financial service providers
- Tax record retention requirements
- Anti-money laundering (AML) compliance
Data Protection Laws
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
- Other applicable state and federal privacy laws
7. Data Breach Response
In case of a data breach:
- Affected data will be identified and secured
- Extended retention may be necessary for investigation
- Regulatory notifications as required by law
- User notification if personal data affected
8. Third-Party Data
Data shared with third parties:
- Payment processors: Governed by their retention policies
- Google OAuth: Governed by Google's privacy policy
- Cloud providers: Data processing agreements in place
9. Your Rights
You have the right to:
- Access: Request information about data retention
- Deletion: Request early deletion of personal data
- Correction: Update retention preferences
- Portability: Export data before deletion
10. Contact Information
For data retention questions or requests:
- Email: privacyxl@algoxl.com
- Data Protection Officer: dpoxl@algoxl.com
- Address: [Your Business Address]
11. Policy Updates
This policy may be updated to reflect:
- Changes in legal requirements
- Business process improvements
- New service features
- User feedback and requests
Material changes will be communicated via email and prominent website notice.
Request Data Deletion
To request deletion of your personal data:
- Send email to privacyxl@algoxl.com
- Include your registered email address
- Specify what data you want deleted
- Verify your identity as requested
Response time: Within 30 days as required by law.