Data Retention Schedule
Retention periods for user data, billing records, and operational datasets — enforced by automated jobs.
This schedule supplements Privacy Policy §11. Hot-tier market data is pruned on a daily cron; permanent archives preserve daily aggregates for product moat and backtesting.
| Data type | Hot retention | Archive / post-deletion | Legal basis | Deletion method |
|---|---|---|---|---|
| Account profile (email, preferences) | Active account lifetime | Deleted within 30 days of account deletion | Contract; legitimate interest | Hard delete + backup rotation |
| Trade journal & notes | Active account lifetime | Deleted with account unless export requested | Contract | User-initiated delete or account deletion |
| Portfolio value history (sync snapshots) | Active account lifetime — append-only | Deleted with account (GDPR erasure) | Contract; legitimate interest (product analytics) | Account deletion cascade — never purged by automated retention jobs |
| Trade context snapshots & trader edge profiles | Active account lifetime — append-only / recomputable | Deleted with account (GDPR erasure) | Contract; legitimate interest (personalized analytics) | Account deletion cascade — never purged by automated retention jobs |
| Weekly alpha digests | Active account lifetime | Deleted with account (GDPR erasure) | Contract; user opt-in (weekly review) | Account deletion cascade |
| Exchange API keys (encrypted) | Until user revokes | Deleted on revoke or account deletion | Contract | Cryptographic erase from database |
| Billing & invoices | 7 years (tax) | Per payment processor policy | Legal obligation | Processor dashboard + metadata purge |
| 5m / 15m candles (hot) | 90 / 180 days | Daily OHLCV in long-term aggregates | Legitimate interest (product) | Automated cron batch delete |
| Raw liquidation events | 7 days | Rollups retained in aggregates | Legitimate interest | Automated cron delete |
| Pipeline snapshots (market data) | 3–30 days by dataset | Daily archive for historical analytics | Legitimate interest | Cron delete after archive pass |
| Market ticker cache | 24 hours | N/A | Legitimate interest | Automated cron delete |
| Workbench query history & alert evals | 90 days | N/A | Legitimate interest | Automated cron delete |
| Error monitoring events | 90 days (default) | N/A | Legitimate interest (security) | Provider retention settings |
| Product & marketing analytics | 14–26 months (provider default) | N/A | Consent (marketing) / legitimate interest (product) | Provider retention + consent withdrawal |
| Digital content consent records | Life of subscription + 7 years | Checkout session metadata | Legal obligation (EEA waiver evidence) | Billing metadata retention policy |
Your controls
- Export: Dashboard → Settings → Export (GDPR portability)
- Delete account: Dashboard → Settings → Delete Account
- Privacy requests: privacy@thrive.fi — we respond within applicable legal timeframes (typically 30 days for GDPR)
Backup retention
Point-in-time database recovery retains encrypted backups per infrastructure settings. Deleted account data may persist in backups until rotation (typically 7–30 days). We do not restore deleted user records except for disaster recovery of the live database.