Data Deletion & Retention Policy

Application: WTD

The WTD application project is committed to the principle of data minimization. This policy outlines our standards for how long data is retained and the automated procedures for its eventual deletion to minimize the risk of data exposure.

1. Data Retention Overview

WTD retains user and financial data only for as long as it is strictly necessary to provide application features or to comply with operational requirements (such as disaster recovery).

Standard Retention Schedule:

Active Data: Retained for the duration of an active user account.
Post-Activation / Deletion: Upon account closure or data unlinking, data is marked for deletion and purged within 2 months.
Backup Data: Encrypted backups are maintained for a maximum of 2 months before being automatically overwritten or deleted.

2. Backup Lifecycle Management

Our backup systems are designed with an automated rotation policy. All system and database backups are stored in an encrypted state and follow a strict 60-day (2-month) lifecycle. Once a backup exceeds this age, it is permanently deleted by the automated backup management system to ensure that stale data does not persist in our infrastructure.

3. Automated Deletion Procedures

WTD utilizes automated scripts and database triggers to ensure that data does not exceed the retention limits defined in this policy. These procedures include:

Automated purging of transaction logs exceeding the 2-month threshold.
Immediate invalidation of session data upon user logout or account deactivation.
Final erasure of all user-associated records within 60 days of a formal deletion request.

4. Regulatory Overrides

While WTD strives to delete data as quickly as possible, we will retain specific information beyond the 2-month window if required by applicable statutory, regulatory, or legal obligations. In such cases, data will be isolated and retained only for the duration required by the specific law.

5. Formal Attestation

I attest that the WTD data environment adheres to the retention and deletion timelines described above. Automated system tasks are in place to ensure these windows are strictly enforced.