Data and Retention Policy

Effective Date: 8/6/2025
Last Updated: 8/6/2025
Version: 1.0

1. Overview

This Data and Retention Policy ("Policy") describes how EQUO ("we," "us," or "our") collects, uses, stores, and deletes personal and financial data. Given the sensitive nature of financial information, we are committed to protecting user privacy while providing personalized financial advisory services.

FINANCIAL DATA NOTICE: This policy specifically addresses the retention and deletion of sensitive financial information, including AI memory data used for personalization.

2. Data Collection

2.1 Financial Data

We collect financial information through secure integrations and user input:

Bank Account Data (via Plaid):

  • Account balances and transaction history
  • Account types (checking, savings, credit cards)
  • Institution information and account identifiers
  • Interest rates and fee structures

Investment Data (via Alpaca/Robinhood APIs):

  • Portfolio holdings and allocations
  • Investment performance and transaction history
  • Asset valuations and market data
  • Risk tolerance and investment preferences

Payment Data (via Stripe):

  • Subscription and payment information
  • Billing addresses and payment methods
  • Transaction records for our services

2.2 Personal Data

  • Account Information: Name, email address, contact information
  • Authentication Data: Encrypted credentials and security settings
  • User Preferences: App settings and communication preferences
  • Support Communications: History with our support team
  • Behavioral Data: App usage patterns and feature interactions
  • Educational Progress: Learning preferences and achievement data

2.3 AI Memory Data (mem0 Integration)

CRITICAL AI MEMORY DATA: Our AI system maintains sophisticated memory about your financial behavior and preferences.

  • User Preference Memory: Financial risk tolerance, investment preferences, spending patterns
  • Goal-Setting History: Achievement patterns and progress tracking
  • Recommendation Feedback: Accepted/rejected suggestions and reasoning
  • Contextual Memory: Conversation history with AI financial advisor
  • Behavioral Patterns: Financial decision-making trends and adaptive recommendations
  • Learning Insights: Personalized educational content and progress

3. Data Usage

3.1 Primary Purposes

  • Provide personalized financial advice and recommendations
  • Execute automated financial optimizations (with user consent)
  • Offer educational content tailored to user needs
  • Maintain AI memory system for improved personalization
  • Process payments and manage subscriptions

3.2 AI Enhancement

  • Train and improve our AI recommendation algorithms
  • Enhance memory-based personalization features
  • Develop predictive financial modeling
  • Create anonymized insights for product improvement

3.3 Legal and Compliance

  • Comply with financial regulations and reporting requirements
  • Respond to legal requests and investigations
  • Prevent fraud and maintain platform security
  • Conduct risk assessments and audit trails

4. Data Retention Periods

4.1 Financial Data

Active User Accounts:

  • Bank account data: Duration of account connection plus 30 days
  • Transaction history: 7 years (for tax and legal compliance)
  • Investment data: 7 years (for regulatory compliance)
  • Payment records: 7 years (for financial record-keeping)

Inactive User Accounts:

  • Account marked inactive after 12 months of no login
  • Financial data retained for 90 days after account deactivation
  • Critical records (taxes, major transactions) retained for 7 years

4.2 Personal Data

  • Profile data: Retained while account is active
  • Communication records: 3 years
  • Support interactions: 2 years
  • Authentication logs: 1 year
  • App usage analytics: 2 years
  • Feature interaction data: 1 year
  • Educational progress: Retained while account is active

4.3 AI Memory Data

User Memory (mem0):

  • Preference learning data: Retained while account is active plus 30 days
  • Conversation history: 2 years or until user deletion request
  • Recommendation feedback: 3 years (for algorithm improvement)
  • Behavioral patterns: 1 year (rolling window)

Anonymized Learning Data:

  • Aggregated user patterns: Indefinitely (cannot identify individuals)
  • Algorithm training data: 5 years
  • Product improvement insights: Indefinitely

5. Data Deletion Procedures

5.1 User-Initiated Deletion

Account Deletion:

  • Users can request complete account deletion through app settings
  • All personal and financial data deleted within 30 days
  • Critical legal records retained per regulatory requirements
  • AI memory data purged immediately upon request

Selective Data Deletion:

  • Users can delete specific memories or preferences
  • Individual conversation history can be cleared
  • Specific account connections can be removed
  • Educational progress can be reset

5.2 Automated Deletion

  • Inactive Account Cleanup: Accounts inactive for 24 months are automatically flagged
  • 90-Day Notice: Notice sent before automated deletion
  • Rolling Data Deletion: Transaction data older than 7 years automatically archived
  • Temporary Data: Sessions and caches cleared within 24 hours
  • AI Conversation Logs: Older than retention period auto-deleted

5.3 Legal Hold Exceptions

IMPORTANT: Some data may be preserved longer due to legal requirements:

  • Data subject to legal proceedings preserved until resolution
  • Regulatory investigations may extend retention periods
  • Fraud investigations may require extended data preservation
  • Court orders or subpoenas may override deletion requests

6. Data Security and Access

6.1 Security Measures

  • Bank-level encryption for all financial data transmission and storage
  • Multi-factor authentication for admin access
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance for data handling procedures

6.2 Third-Party Data Sharing

Service Providers:

  • Plaid: Bank account data (encrypted, limited scope)
  • Stripe: Payment processing data only
  • AWS: Encrypted data storage and processing
  • mem0: User memory data (encrypted, privacy-preserving)

WE NEVER SELL YOUR DATA: We do not sell user data to third parties, provide marketing data sharing without explicit consent, or share anything beyond aggregated, anonymized insights for research purposes.

7. User Rights and Controls

7.1 Data Access Rights

  • Users can download complete data export at any time
  • Access to AI memory data and conversation history
  • View all data sharing and processing activities
  • Request detailed data usage reports

7.2 Memory Management

AI Memory Controls:

  • Edit or delete specific AI memories
  • Adjust memory retention preferences
  • Control learning algorithm participation
  • Opt-out of behavioral analysis

7.3 Data Portability

  • Standard format data exports (JSON, CSV)
  • API access for data migration
  • Account transfer capabilities
  • Third-party integration support

8. Compliance and Regulations

8.1 Financial Regulations

  • Gramm-Leach-Bliley Act (GLBA): Financial privacy compliance
  • Payment Card Industry (PCI DSS): Secure payment processing
  • Bank Secrecy Act (BSA): Anti-money laundering compliance
  • Fair Credit Reporting Act (FCRA): Credit data handling

8.2 Privacy Regulations

  • California Consumer Privacy Act (CCPA): California resident rights
  • General Data Protection Regulation (GDPR): EU resident protection
  • Virginia Consumer Data Protection Act (VCDPA): Virginia compliance
  • State privacy laws: Compliance with applicable state regulations

8.3 Industry Standards

  • SOC 2 Type II: Security and availability controls
  • ISO 27001: Information security management
  • NIST Cybersecurity Framework: Risk management standards
  • Open Banking Standards: Secure financial data access

9. Data Breach Response

9.1 Incident Response Plan

  • Immediate containment and assessment procedures
  • User notification within 72 hours of discovery
  • Regulatory reporting per applicable requirements
  • Forensic investigation and remediation steps

9.2 User Protection Measures

  • Credit monitoring services for affected users
  • Enhanced authentication requirements post-breach
  • Detailed incident reports and resolution updates
  • Identity theft protection and support services

10. Contact Information

Data Protection Officer

Email: privacy@equo.com

User Rights Requests

  • Data Access: Submit request through app settings or email privacy@equo.com
  • Data Deletion: Use in-app deletion tools or contact support
  • Data Correction: Edit through user profile or contact support
  • Privacy Concerns: privacy@equo.com with detailed description

Regulatory Contact

  • CCPA Compliance: ccpa@equo.com
  • GDPR Compliance: gdpr@equo.com
  • General Privacy: privacy@equo.com
  • Security Incidents: security@equo.com

11. Acknowledgment

By using EQUO services, users acknowledge they have read, understood, and agree to this Data and Retention Policy. Users maintain the right to withdraw consent and delete their data at any time through the provided mechanisms.

This policy is incorporated by reference into our Terms of Service and Privacy Policy.

IMPORTANT DATA RETENTION NOTICE: This policy specifically addresses the retention and deletion of sensitive financial information and AI memory data. Understanding your data retention rights is crucial for financial privacy. If you have concerns about data retention practices, please contact our Data Protection Officer before using our services.

← Back to HomeView Privacy Policy