Data Retention Policy
Effective date: June 25, 2025
This policy describes how long Finent keeps the different categories of data it holds, and how you can request earlier deletion.
1 Principles
We retain data for the minimum period necessary to:
- Provide the Finent service to you
- Diagnose and fix technical issues
- Meet any applicable legal obligations
Data that is no longer needed is deleted or anonymised. We do not archive personal data beyond the periods set out below.
2 Retention Schedule
| Data category | Retention period | Trigger for deletion |
|---|---|---|
| Account credentials Email address, password hash, 2FA settings | While account is active | Account deletion request |
| Financial records Incomes, expenses, utilities, savings goals, budget groups, snapshots | While account is active | Account deletion request |
| Email confirmation & password-reset tokens | Until used or expired (typically 24 hours) | Automatic expiry |
| Application logs Error and diagnostic entries (no financial amounts are logged) | 7 days (rolling) | Automatic rolling deletion |
| Rate-limit counters In-memory IP-based request counters | 1 minute window (in memory only) | Automatic — not persisted to disk |
| Session / authentication cookies | 14 days (sliding expiry) | Sign out, expiry, or account deletion |
| Cookie consent preference | 1 year | Browser cookie cleared by user |
3 Account Deletion
When you delete your account, all of the following are permanently removed from our database:
- Your email address and password hash
- All income, expense, utility, savings goal, budget group, and snapshot records associated with your account
- Your bill-reminder preferences
- Any active login sessions
4 Application Logs
Finent writes rolling log files for error diagnostics. Log files are retained for 7 days and then deleted automatically.
Log entries may contain:
- Timestamps and error messages
- The user identifier (not the email address) when an error occurs during an authenticated request
- HTTP status codes and request paths
Log entries do not contain passwords, financial amounts, or other sensitive personal data.
5 No Third-Party Backups or Archives
Finent does not maintain off-site backups of user data in a third-party archive. When data is deleted from the primary database, there is no secondary copy to retrieve it from.
If the application is hosted on a cloud platform, the platform's own backup policies may apply to the underlying infrastructure. Those backups are typically overwritten on short rotation cycles and are not accessible for individual data-restoration requests.
6 Changes to This Policy
We may update this Data Retention Policy from time to time. The effective date at the top of this page will reflect when the policy was last revised. Continued use of Finent after changes are posted constitutes acceptance of the updated policy.