AJERISDocs

Data Retention Policy

What Ajeris keeps, how long, and how it deletes. Retention windows, automatic cleanup, user-initiated deletion.

Ajeris Data Retention Policy

Effective Date: October 14, 2025 Document Owner: Sarah Mitchell, Founder Contact: hi@ajeris.com Company: Ajeris (ajeris.com)

1. Purpose

This policy defines how long Ajeris retains consumer data, under what conditions it is deleted, and how users can exercise their deletion rights. It applies to all personal data processed by the Ajeris platform, including financial data obtained through Plaid, credit report data, conversation history, and user identity information.

2. Active Account Data

The following data is retained for the duration of an active user account:

Financial Accounts and Transactions

Account metadata and transaction history synced from Plaid are retained indefinitely while the account is active. Transaction history is required for long-term spending analysis, debt tracking, and financial trend identification. No automatic purge occurs while the account remains open.

Credit Report Data

Credit report data pulled with user consent is retained to enable score monitoring and comparison over time. Each pull is stored as a discrete record alongside a timestamp and the user's consent event. Retained until account deletion.

Conversation History

All messages between the user and their agent are stored to provide conversational continuity. The agent relies on conversation history to understand context and avoid asking users to repeat themselves. Retained until the user requests deletion or deletes their account.

Core Memories

Structured memory records (user preferences, goals, facts the agent has been told to remember) are retained until the user explicitly deletes them or deletes their account. Users can delete individual memories on demand.

Usage Data

Per-user API call logs, feature usage metrics, and error logs are retained for 7 days in raw form, then consolidated into summary records. Consolidated summaries are retained for the life of the account.

3. Retention After Account Deletion

When a user deletes their account, all user-scoped data is deleted immediately via database cascade. No grace period. No archiving.

What Gets Deleted

  • All financial account records and transaction history
  • All credit report data
  • All conversation history
  • All core memories
  • All usage records scoped to the user
  • All OAuth tokens and Plaid access tokens

Plaid Access Tokens

Plaid access tokens are actively revoked via the Plaid API (/item/remove) at the moment of account disconnection, before the database record is deleted. This prevents any future data pulls using the revoked token.

Backups

Ajeris relies on Railway (the hosting provider) for managed database backups. Deleted records will persist in Railway's backups until those backups expire per Railway's own retention schedule. Ajeris does not control Railway's backup retention period, and we do not restore deleted user data from backups except in cases of system error affecting the user's own account (and only with the user's explicit request).

4. Automatic Cleanup

The following data categories are subject to automatic expiration independent of account deletion:

Payment Proposals

Financial proposals generated by the agent (e.g., draft payment plans, scheduled transfers) that have not been acted on are automatically cancelled and removed after 24 hours. This prevents stale proposals from being executed.

Daily Activity Logs

Raw daily agent activity logs are retained for 7 days to support consolidation into summary records. After 7 days, the raw logs are deleted and replaced with a consolidated daily summary.

Expired OAuth Tokens

OAuth tokens that fail to refresh and cannot be used to authenticate with the third-party service are marked as invalid. Invalid tokens are purged during routine cleanup cycles.

5. User-Initiated Deletion

Users can initiate data deletion at any time by sending commands to their agent via SMS:

"Disconnect my accounts"

Triggers:

  1. Revocation of all Plaid access tokens via the Plaid API
  2. Deletion of all linked financial account records from the database
  3. Deletion of all associated transaction history
  4. Agent confirms disconnection via SMS

Credit report data, conversation history, and core memories are not deleted by this command, only the Plaid-sourced financial data.

"Delete everything"

Triggers a full cascade delete of the user row from the database. Because all user-scoped models use onDelete: Cascade, deleting the User record automatically deletes:

  • All financial accounts and transactions
  • All credit report records
  • All conversation messages
  • All core memories
  • All usage records
  • All OAuth tokens and access tokens

The user receives a confirmation SMS before deletion is finalized.

"Forget [specific memory]"

Deletes a single core memory record by name or description. The agent identifies the matching memory and removes it. The user can confirm what was deleted by asking the agent to list their memories.

6. Technical Implementation

All user-scoped data models in the Ajeris database are defined with onDelete: Cascade referential actions. This means that deleting the parent User record triggers automatic deletion of all child records across all tables, no orphaned records, no manual cleanup required.

Plaid token revocation is performed as an API call to Plaid before the database record is deleted, ensuring external access is terminated even if the database operation subsequently fails (in which case the delete operation is retried).

7. Compliance

FCRA (Fair Credit Reporting Act)

Credit data is accessed only with documented consumer consent (permissible purpose under FCRA § 604(a)(2)). Records of consent events (timestamp, user ID, purpose) are retained for a minimum of 5 years even after account deletion to support regulatory compliance and dispute resolution.

CCPA (California Consumer Privacy Act)

California residents have the right to request deletion of their personal information. Ajeris honors these requests immediately via the "Delete everything" command or by written request to hi@ajeris.com. We do not sell personal information, and therefore opt-out provisions for data sales do not apply.

COPPA

Ajeris does not knowingly collect data from users under 13. Accounts identified as belonging to minors are deleted immediately upon discovery.

8. Policy Review

This policy is reviewed annually and upon any significant change to data architecture, third-party data providers, or applicable regulations.

Next scheduled review: October 2026

Questions or deletion requests: hi@ajeris.com

Ajeris, ajeris.com, © 2025 Ajeris. All rights reserved.