OpenHand

Legal

Data Retention and Disposal Policy

Last updated May 31, 2026

Questions? privacy@openhand.help

This Data Retention and Disposal Policy describes how OpenHand ("we," "us," or "our") retains and deletes personal information collected through the OpenHand mobile application and related services. It supplements our Privacy Policy.

We retain personal information only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

1. Scope

This policy applies to personal information we process in connection with the OpenHand app, our API, and our production data stores.

In scope:

  • Profile and budgeting data you create in the app
  • Financial data linked through Plaid, including access credentials stored on our servers
  • Authentication identifiers associated with your account
  • Application and API logs used for operations and security

Out of scope:

  • Public reference data such as assistance programs, food resources, and peer benchmarks, which are not personal information and are retained until administratively updated
  • Data processed solely within Plaid's or our authentication provider's systems during sign-in or account-linking flows, which is governed by those providers' retention terms

2. Retention periods

We retain different categories of data for the periods below. These periods apply while the relevant account, link, or subscription remains active unless you request earlier deletion as described in Section 3.

Data categoryRetention periodPurpose
Account and profileWhile your account is activeProviding the Service
Budgeting data (bills, envelopes, manual transactions, pay schedules)While your account is activeStoring your planning data
Plaid access credentialsWhile a bank link is activeMaintaining account sync
Plaid-sourced accounts and transactionsWhile the institution link is active; rolling sync window of 90 daysSafe to Spend calculations and duplicate detection
Entitlements (such as bank linking access)While your subscription is valid, plus a reasonable grace periodBilling and access control
Application and API logs7 to 30 daysOperations, troubleshooting, and security
Backup remnants after deletionUp to 30 days in provider backups, then purgedProvider backup cycles
Legal or dispute holdAs required by applicable lawLegal compliance

When you delete a linked institution or close your account, we remove application records as described in Section 3 without waiting for the full retention period above.

3. How we delete your data

3.1 Unlinking a financial institution

When you remove a linked bank or credit institution in the app (or request removal through support), we:

  1. Verify that the institution belongs to your account.
  2. Revoke OpenHand's access at Plaid and with your financial institution.
  3. Delete the institution record from our database.
  4. Automatically delete linked accounts, transactions, and related budgeting

records associated with that institution.

Financial credentials are processed only on our servers and are never returned to the app client.

3.2 Deleting individual budgeting records

You may delete individual records in the app where the feature allows it—for example, obligations, envelopes, or manual transactions. Deletion takes effect promptly in our database for that record.

3.3 Closing your account

To request full account deletion, email privacy@openhand.help. Within thirty (30) days, we will:

  1. Revoke access for all linked Plaid institutions.
  2. Delete profile-linked data in our database, including institutions, accounts,

transactions, envelopes, obligations, household information, and pay schedules.

  1. Delete your authentication record with our identity provider.
  2. Confirm completion to you by email.

3.4 Logs and credentials

Application logs are configured not to contain Plaid access tokens or full financial payloads. Log retention follows our hosting provider's defaults. API and integration secrets are rotated and revoked through vendor dashboards when offboarding systems or responding to a security incident.

Deleted data may persist in encrypted provider backups for up to thirty (30) days before being purged as part of normal backup rotation. We may retain or preserve information when required by law, regulation, legal process, or an active dispute, which suspends routine deletion for the affected data.

5. Policy review

We review this policy at least annually and update it when our data practices change materially. The "Last updated" date at the top of this page reflects the most recent revision.

6. Regulatory notice

OpenHand serves consumers in the United States and connects to financial accounts through Plaid. We provide notice and choice through our Privacy Policy, honor deletion requests within the timeframes described above, and do not sell personal information. Where applicable to consumer financial data obtained through Plaid, we limit access, encrypt data in transit and at rest, and dispose of data according to this policy.

7. Contact us

For questions about data retention or deletion, contact:

Email: privacy@openhand.help