1. Purpose
The purpose of this Data Retention and Disposal Policy is to define how Bloom Industries retains, manages, and securely disposes of data in accordance with business needs, legal requirements, and platform obligations.
This policy is designed to protect the confidentiality and integrity of personal, financial, and operational data throughout its lifecycle.
2. Scope
This policy applies to:
- All customer and user data
- Financial and transactional data
- Application data and logs
- Third-party data accessed or processed on behalf of users
- All systems, environments, and service providers used by Bloom Industries
3. Data Retention Principles
Bloom Industries follows these guiding principles:
- Data is retained only as long as necessary to provide services
- Retention aligns with legal, contractual, and operational requirements
- Access to retained data is limited to authorized personnel
- Data retention practices are periodically reviewed
4. Categories of Data & Retention Practices
4.1 Account & User Data
Includes: User identifiers, contact information, account preferences
Retention:
- Retained for the duration of the active account
- Deleted or anonymized upon verified account deletion request, subject to legal obligations
4.2 Financial & Subscription Data
Includes: Subscription status, transaction metadata, payment confirmation records
Retention:
- Retained as required for accounting, dispute resolution, and compliance
- Payment credentials are handled by third-party processors and are not stored by Bloom Industries
4.3 Financial Account Data (Plaid)
Includes: Account balances, transaction data, account metadata retrieved via Plaid
Retention:
- Retained only while an active connection exists and data is required to provide requested services
- Access tokens are revoked and data access terminated when a user disconnects their financial account
Bloom Industries does not store consumer banking credentials.
4.4 AI-Processed Data
Includes: User-submitted inputs processed by AI services
Retention:
- Retained only as necessary to provide application functionality and improve service performance
- AI providers process data according to their own retention policies and contractual obligations
4.5 Logs & System Data
Includes: Application logs, error logs, security-related event logs
Retention:
- Retained for operational monitoring, troubleshooting, and security purposes
- Logs are periodically reviewed and purged in accordance with system capabilities
5. Data Disposal & Deletion
Bloom Industries disposes of data securely when it is no longer required.
Disposal methods may include:
- Secure deletion via infrastructure providers
- Logical deletion or anonymization
- Revocation of access tokens and credentials
Data disposal is performed in a manner designed to prevent unauthorized recovery.
6. Account Deletion Requests
Users may request account deletion directly from within the application or through support channels.
Upon verified deletion:
- Account data is deleted or anonymized
- Active integrations are disconnected
- Residual data is retained only as required by law or legitimate business obligations
7. Third-Party Data Handling
Bloom Industries relies on reputable third-party service providers for infrastructure and integrations.
Third-party providers are required to:
- Maintain reasonable data protection practices
- Dispose of data in accordance with contractual and regulatory requirements
8. Legal & Regulatory Obligations
Certain data may be retained longer if required to:
- Comply with legal obligations
- Resolve disputes
- Enforce agreements
- Meet regulatory or audit requirements
When retention is legally required, access is restricted to authorized personnel only.
9. Policy Review
This policy is reviewed at least annually and updated as needed to reflect changes in:
- Business operations
- Legal or regulatory requirements
- Platform or vendor obligations
10. Contact
Questions regarding data retention or disposal may be directed to:
Bloom Industries
Email: privacy@bloomindustries.com