RoadFolio retains user data only for the duration of an active user account. Data is stored on Google Firebase Firestore infrastructure, which is SOC 2 Type II certified and handles encryption at rest and in transit.
Users may delete their account and all associated data at any time from within the RoadFolio application under Settings → Account → Delete Account.
Bank access tokens are stored server-side in Firebase Firestore and are never exposed to the client. When a user unlinks a bank account or deletes their account, the access token is immediately invalidated via the Plaid itemRemove API and the associated Firestore document is permanently deleted.
No user data is sold, licensed, or shared with third parties for marketing or any other purpose. Transaction data retrieved from Plaid is used solely to display information within the user's own RoadFolio account.
Data disposal at the infrastructure level is managed by Google Firebase, which follows industry-standard secure deletion practices in compliance with SOC 2 Type II requirements.
Isaac Farris, Owner, ITF Business