This Data Retention Policy describes how BSF LLC ("we," "our," or "us") retains, manages, and deletes personal information and other data collected through the ReNood application and related services (the "Service"). This Policy forms part of the agreement between you and BSF LLC alongside our Privacy Policy and Terms and Conditions.
This Policy applies to all data collected from users of the Service, including Champions, Tribe Members, and visitors to our website.
2. Retention Schedule
The following summarizes the retention period for each category of data:
- Account information (name, email, phone): Account lifetime + 30 days after deletion
- Profile information and preferences: Account lifetime + 30 days after deletion
- Extracted subscription data: Account lifetime, deleted upon permanent account deletion
- Payment records (billing history): 7 years from transaction date (required by law; retained even after account deletion)
- Last four digits of card and expiration date: Account lifetime + 30 days after deletion
- Raw uploaded credit card statements (planned feature): Deleted within 48 hours of processing
- Email content processed via inbox scanning: Not retained; processed in real time only
- Log files: 90 days from creation (auto-deleted on rolling cycle)
- Support communications: 2 years from last communication
- Device and usage data: 2 years from collection (anonymized after 2 years)
- Approximate location data: 90 days from collection
- Anonymized and aggregated data: Indefinite (not personal data; not subject to deletion rights)
- Deactivated account data: 90 days from deactivation (reactivation available within this window)
3. Account Data
3.1 Active Accounts
We retain your account information, profile data, and extracted subscription data for as long as your account remains active. This includes your name, email address, phone number, account preferences, and subscription records.
3.2 Deactivated Accounts
If you choose to deactivate rather than permanently delete your account, your data and settings are preserved for 90 days. During this period you may reactivate your account by contacting support@bsfworks.com. After 90 days of inactivity following deactivation, your account and all associated personal data are permanently deleted.
3.3 Permanent Account Deletion
When you request permanent deletion of your account, we will complete the deletion of your personal data within 30 days of your request. You will receive email confirmation when deletion is complete. The following data is removed upon permanent deletion:
- Name, email address, and phone number
- Account preferences and settings
- Extracted subscription data and subscription history
- Last four digits of card and expiration date stored for display purposes
- Any other personal information you provided directly
Note: certain data is retained beyond account deletion as required by law or as described in this Policy. See Section 5 (Legal Retention Requirements) and Section 7 (Anonymized Data) below.
4. Specific Data Categories
4.1 Email Content
If you opt into email inbox scanning, the content of your emails is processed in real time solely to identify subscriptions and receipts. Raw email content is never stored on our systems. Only structured data extracted from that processing, such as subscription name, amount, and billing date, is retained as part of your subscription records for the account lifetime.
4.2 Uploaded Credit Card Statements (Planned Feature)
When the credit card statement upload feature becomes available, the following retention rules will apply:
- Raw uploaded statement files (PDF or image) will be permanently deleted from our systems within 48 hours of processing completion
- We extract only merchant name, transaction amount, and transaction date. We do not extract or store full card numbers, CVV codes, Social Security numbers, or complete account numbers
- Extracted subscription transaction data is retained as part of your subscription records for the account lifetime
4.3 Payment Records
Payment transaction records are retained for 7 years from the date of each transaction as required by applicable financial recordkeeping laws and regulations. This data is retained even after account deletion. Payment processing is handled by third-party payment processors; we store only the last four digits of your card and expiration date for display purposes.
4.4 Log Files
System log files including access logs, error logs, and security event logs are retained for 90 days on a rolling basis and are automatically deleted thereafter. Logs are used for security monitoring, fraud detection, and troubleshooting.
4.5 Support Communications
Email correspondence and chat session transcripts with our support team are retained for 2 years from the date of the last communication. Call recordings and chat recordings made for quality assurance, fraud detection, and complaint resolution purposes are also retained for 2 years from the date of the recording.
4.6 Device and Usage Data
Device information, usage data, and analytics collected automatically through your use of the Service are retained for 2 years from collection. After 2 years, this data is anonymized and may be retained in aggregated, non-identifiable form indefinitely for product development and analytics purposes.
4.7 Approximate Location Data
Approximate location data derived from your IP address for fraud detection and regulatory compliance purposes is retained for 90 days from collection and automatically deleted thereafter.
4.8 Tribe Records
When a Tribe member deletes their account, their personal identifying information is removed from Tribe records. However, historical split data and transaction records may remain visible to the Champion in anonymized or aggregated form as part of the Champion's account records. Deleting your account does not delete records from another user's account where your participation was recorded.
5. Legal Retention Requirements
Certain data must be retained regardless of account deletion or user request in order to comply with applicable law. This includes:
- Payment and billing records: retained for 7 years as required by financial recordkeeping laws
- Data subject to a legal hold, active litigation, investigation, or regulatory inquiry: retained for the duration of that matter
- Any other data whose retention is required by applicable federal, state, or local law
In cases where legal retention requirements apply, we will retain the minimum data required and delete it as soon as the legal obligation is satisfied.
6. Third-Party AI Processors
Your data including email content, uploaded documents, and subscription information may be processed by third-party artificial intelligence services including Anthropic (Claude AI), OpenAI, and Google AI. Under the terms of our API agreements with these providers, data submitted through our integrations is not retained by these providers beyond the immediate processing task and is not used to train their models.
7. Anonymized and Aggregated Data
BSF LLC collects, processes, and retains anonymized and aggregated subscription intelligence data derived from user activity on the Service. This data is stripped of all personally identifying information before retention using an irreversible anonymization process and cannot reasonably be used to identify any individual user.
Because this data does not constitute personal information under applicable privacy laws including CCPA, it is not subject to the same deletion rights as personal data. Anonymized intelligence data may be retained indefinitely and is not deleted upon a user's request to delete their personal account. This practice is disclosed in full in Section 6 of our Privacy Policy.
8. Secure Deletion
When data reaches the end of its retention period, we delete it using secure deletion methods appropriate to the storage medium. Data stored in encrypted databases is deleted by removing the associated records and purging from backups on the applicable backup rotation cycle.
Note that data present in backup systems at the time of a deletion request may persist in those backups until the backup is overwritten on its normal rotation cycle. We do not make special efforts to purge data from live backup systems ahead of schedule, but backup access is restricted and secured.
9. Policy Review and Updates
BSF LLC reviews this Data Retention Policy at least annually and whenever there are material changes to our data practices or applicable law. We will notify you of material changes to this Policy by email or by posting a notice in the Service. Your continued use of the Service after the effective date of any updated Policy constitutes acceptance of the updated terms.
10. Your Rights Regarding Your Data
Subject to legal retention requirements described in Section 5, you have the following rights with respect to your personal data:
- Access: request a copy of all personal information we hold about you
- Correction: request correction of inaccurate personal information
- Deletion: request deletion of your personal information; we will comply within 30 days subject to legal retention requirements
- Portability: request your data in a portable format
To exercise any of these rights, contact us at support@bsfworks.com. We will respond within 30 days. For California residents and residents of other states with comprehensive privacy laws, additional rights may apply; see Sections 12 and 13 of our Privacy Policy.
11. Contact Us
For questions about this Data Retention Policy or our data practices:
- Email: support@bsfworks.com
- Address: 30 N Gould St, Ste R, Sheridan, WY 82801, USA