← Oktra · Privacy Policy · Service Disclaimer

Oktra Data Retention and Disposal Policy

Version 1.0 · Effective 2026-07-06 · Reviewed annually · Contact: privacy@oktra.ai

1. Principle

Oktra retains personal and financial data only as long as it is needed to provide the service or to meet a legal obligation, and disposes of it by defined, verifiable means. The customer's accounting platform remains the system of record; Oktra can re-derive its working state, so retention here is deliberately short.

2. Data classes and retention periods

Data classWhere heldRetainedDisposal trigger
Connection credentials (OAuth tokens, API keys)Per-connection encrypted vaultWhile the connection is activeDisconnection or offboarding: token revoked at the provider AND the connection's vault purged, in that order
Financial data retrieved via connected providers (transactions, balances, account metadata)Production databaseWhile the customer account is activeErased within 30 days of customer offboarding or verified erasure request
Connection directory and metadata (tenant-connection binding, company names, external identifiers)Production databaseWhile the customer account is activeErased with the customer account (same window as above)
Customer account data (users, settings)Production databaseWhile the customer account is activeErased on offboarding, subject to §3 legal holds
Audit records of writes to customer financial systemsAppend-only audit store7 years (statutory financial-records window, §3)Aged out on schedule; retained independently of customer offboarding
Security/operational logs (vault access, sign-in, service logs)Platform log storesPer platform diagnostic retention settings, reviewed annuallyAged out automatically; contain no secrets by design
BackupsPlatform backup schedules; image backups (on-premises)Backup retention window onlyDeleted data ages out of backups with the backup cycle; backups are not a retrieval path for erased customer data

3. Legal holds and obligations

Where a statutory obligation requires retention beyond the table above, the specific records are retained for the statutory period and erased when it lapses. The 7-year audit-record window is anchored on financial-records obligations in both operating regions (EU bookkeeping-retention law and US tax record-keeping guidance). A legal hold suspends disposal for affected records only and is recorded with its lifting condition.

4. Disposal methods

5. Data subject and consumer requests (all jurisdictions)

One process for everyone: verified erasure requests are honored within the 30-day window of §2 regardless of the requester's residency - account data, financial data, metadata, and connection secrets are disposed of per §4, and completion is recorded. Audit records and legally-held records are excluded per §3 and the requester is informed of the exclusion and its basis.

Jurisdictional mapping (the same process satisfies each regime):

6. Enforcement and review