Data Retention Policy for GetProSpace, Inc.

Effective Date: March 13, 2025
Last Updated: March 13, 2025

GetProSpace, Inc. ("GetProSpace," "we," "us," or "our"), a Delaware corporation operating under the domain getprospace.com, is committed to responsibly managing the data entrusted to us by our users, including professionals, clients, and partners. This Data Retention Policy outlines how long we retain various types of data collected through our platform, the purposes for retention, and our procedures for secure data disposal. This policy ensures compliance with applicable laws, including the Consumer Financial Protection Bureau (CFPB) Section 1033 rule, and meets the requirements of our third-party partners, such as Plaid.

Scope

This policy applies to all data collected, processed, or stored by GetProSpace, including personal information, financial data, job records, contracts, billing information, accounting transactions, and photo galleries. It covers data from all users of our platform, whether professionals managing their businesses or clients interacting with those services.

Data Categories and Retention Periods

We retain data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, or support our business operations. The table below details the retention periods for each data category:

Data Category Description Retention Period Purpose
User Data Personal info (e.g., name, email, phone), authentication credentials, profiles (Pro/ClientUser) Active account + 7 years after account deletion Account management, customer support, tax/audit compliance
Client Data Client names, contacts, notes (with or without linked accounts) 3 years after last interaction Client relationship management, service continuity
Job Data Job details, status, dates, notes Duration of job + 7 years after completion Project tracking, historical records, tax/audit compliance
Contract Data Contract content, signatures, status Duration of contract + 7 years after termination Legal enforceability, dispute resolution, audit compliance
Billing Data Estimates, invoices, payment records 7 years after creation Tax compliance, financial reporting, dispute resolution
Accounting Data (Non-Plaid) Manual transactions, categories 7 years after creation Tax compliance, financial reporting, business analysis
Plaid-Related Financial Data Bank transactions, account details synced via Plaid 1 year from collection, subject to reauthorization Financial tracking, service functionality, CFPB Section 1033 compliance
Plaid Compliance Records Records of user authorizations for Plaid data 3 years after most recent authorization CFPB Section 1033 compliance, audit trail
Photo Gallery Data Photos, annotations, tags 2 years after last access or upon user request Documentation, client service, optional user retention

Notes on Retention Periods

  • Plaid-Related Financial Data: In accordance with the CFPB Section 1033 rule, finalized on October 22, 2024, financial data accessed via Plaid is retained for no longer than one year unless reauthorized by the user. After this period, the data is deleted or reauthorization is requested.
  • Compliance Records: Authorization records for Plaid data are retained for three years to comply with regulatory requirements under Section 1033.
  • Tax and Legal Compliance: A seven-year retention period for billing, accounting, job, and contract data aligns with U.S. Internal Revenue Service (IRS) guidelines and Delaware business record-keeping standards.
  • User-Initiated Deletion: Users may request earlier deletion of certain data (e.g., photo galleries) where not required by law, as outlined in our Privacy Policy.

Purposes of Data Retention

  • Service Delivery: To provide and enhance platform features, such as job management, billing, and accounting.
  • Legal Compliance: To meet obligations under U.S. federal and Delaware state laws, including tax regulations and financial data rights (e.g., CFPB Section 1033).
  • Security and Fraud Prevention: To detect and prevent unauthorized access or fraudulent activities.
  • Business Operations: To support customer service, analytics, and historical record-keeping.

Data Deletion and Disposal

When data reaches the end of its retention period or is no longer needed, we take the following steps:

  • Deletion: Data is securely deleted from our systems, including backups, using industry-standard methods to prevent recovery.
  • Anonymization: Where deletion is not feasible (e.g., for aggregated analytics), data is anonymized to remove personally identifiable information.
  • Secure Disposal: Physical records, if any, are shredded, and digital data is overwritten to ensure complete removal.

Security Measures

We protect retained data with robust security practices, including:

  • Encryption: Sensitive data (e.g., personal information, financial details) is encrypted at rest and in transit using strong cryptographic standards.
  • Access Controls: Access is restricted to authorized personnel on a need-to-know basis.
  • Daily Security Scans: Our servers, hosted on an IONOS VPS with Linux, NGINX, and Gunicorn, undergo 24-hour cron jobs running ClamV, Chkrootkit, and Rkhunter to detect and mitigate threats.
  • Two-Factor Authentication (2FA): We are implementing 2FA to enhance account security, expected to be available by March 15, 2025, further safeguarding user data.

Third-Party Data Sharing

Certain data, such as financial information synced via Plaid or payment details processed by Stripe, is shared with third parties to enable platform functionality. These partners adhere to their own retention policies, which we ensure align with our standards and legal requirements. For Plaid data, we enforce the one-year retention limit and three-year compliance record retention as outlined above.

User Rights

Users have the right to access, correct, or request deletion of their data, subject to legal retention requirements. Requests can be submitted via support@getprospace.com. For Plaid-related data, users may revoke access through their account settings, triggering deletion within the one-year limit unless reauthorized.

Policy Review and Updates

This Data Retention Policy is reviewed annually or upon significant changes to our services, legal requirements, or third-party obligations (e.g., updates from Plaid). Updates will be posted on getprospace.com with the “Last Updated” date revised accordingly. Users will be notified of material changes via email or platform announcements.

Governing Law

This policy is governed by the laws of the State of Delaware, where GetProSpace, Inc. is incorporated, and applicable U.S. federal laws.

Contact Us

For questions about this policy or to exercise your data rights, contact us at:
Email: support@getprospace.com
Registered Address: GetProSpace, Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, USA
Operational Address: Saint Louis, Michigan, USA