Secure Storage

GDPR Compliant

Clear Timelines

Data Retention Policy

Transparency in how we store, manage, and protect your information

Last Updated: October 2025

1. Purpose

Ovr Finance retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, contractual, and legitimate business requirements.

Retention practices comply with:

GDPR Article 5(1)(e) (storage limitation)
California Consumer Privacy Act / CPRA §1798.105 (right to deletion)
FTC Safeguards Rule (secure data disposal)

2. Types of Data We Collect and Retain

Depending on how you use Ovr Finance, we may temporarily store the following categories:

Account Information

Name, email address, and login credentials

Financial Data

Linked account identifiers and transaction summaries (via Plaid)

Technical Data

Device type, IP address, browser, and usage metrics

Support Communications

Messages, feedback, and attachments you send to our team

3. Retention Periods

Account & Profile Data

Account continuity, fraud prevention, audit logs

Active + 12 months

Financial Transaction Data

Performance analysis and compliance with financial record-keeping laws

Up to 24 months

Support & Communications

Customer service documentation and legal reference

12 months

Usage & Analytics Data

Product optimization and security monitoring (anonymized after 90 days)

18 months

System Backups / Logs

Security forensics and business continuity (encrypted)

90 days (max)

4. Data Deletion

You may request permanent deletion of your data at any time by emailing support@ovrfinance.io or using the in-app Delete My Account function.

Upon confirmation:

All account data is erased within 30 days

Encrypted backups and system logs are purged within 90 days

A confirmation email is sent when deletion is complete

5. Legal Compliance and Exceptions

Certain records may be retained longer when required by:

Tax or financial regulations (IRS 26 U.S.C. §6001)
Fraud investigations or litigation holds
Law enforcement requests or court orders

In such cases, data is isolated and retained only for the minimum period necessary.

6. Third-Party Storage and Processing

Ovr Finance uses trusted third-party processors including Plaid, Stripe, Apple, Google, and Firebase. Each maintains its own retention schedule and deletion mechanisms consistent with GDPR and CCPA.

Ovr Finance ensures through data-processing agreements that these partners:

Store data only for authorized purposes
Apply bank-level encryption
Delete data upon termination of services or user request

7. Data Security and Review

Encryption

AES-256 / TLS 1.3

In transit and at rest

Access Control

Authorized Only

Logged for audit

Retention Audits

Quarterly

Policy alignment checks

We conduct quarterly retention audits to ensure records are deleted on schedule and policies stay aligned with current law.

8. Policy Updates

We may revise this Data Retention Policy to reflect legal changes or new features. When we do, the "Last Updated" date will change and, if material, users will be notified via email or in-app alert.

9. Contact Us

For questions or requests regarding this policy or your data retention rights, contact:

support@ovrfinance.io

Company

JRM Creative Ventures LLC

111 Town Square Pl Ste 1238 PMB 877216

Jersey City, NJ 07310-1810