Back to Privacy Policy

Cherry AI — Data Retention & Disposal Policy

Effective Date:May 10, 2026
Last Updated:May 10, 2026
Owner:Happy Finances For All, LLC
Contact:legal@trycherry.ai

1. Purpose

This policy defines how long Cherry AI retains personal and operational data, when that data is deleted, and how secure disposal is performed. It ensures we collect data only for as long as it is needed, and that deletion is verifiable, complete, and timely.

This policy is a companion to our Privacy Policy. Where the Privacy Policy describes what data we collect and why, this policy describes how long we keep it and how we destroy it.

2. Scope

This policy applies to all personal and operational data Cherry AI collects, processes, and stores, including:

  • Waiting list data — name, email, company, phone collected through the trycherry.ai waiting list form.
  • Website technical data — IP address, browser, device information, and session logs.
  • Account data (post-launch) — login credentials, customer records, and subscription information.
  • Operational data (post-launch) — fiscal documents, transaction records, payroll data, and other materials processed on behalf of customers.
  • Backups and archives — encrypted snapshots of any of the above stored for disaster recovery.

The policy applies to data held by Happy Finances For All, LLC and to data processed on our behalf by Disruptive Learning, S.A.P.I. de C.V. (Mexico) and our infrastructure providers.

3. Retention Schedule

Each data category has a defined maximum retention period after which data is disposed of. Periods may be extended only when a legal hold or active investigation requires it (see Section 9).

Data CategoryRetention PeriodReason
Waiting list (name, email, company, phone)Until product launch + 12 months, or earlier upon deletion requestEarly access management and launch communications
Marketing email logs (opens, clicks)24 monthsDeliverability and engagement metrics
Website technical logs (IP, user agent, sessions)90 daysSecurity, troubleshooting, fraud prevention
Customer account data (post-launch)Duration of subscription + 30 days after terminationService delivery and account closure window
Operational fiscal records on behalf of customers (post-launch)As required by applicable tax law (typically 5–10 years for IRS / SAT compliance)Statutory record-keeping obligations
Audit logs (system access, deletion events, config changes)7 yearsCompliance, breach forensics, evidence of disposal
Encrypted backupsRolling 35-day windowDisaster recovery; deleted on cascade after primary deletion
Financial records of Cherry AI itself (invoices, contracts, tax filings)7 yearsStatutory accounting and tax-audit obligations

4. Disposal Triggers

Data is queued for disposal when any of the following occurs:

  • Retention period elapses — automated job flags eligible records nightly.
  • Data subject request — verified deletion, cancellation, or right-to-erasure request received via legal@trycherry.ai.
  • Account closure — customer cancels subscription. Account data enters the 30-day closure window before disposal.
  • Withdrawal of consent — for data we hold solely on the basis of consent (e.g., marketing communications).
  • Purpose limitation — when the purpose for which the data was collected is fulfilled and no other legal basis applies.
  • Discovery of unlawful collection — data collected without a valid legal basis is deleted immediately upon discovery.

Disposal is held only when an explicit legal hold has been issued (see Section 9). All other disposals proceed on schedule.

5. Secure Deletion Procedures

Once a record is queued for disposal, the following standards apply by storage medium:

5.1 Active database records

Hard-deleted from the primary database (PostgreSQL on Railway). Where soft-delete flags are temporarily used during the 30-day closure window, records are then physically removed via DELETE and the storage reclaimed by the next vacuum cycle.

5.2 Encrypted file storage

Files in object storage (Google Cloud Storage) are deleted via the storage API, with versioning disabled for personal data buckets. Generation-level deletes are confirmed before the audit log entry is written.

5.3 Encrypted backups

Backups are encrypted at rest with AES-256 keys managed by our cloud provider. We do not selectively delete records from existing backup snapshots. Instead, we apply crypto-shredding at the end of the rolling 35-day backup window: the encryption keys protecting expired snapshots are destroyed, rendering the encrypted contents permanently unreadable. Data deleted from the primary database therefore disappears from all backups within 35 days.

5.4 Logs and analytics

Application logs and analytics events containing personal identifiers age out via automated retention rules in our log platform. Aggregate, non-identifiable analytics may be retained longer.

5.5 Email service provider

Email addresses are removed from the email service provider via API at the same time as the primary database deletion. Suppression entries (to prevent re-sending to deleted contacts) may be retained as a hash for compliance, but no plaintext personal data is preserved.

5.6 Physical media

Cherry AI does not maintain on-premises servers or removable media containing personal data. If physical media is ever introduced, it will be destroyed by certified media destruction (NIST 800-88 Purge or Destroy) at end of life.

6. Backup Retention & Cascade Deletion

Backups exist exclusively for disaster recovery. Their retention is independent of the retention schedule in Section 3, but they are bounded by:

  • Maximum age: 35 days. Snapshots older than 35 days have their encryption keys destroyed (crypto-shredding).
  • Cascade rule: a record deleted from the primary database on day N will no longer be recoverable from any backup after day N + 35 at the latest.
  • Restore restrictions: backups are never used to restore a record that was the subject of a verified deletion request, except as required by a legal hold (Section 9).
  • Access: backup access is limited to the on-call engineer during a confirmed incident, logged, and reviewed.

7. Restoration Window for Accidental Deletes

If you (the data subject or our customer) accidentally delete data and want it restored, contact legal@trycherry.ai as quickly as possible.

  • 0–30 days after deletion: restoration is generally possible from the most recent backup snapshot.
  • 30–35 days after deletion: restoration may be possible at our discretion, subject to backup snapshot availability.
  • After 35 days: data is unrecoverable. Cherry AI cannot restore it under any circumstances. This is by design, as part of the cryptographic disposal.

Restoration of data that was previously the subject of a verified deletion request is not permitted, even within the 35-day window.

8. Audit Trail

Every disposal event generates an audit-log entry that records:

  • The trigger (retention expiry, deletion request, account closure, withdrawal of consent, etc.).
  • The data category disposed of (no personal data is repeated in the log itself).
  • The timestamp and the system or operator that executed the disposal.
  • Confirmation that all storage tiers (primary database, file storage, email service provider, search index, etc.) were updated.
  • Backup-cascade completion timestamp once crypto-shredding occurs.

Audit logs are retained for 7 years (see Section 3) and are available to data subjects upon written request, subject to redaction of unrelated entries.

9. Legal Holds & Exceptions

In limited circumstances, scheduled disposal is paused:

  • Legal hold — data subject to active litigation, regulatory inquiry, or government investigation is preserved until the hold is lifted in writing.
  • Statutory minimums — where a law (tax, AML, employment) imposes a minimum retention period that exceeds our default schedule, the longer period applies.
  • Security incident response — data relevant to an active security investigation may be preserved until the investigation closes.

Holds are documented in writing, scoped narrowly to the data needed, and reviewed at least quarterly. Once the hold is released, the affected data re-enters the regular disposal schedule.

10. Roles & Responsibilities

Policy OwnerSantiago Carrancá, CEO — Happy Finances For All, LLC
Operational OwnerMariana Hernández, COO — operational compliance and disposal execution
Engineering OwnerCherry AI engineering — automation of retention timers, cascade deletions, audit logging
Data Subject Requestslegal@trycherry.ai — verified, executed within the timelines stated in the Privacy Policy

11. Review & Update Cadence

This policy is reviewed at least annually, and whenever any of the following occurs:

  • A new data category is collected (e.g., when Cherry AI launches paid products and begins processing customer financial data).
  • A material change to our infrastructure, sub-processors, or security architecture.
  • A change in applicable law (e.g., new state privacy laws in the U.S., LFPDPPP amendments in Mexico, EU ViDA implementation).
  • A material data breach that surfaces a gap in retention or disposal practice.

Changes that materially expand retention or weaken disposal will be communicated to data subjects at least 30 days before they take effect, consistent with our Privacy Policy.

12. Contact

Emaillegal@trycherry.ai
PostalHappy Finances For All, LLC
651 N Broad Street, Suite 201
Middletown, DE 19709, USA
c/o Legalinc Corporate Services, Inc.
Privacy Policytrycherry.ai/privacy

This Data Retention & Disposal Policy is the binding English-language version. A Spanish-language translation will be made available for convenience. In case of conflict, the English version prevails.

Cherry AIYour AI accountant.