TradeJournalBack to app

Data Retention Policy

How long we keep each category of personal information, the legal basis for that period, and how we destroy data at the end. Compliant with POPIA sections 14 and 24.

Last updated: 17 April 2026Governing law: Republic of South Africa

1. Retention Principle

POPIA section 14 requires that personal information not be retained longer than is necessary for achieving the purpose for which it was collected, unless retention is required or authorised by law, the data subject has consented, or retention is necessary for a lawful purpose related to a contract or function.

2. Retention Schedule

Data categoryRetention periodLegal basisDestruction method
Account information (name, email, hashed password)Duration of account + 30 days after account deletionContract - POPIA s11(1)(b)Hard delete from Supabase; backups overwritten within 30 further days
Trade journal entries (trades, tags, notes, screenshots)Duration of account + 30 days after account deletionContract - POPIA s11(1)(b)Hard delete from Supabase on account deletion cascade
Trading account metadata (broker, nickname, balances)Duration of account + 30 days after account deletionContract - POPIA s11(1)(b)Hard delete on account deletion cascade
Psychological / mindset data (scores, notes, checklist responses, mindset sessions)Until you revoke consent - then hard-deleted immediatelyExplicit consent - POPIA s27(1)(a)Immediate cascading hard delete on consent revocation or account deletion
Consent records (legal_consent_log)Duration of account + 1 yearLegitimate interest / evidence of compliance - POPIA s11(1)(f)Secure delete; audit log retained in cold storage for 1 further year
Subscription and billing records5 years from the end of the tax year in which the transaction occurredTax Administration Act 28 of 2011; Companies Act 71 of 2008Secure delete after retention period
Session cookies (sb-*)As per Supabase default session length (currently 1 hour access token, 7-day refresh token)Essential for the serviceAutomatic expiry
Server and application logs90 daysLegitimate interest - security and abuse preventionAutomatic rotation
Supabase infrastructure backups7–30 days (Supabase default)Business continuityAutomatic overwrite by Supabase
Support correspondence (email)2 years from last messageLegitimate interest - service quality and legal defenceSecure delete

3. Account Deletion Process

  1. You initiate deletion from Settings → Account → Delete Account.
  2. A confirmation dialog requires your explicit confirmation. The action is irreversible.
  3. Supabase triggers cascade-delete all rows linked to your user ID across every table.
  4. Your authentication record in Supabase Auth is deleted and your session is invalidated.
  5. Within 30 days, the data is also removed from all Supabase automated backups as those backups roll over.
  6. Consent records (legal_consent_log) are retained for one further year as legal evidence of compliance, after which they are deleted.
  7. Subscription and billing records are retained for the period required by the Tax Administration Act, with other identifiers pseudonymised where practical.

4. Granular Deletion of Psychological Data

You can delete only your psychological data without deleting your account

Because psychological / mindset data is special personal information under POPIA s26, you can revoke consent for it independently of your overall account. In Settings → Privacy you can toggle off psychological-data consent. On revocation we immediately:
  • delete all mood / mindset scores across your records;
  • delete all free-text psychological notes;
  • blank psychological fields inside pre-trade checklists;
  • delete all mindset session records;
  • lock the mindset features until you re-consent.
Your trade journal, trading accounts and all other data remain intact.

5. Methods of Destruction

  • Live database - row-level hard delete in Supabase PostgreSQL, with foreign-key cascades ensuring no orphaned personal information is left behind.
  • Backups - Supabase’s automated backup schedule automatically overwrites old snapshots within the retention window (typically 7–30 days). We do not maintain any off-platform copies of user data.
  • Logs - application and access logs rotate automatically after 90 days. We do not forward logs to a long-term log aggregator.

6. Exceptions - When We May Retain Longer

We may retain personal information beyond the periods above only when:

  • required by applicable law (for example, tax or accounting records under the Tax Administration Act and Companies Act);
  • necessary to establish, exercise or defend a legal claim (litigation hold);
  • necessary to cooperate with a lawful investigation by a regulator or law enforcement; or
  • required to honour a direct instruction from you (for example, at your written request).

7. Roles and Responsibilities

  • Information Officer (Wynand de Beer) - owns this policy, authorises exceptions, and reviews retention annually.
  • Technical owner - implements and tests the cascade-delete SQL triggers, log rotation, and backup expiry.
  • Every team member - may not retain personal information outside the Platform (for example in personal spreadsheets or email inboxes).

8. How to Request Early Deletion

If you want us to delete specific personal information before the scheduled retention period ends, email privacy@tradejournal.co.za. We will assess the request against any legal retention obligation and respond within 30 days.