Comprehensive Website Compliance Package
Data Retention and Deletion Policy
| Company | MyBenefitsPA Inc. |
| Website | www.mybenefitspa.com |
| Document Status | Counsel Review Draft 1.0 |
| Document Date | June 23, 2026 |
| Public Contact | support@mybenefitspa.com |
Designed for: personal banking information accessed through Plaid or similar integrations; personal information; SSN and identity data; disability, medical, and public-benefit records; Medicaid, SSI, SSDI, SNAP, MAWD, Medicare Savings Programs, QMB, waiver programs, and related eligibility/renewal monitoring.
1. Purpose and Scope
This Data Retention and Deletion Policy explains how MyBenefitsPA retains, archives, deletes, de-identifies, and disposes of personal information, Financial Data, documents, AI interactions, audit logs, and operational records. It applies to data collected directly from users, obtained through Plaid or similar integrations, uploaded by users or advisors, generated by Platform use, or maintained for security, legal, audit, and compliance purposes.
Retention periods are designed around data minimization, user control, public-benefit monitoring needs, Medicaid look-back considerations, SSI/SSDI income and resource verification, SNAP/MAWD/QMB records, legal defense, security investigations, and privacy-rights obligations. Actual retention may vary where state law, contract, legal hold, business associate agreement, litigation, audit, agency inquiry, user direction, or program-specific requirement applies.
2. Retention Principles
- Collect only data reasonably necessary for the selected service, authorized advisor access, security, legal compliance, and user-requested benefit monitoring.
- Retain data only for the shortest period consistent with user expectations, legal requirements, benefit-program needs, security, dispute resolution, and operational necessity.
- Use encrypted archive, access restriction, cryptographic erasure, token revocation, and lifecycle deletion to reduce risk after active use ends.
- Separate active data from archived data when records no longer need routine access.
- Honor verified deletion requests subject to legal holds, statutory retention, fraud/security needs, dispute records, and other lawful exceptions.
3. Standard Retention Schedule
| Data Category | Active Retention | Archive/Deletion Rule | Reason |
|---|---|---|---|
| Account data | Life of account | Delete or de-identify within 30 to 45 days after verified deletion or closure, except retained records. | Account management, authentication, user communications. |
| Authentication and MFA records | Life of account plus security review period | Retain security events up to 7 years if needed for audit or investigation. | Account security, fraud prevention, legal defense. |
| Beneficiary profile data | Life of account | Archive up to 7 years after closure unless shorter retention is lawful and operationally sufficient. | Benefits continuity, disputes, appeals, overpayment inquiries, identity verification. |
| SSN and government identifiers | Only while needed for configured features | Tokenize, mask, or remove where possible; archive only if needed for benefits records or legal defense. | Eligibility matching, records organization, agency documentation. |
| Program enrollment and eligibility records | Life of account | Archive up to 7 years after closure or longer under legal hold. | Benefit renewals, appeals, audit trail, overpayment defense. |
| Income records | Life of account | Archive up to 7 years after closure; retain longer only under legal hold or user-directed case file. | SSI/SSDI/SNAP/MAWD/QMB reporting, disputes, tax-related records where applicable. |
| Asset records | Life of account | Archive up to 7 years after closure; bank-derived transaction history separately governed below. | Medicaid and SSI resource monitoring, look-back support. |
| Bank transactions from integrations | Rolling 60 months by default | Automatically purge older data unless saved to a case file, legal hold, or user-directed archive. | Medicaid look-back, income/resource monitoring, benefit reporting. |
| Daily balance snapshots | Rolling 60 months by default | Automatically purge older snapshots unless needed for alerts, dispute, or legal hold. | Peak balance/resource threshold monitoring. |
| Plaid or integration access tokens | Until disconnection, account deletion, token failure, or service end | Revoke token through provider API and delete encrypted token; retain token event logs as security records. | Ongoing connectivity and auditability. |
| Uploaded documents | Life of account | Categorize and archive up to 7 years after closure; user may delete non-required documents sooner. | Benefit verification, appeals, renewal support, medical/disability documentation. |
| Advisor authority documents | Life of advisor access plus authority dispute period | Archive up to 7 years after revocation or account closure. | Proof of authority, access control, dispute resolution. |
| Consent records | Life of account plus 7 years | Archive securely; delete after retention unless legal hold applies. | Proof of consent, privacy compliance, advisor access, sensitive-data processing. |
| AI chat history | 90 days by default | Auto-delete unless user saves selected conversation into a case file or retention is needed for security/legal purposes. | Privacy by default; user may preserve important benefit records. |
| User-saved case notes and reports | Life of account | Archive up to 7 years after closure unless user deletes sooner and no exception applies. | Continuity of benefits management. |
| Alert records | 24 months active | Archive or delete after 24 months unless part of saved case file or dispute. | Demonstrate alerts, deadline history, troubleshooting. |
| Audit logs | Up to 7 years | Encrypted archive and cryptographic erasure after retention. | Security investigation, privacy audit, HIPAA/GLBA where applicable, legal defense. |
| Server/application logs | 90 to 180 days active | Longer retention only for security events, fraud, debugging, legal hold, or aggregated statistics. | Security, reliability, incident investigation. |
| Aggregated/de-identified analytics | Indefinite | Retain only if de-identified so it is not reasonably linkable to a user. | Product improvement, performance measurement. |
| Backups and disaster recovery copies | Rolling schedule | Overwrite or expire within 90 days after primary deletion where practicable, unless legal hold applies. | Resilience and recovery. |
4. Program-Specific Retention Considerations
4.1 Medicaid and Long-Term Care Look-Back
Many Medicaid contexts involve a look-back period of up to 60 months for certain asset transfers. For this reason, bank transactions and balance snapshots are retained on a rolling 60-month default unless the user saves records to a longer case file, a legal hold applies, or a shorter retention period is legally required or operationally sufficient.
4.2 SSI, SSDI, SNAP, MAWD, QMB, and Related Programs
Income, resource, household, disability, and program records may be relevant to reporting obligations, renewal disputes, overpayment allegations, appeals, and agency correspondence. MyBenefitsPA generally archives these records up to 7 years after account closure, subject to deletion rights and lawful exceptions.
4.3 HIPAA and Consumer Health Data Where Applicable
Where HIPAA applies, required HIPAA documentation is retained for at least the period required by HIPAA or applicable business associate agreements. Health or disability records directly uploaded by users are handled as Sensitive Data and retained according to the uploaded-document and beneficiary-record schedules unless another law or contract requires a different period.
5. User-Initiated Deletion and Account Closure
Users may request deletion by contacting support@mybenefitspa.com or using account settings where available. MyBenefitsPA will verify identity and authority before deleting or exporting sensitive information.
| Step | Target Timing | Action |
|---|---|---|
| Verification | Promptly after request | Verify requester identity and authority, including advisor or guardian status if relevant. |
| Integration disconnection | Within 24 hours where technically available | Disconnect Plaid or similar integrations and revoke active tokens. |
| Active account deletion | Within 30 to 45 days | Disable account, end sessions, delete active credentials, remove routine user access. |
| Archived records | According to retention schedule | Move retained records to encrypted archive with restricted compliance access. |
| Confirmation | Within applicable legal response period | Provide confirmation, denial reason, or extension notice where applicable. |
6. Advisor Revocation
When advisor or caregiver authority is revoked, disputed, expired, or terminated, MyBenefitsPA will disable or restrict advisor access after verification. Records of advisor access, invitations, authority documents, data exports, and revocation events may be retained for audit, legal defense, and privacy compliance. Revoking advisor access does not delete the Beneficiary's underlying records unless the Beneficiary or authorized account holder separately requests deletion and no exception applies.
7. Legal Holds and Exceptions
Data subject to litigation, anticipated litigation, subpoena, regulatory investigation, law enforcement request, government audit, security incident, fraud investigation, payment dispute, authority dispute, or other legal hold is preserved until the hold is released. Legal holds supersede routine deletion schedules and user deletion requests to the extent permitted by law.
- Records may also be retained beyond standard periods when required by contract, business associate agreement, tax/accounting duty, audit duty, security incident remediation, or user-requested case preservation.
- MyBenefitsPA will restrict access to held data and preserve only what is reasonably necessary for the hold purpose.
- Users will be notified of legal-hold limits on deletion where legally permitted.
8. Deletion, Disposal, and De-Identification Methods
| Method | Use Case | Safeguard |
|---|---|---|
| Provider token revocation | Plaid or similar integration access tokens. | Call provider revocation where available; delete encrypted token; retain revocation log. |
| Secure database deletion | Active database records no longer needed. | Delete records through approved workflows; verify deletion jobs and audit trails. |
| Cryptographic erasure | Encrypted archives, backups, object stores, or storage where physical overwrite is not meaningful. | Destroy or retire keys so data becomes unrecoverable. |
| Object lifecycle deletion | Cloud file storage and document archives. | Use provider lifecycle policies, version deletion, key destruction, and purge verification. |
| Log expiration | Operational logs. | Automated rotation and expiration; preserve security events under legal hold when required. |
| De-identification | Analytics and product improvement data. | Remove or transform identifiers and assess re-identification risk before indefinite retention. |
9. Backups
Backups are encrypted, access-controlled, and maintained on a rolling schedule. When active data is deleted, corresponding backup copies expire through normal backup rotation, generally within 90 days unless a legal hold, incident investigation, or disaster-recovery requirement applies. Restored backups are re-subjected to current deletion, access-control, and retention rules.
10. Data Portability and Case Export
Users may request a copy of personal information in a portable format where required by law and technically feasible. Export files may include sensitive documents, financial records, benefit records, and advisor-access history. MyBenefitsPA verifies the requester before providing exports and may provide secure download links with expiration and audit logging.
11. Governance and Review
The Chief Privacy Officer or designated privacy owner is responsible for this Policy. The Policy is reviewed at least annually and whenever material changes occur in data flows, laws, integrations, benefit-program coverage, AI processing, vendor relationships, or incident experience. Personnel with access to user data receive training on retention, deletion, legal holds, and secure handling.
Retention and deletion requests, security incidents, and general support: support@mybenefitspa.com.