CafeTally Policy
Data Retention and Disposal Policy
Last updated: June 28, 2026
Practical deletion controls for business data
CafeTally stores operational and financial data for cafes and restaurants. This policy describes how that data is retained while the product is in use and how it is disposed of when an account, organization, or integration data set is deleted.
Purpose and Scope
This Data Retention and Disposal Policy explains how CafeTally retains, deletes, and disposes of customer data, account data, organization data, financial data, operational records, backups, and logs.
This policy applies to data processed through CafeTally products, including inventory, costing, stock check, product, recipe, receipt, expense, finance, Plaid, Square, analytics, support, and team management features.
Retention Principles
CafeTally keeps data only for as long as reasonably needed to provide the service, maintain security and reliability, support customer-directed workflows, comply with legal obligations, resolve disputes, enforce agreements, and maintain ordinary business records.
- Customer-controlled product data is retained while the account or organization remains active unless the customer deletes it or asks us to delete it.
- Sensitive financial data is retained only as needed for connected finance features, reporting, audit trails, compliance, or customer-requested deletion workflows.
- Security, diagnostic, and operational logs are retained for limited periods based on security and reliability needs.
- Backups are retained for disaster recovery and expire through normal backup rotation.
Data Categories
CafeTally retention periods vary by data type and business need.
- Account data: name, email, authentication metadata, MFA metadata, settings, and support communications.
- Organization data: teams, memberships, invitations, stores, inventory, categories, forms, stock checks, alerts, products, recipes, modifiers, rulebooks, reports, chats, and activity history.
- Financial data: Plaid connection metadata, account metadata, transaction records, categorizations, finance audit logs, P&L, cashflow, reconciliation, receipt, and expense records.
- Integration data: Square tokens, Square merchant and location metadata, catalog, inventory, and sales sync data.
- System data: cookies, session data, analytics events, diagnostic records, security logs, and error logs.
Active Account Retention
For active accounts and organizations, CafeTally generally retains product data until the customer deletes it, disconnects an integration, closes the account, or requests deletion.
Some records, such as financial audit logs, categorization history, stock check history, and activity logs, may be retained to preserve reporting integrity while the organization remains active.
Account and Organization Deletion
Users can request account deletion through the product or by contacting CafeTally. The product requires password verification and typed email confirmation before account deletion.
When a non-owner deletes an account, CafeTally hard deletes that user account and user-owned records such as memberships, activity records, chat history, and stock checks submitted by that user. Organization-owned records remain available to the organization owner.
When an organization owner deletes an account, CafeTally hard deletes the owner account and the organization data controlled by that owner, including stores, inventory, stock checks, products, recipes, expenses, finance data, reports, alerts, rulebooks, chats, memberships, invitations, and activity history.
Plaid and Financial Data Disposal
If a customer disconnects a Plaid bank connection, CafeTally stops future syncing for that connection, revokes the Plaid Item where supported, and deletes imported transactions, account metadata, and related finance audit entries associated with that bank connection from active CafeTally product records.
If a customer clears all Plaid bank connections for a store, CafeTally removes the connected Plaid Items where supported and deletes imported Plaid financial data associated with those bank connections from active CafeTally product records.
When covered by account or organization deletion, Plaid-derived account metadata, transactions, categorization records, finance audit logs, and related reports are deleted from CafeTally production systems, subject to backup expiration and legally required retention.
Backups and Logs
Deleted production data may remain in encrypted backups and limited logs for a short time until those systems rotate or expire. Backups are used for disaster recovery and are not restored to active systems except when needed for security, continuity, or legal reasons.
If a backup containing deleted data is restored, CafeTally will take reasonable steps to re-apply deletion requests where applicable.
Legal Holds and Required Retention
CafeTally may retain limited information when required or permitted by law, including for tax, accounting, fraud prevention, security investigations, dispute resolution, legal compliance, or enforcement of agreements.
When a legal hold applies, affected data is retained only as long as needed for that purpose and then deleted or de-identified when the hold ends.
Disposal Methods
CafeTally uses disposal methods appropriate to the data type and storage system.
- Production database records are deleted using application-controlled hard-delete workflows or approved administrative deletion procedures.
- Sensitive tokens, credentials, and financial fields are removed with their parent records or invalidated through the relevant integration provider where supported.
- Backups expire through retention schedules and secure infrastructure controls.
- Where deletion is not feasible or legally appropriate, data may be de-identified or aggregated so it no longer identifies a customer, user, or organization.
Verification
CafeTally account deletion workflows include server-side verification checks that confirm targeted account and organization records were removed before the session is cleared.
For deletion requests handled outside the product, CafeTally may verify completion through administrative review, system checks, or written confirmation to the requestor.
Requests and Contact
To request deletion, access, correction, export, or additional information about data retention, contact CafeTally. We may need to verify your identity and authority over the account or organization before acting on a request.
Contact Us
If you have questions about this policy or want to submit a retention or disposal request, contact us at privacy@cafetally.com.
