April 23, 2026
These documents are a production-ready baseline for the current application flow and should still be reviewed by counsel before a final public launch.
1. Retention categories
Different categories of data may remain stored for different operational periods depending on platform needs, legal obligations, and incident-response requirements.
- Account and preference data may remain while an account is active.
- Finance records and attachments may remain while the user relies on the service history.
- Audit and security logs may persist longer when required for abuse review or privileged-action traceability.
- Backup copies may continue to exist for a limited additional period after live data changes.
2. Active lifecycle
As long as an account stays active, COFI may retain the records and settings needed to keep the application usable and consistent.
Deletion or deactivation requests should be evaluated together with fraud prevention, legal retention duties, and backup schedules.
3. Backups and recovery
Operational backups may temporarily preserve information after live records are modified or deleted.
These copies are kept to support disaster recovery, integrity verification, and incident response.
4. Review obligations
Before a public commercial rollout, the operator should define exact retention windows, deletion workflows, and jurisdiction-specific exceptions.
That review should cover user records, logs, admin audit trails, and stored files.