Data Retention & Deletion Policy
Last Updated: March 16, 2026
World Enterprises LLC ("we," "us," or "our") operates NextGen Taxman at nextgentaxman.com. This Data Retention & Deletion Policy explains the types of data we collect, how long we retain each category, the legal basis for retention, and how you can request deletion of your data. This policy supplements our Privacy Policy.
1. Types of Data We Collect
We collect and process the following categories of data in the course of providing our tax preparation services:
1.1 Financial Data via Plaid
When you connect your bank accounts, investment accounts, or other financial institutions through Plaid, we receive:
- Account holder name and account identifiers
- Account balances and account types
- Transaction histories (date, amount, merchant, category)
- Income data, including W-2 wage information and 1099 income details
- Investment holdings, capital gains, dividends, and cost basis data
- Bank statement summaries
1.2 Tax Return Data
Data generated during the tax preparation and filing process:
- Completed federal and state tax returns (Forms 1040, schedules, and attachments)
- Tax calculations, deductions, and credits applied
- Filing status, confirmation numbers, and IRS/state acceptance records
- Amended returns and prior-year return data
- Uploaded tax documents (W-2s, 1099s, 1098s, receipts, and supporting documents)
1.3 Personal Identifiable Information (PII)
- Full legal name, date of birth, and Social Security Number (SSN) or ITIN
- Mailing address, email address, and phone number
- Filing status and dependent information
- Account credentials (password stored as a cryptographic hash, never in plaintext)
- Identity verification records
- Communication records (support tickets, emails)
1.4 Usage Data
- IP address, browser type, device type, and operating system
- Pages visited, features used, and session duration
- Referral sources and clickstream data
- Error logs and application performance data
- Cookie identifiers and analytics data
2. Retention Periods
We retain data for the minimum period necessary to fulfill the purpose for which it was collected and to comply with our legal obligations. The following table outlines our retention periods for each data category:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Tax return data (filed returns, schedules, confirmations) | 7 years from the date of filing | IRS record-keeping requirements (IRC § 6501); GLBA Safeguards Rule |
| Uploaded tax documents (W-2s, 1099s, receipts) | 7 years from the date of filing | IRS record-keeping requirements |
| Financial data imported via Plaid (transactions, balances, income data) | 3 years from the date of import, or 7 years if used in a filed tax return | Service delivery; IRS record-keeping if incorporated into a return |
| Personal identifiable information (name, SSN, address) | Duration of account plus 7 years after account closure | IRS requirements; GLBA; fraud prevention |
| Account credentials | Duration of account; deleted upon account closure | Service delivery |
| Payment and billing records | 7 years from the date of transaction | Financial record-keeping; tax obligations |
| Customer support communications | 3 years from the date of communication | Service quality; dispute resolution |
| Usage data and analytics | 24 months from the date of collection | Service improvement; legitimate business interest |
| Cookie data | Up to 13 months, depending on cookie type | Service functionality; user consent |
3. Legal Basis for Retention
We retain your data based on the following legal grounds:
- Legal obligation: Federal tax law (Internal Revenue Code) requires tax preparers to retain copies of tax returns and supporting documents for a minimum period. The IRS generally has three years to audit a return, extended to six years in cases of substantial understatement, and unlimited in cases of fraud. We retain tax return data for seven years to cover these periods.
- GLBA compliance: The Gramm-Leach-Bliley Act requires financial institutions to maintain records of their information security program and consumer data protection practices.
- Contractual necessity: We retain data as needed to fulfill our obligations to you under our Terms of Service, including providing access to prior-year returns.
- Legitimate business interest: We retain usage data and analytics to improve our Service, troubleshoot issues, and prevent fraud.
- Consent: Where retention is based on your consent, you may withdraw consent at any time (though legal retention requirements may still apply).
4. Data Deletion Process
When data reaches the end of its retention period, or when you submit a valid deletion request, we follow this process:
- Verification: We verify your identity to ensure the request is legitimate and authorized.
- Scope assessment: We determine which data can be deleted immediately and which data must be retained due to legal obligations.
- Deletion execution: Eligible data is permanently deleted from our production systems within 30 days of a verified request.
- Backup purge: Data is purged from backup systems within 90 days of deletion from production systems.
- Confirmation: We send you a written confirmation once the deletion process is complete.
Please note that certain data cannot be deleted before the applicable retention period ends. For example, if you filed a tax return through our Service, we are legally required to retain a copy of that return and supporting documents for the retention period specified above, even if you request deletion of your account.
5. How to Request Data Deletion
You may request deletion of your data through any of the following methods:
- Account settings: Navigate to Settings > Privacy > Delete My Data within your NextGen Taxman account to initiate a self-service deletion request.
- Email: Send a deletion request to privacy@nextgentaxman.com with the subject line "Data Deletion Request." Include your full name and the email address associated with your account.
We will acknowledge your request within 5 business days and complete the deletion within 30 days for production systems (90 days for backup systems), unless legal retention requirements apply. If we cannot fully comply with your request due to legal obligations, we will inform you of which data must be retained and for how long.
6. Automatic Deletion Timelines
In addition to user-initiated deletion requests, we automatically delete data according to the following schedule:
- Inactive accounts: If your account has been inactive for 36 consecutive months (no login or filing activity), we will notify you by email that your account and non-essential data are scheduled for deletion. You will have 30 days to reactivate your account before deletion proceeds. Legally required records (filed tax returns and supporting documents) will be retained for the applicable retention period.
- Plaid financial data: Financial data imported through Plaid that is not incorporated into a filed tax return is automatically deleted 3 years after import.
- Usage data: Anonymized or deleted 24 months after collection.
- Customer support records: Deleted 3 years after the last communication in the thread.
- Expired cookies: Automatically removed based on their expiration settings (up to 13 months).
7. How to Disconnect Plaid Access
You can disconnect your linked financial accounts and revoke Plaid's access to your financial data at any time using either of these methods:
- Through NextGen Taxman: Go to Settings > Linked Accounts in your NextGen Taxman dashboard. Select the account you wish to disconnect and click "Disconnect." This will revoke our access to future data from that institution.
- Through Plaid directly: Visit my.plaid.com to manage and revoke connections to all applications that use Plaid, including NextGen Taxman.
Important: Disconnecting your accounts stops future data imports only. Data previously imported through Plaid will be retained in accordance with the retention periods described in Section 2 above. If you wish to delete previously imported Plaid data, you must submit a separate data deletion request as described in Section 5.
For more information about how Plaid handles your data, please refer to the Plaid End User Privacy Policy.
8. Data Portability
You have the right to receive a copy of your data in a structured, commonly used, and machine-readable format. You can export your data through the following methods:
- Self-service export: Download your tax returns as PDF files and your financial data as CSV files from Settings > Privacy > Export My Data in your account dashboard.
- Email request: Contact privacy@nextgentaxman.com with the subject line "Data Portability Request." We will provide your data export within 30 days.
Exported data includes: completed tax returns (PDF), imported financial data (CSV), uploaded documents (original format), account profile information (JSON), and communication records (PDF). We do not charge a fee for data portability requests.
9. GLBA and CCPA Compliance
Our data retention practices are designed to comply with the following regulations:
Gramm-Leach-Bliley Act (GLBA):
- We maintain safeguards for the protection of nonpublic personal information (NPI) throughout its lifecycle, from collection through retention to deletion.
- Our retention periods for financial data are aligned with the GLBA's requirement to protect consumer information for as long as it is maintained.
- When data is deleted, we use secure deletion methods that render the data unrecoverable, consistent with NIST SP 800-88 guidelines for media sanitization.
- We maintain audit logs of data access and deletion activities as part of our information security program.
California Consumer Privacy Act (CCPA):
- California residents may request deletion of their personal information under the CCPA, subject to legal exceptions (such as IRS record-keeping requirements).
- We do not sell personal information and therefore do not offer an opt-out of sale.
- We respond to verified CCPA deletion requests within 45 days, as required by law.
- If we cannot fully delete your data due to a legal exception, we will inform you of the specific data retained and the applicable legal basis.
- We do not discriminate against consumers who exercise their CCPA rights.
10. Changes to This Policy
We may update this Data Retention & Deletion Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify you via email or a notice within the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Data Retention & Deletion Policy, or if you wish to submit a data deletion or portability request, please contact us:
- Email: privacy@nextgentaxman.com
- Company: World Enterprises LLC
- Website: nextgentaxman.com