Wellfold Privacy Policy- Addendum
Overview
Wellfold retains personal information for as long as necessary to provide our services, comply with our legal and contractual obligations, resolve disputes, prevent fraud, and enforce our agreements. The specific retention period for any given piece of information depends on the type of data, the purpose for which it was collected, and the legal or business requirements that apply to it. This section explains how we approach retention, the categories of data we retain, and how long we typically retain them.
How We Determine Retention Periods
We determine retention periods based on the following factors, applied individually or in combination:
The length of time the information is needed to provide the services you have requested or to administer your account
The length of time the information is needed to operate, improve, and secure our platform
Legal, regulatory, tax, accounting, and recordkeeping obligations applicable to Wellfold, our carrier partners, our payment and card-linked offer processors, and other service providers in our value chain
Contractual obligations under our agreements with insurance carriers, financial institutions, payment networks, and other partners
The statute of limitations applicable to potential legal claims, disputes, audits, regulatory examinations, and investigations
Industry standards and best practices for financial-services and loyalty-rewards platforms
Your reasonable expectations based on the nature of our relationship with you
Operational and security needs, including fraud detection, account recovery, and system integrity
Where multiple retention periods could apply to the same information, we retain the information for the longest applicable period.
Categories of Information and Retention Periods
The following describes the general retention periods that apply to different categories of personal information. Actual retention periods may be longer where required or permitted by applicable law.
Account and profile information (name, email address, phone number, mailing address, account credentials, communication preferences): Retained for the duration of your account, plus a period of up to 7 years following account closure or your last interaction with our services, to support transaction reconciliation, dispute resolution, regulatory inquiries, and audit obligations.
Transaction and rewards data (purchase records, card-linked offer activity, qualified GMV, rewards earned and paid, redemption history, associated contact identifiers): Retained for a minimum of 7 years following the transaction date, consistent with tax, financial recordkeeping, and contractual obligations to our carrier partners and payment processors. Certain transaction records may be retained longer where required by federal, state, or partner-imposed retention rules.
Payment-related information (tokenized card identifiers, processor reference numbers, payment-related metadata; we do not retain full card numbers): Retained for the period required by payment-card industry standards, our payment and card-linked offer processors, and applicable financial regulations, 7 years following the related transaction.
Identity verification and program eligibility data (information used to confirm your eligibility for a carrier's loyalty program, including policy-status indicators provided by our carrier partners): Retained for the duration of your participation in the program plus the retention period required by our agreement with the relevant carrier, 7 years following program exit.
Communications and support records (emails, support tickets, chat transcripts, complaint records, and our responses): Retained for up to 7 years following the date of the communication, to support service quality, dispute resolution, and regulatory recordkeeping.
Marketing and engagement data (campaign interactions, UTM and attribution data, in-product engagement events, marketing preferences): Retained for as long as it is useful for the purpose collected and, in any case, for no longer than 24 months following your last interaction, unless tied to a financial transaction (in which case the transaction retention period applies) or required for a longer period to honor your opt-out preferences.
Suppression and do-not-contact lists (email addresses, phone numbers, and other identifiers you have asked us to stop using for marketing): Retained indefinitely so that we can continue to honor your preferences and avoid re-contacting you. This is the only category of data we may retain for longer than the periods above, and we retain it solely to respect your stated preferences.
Security, fraud-prevention, and audit logs (IP addresses, device identifiers, authentication events, security event logs, access logs): Retained for up to 24 months for routine operational use, and longer where required to investigate or resolve specific security incidents, suspected fraud, or legal matters.
Records of privacy requests (your requests to access, correct, delete, opt out, or limit use of your information, and our responses): Retained for at least the period required by applicable privacy law of 2 years, to demonstrate compliance.
Backups and disaster-recovery copies: Personal information contained in routine backups is retained according to our standard backup-rotation schedule and is overwritten or expired in the ordinary course. We do not selectively purge individual records from backups; backup copies are protected by access controls and used only for system recovery and integrity purposes.
Information Deleted or Anonymized After the Retention Period
Once a retention period expires, we will delete, deidentify, or anonymize the relevant personal information, unless a new legal basis for retention has arisen (for example, a pending dispute, investigation, or legal hold). Deidentified or aggregated data that can no longer reasonably be linked to an identifiable individual may be retained indefinitely for analytics, research, product improvement, and other business purposes.
Account Closure and Deletion Requests
When you close your account or submit a request to delete your personal information:
We will remove your information from active use in our marketing, product, analytics, and customer-engagement systems within the timeframe required by applicable law.
We will add your contact identifiers to our suppression list to ensure we do not re-contact you for marketing purposes.
We will retain certain information in restricted-access compliance archives for the periods described above, where retention is required or permitted by law, contract, or our legitimate operational interests. This retained information is not used for marketing, profiling, personalization, sale, or any purpose other than the legal or operational basis on which it is retained.
We will confirm completion of your request and, where applicable, describe the categories of information we have retained and the basis for retention.
Why We Retain Information After Account Closure
We retain certain categories of personal information after account closure to meet obligations and protect interests that survive the end of our active relationship with you, including:
Tax, accounting, and financial recordkeeping obligations under federal and state law
Contractual obligations to our carrier partners, payment processors, and other service providers, which require us to maintain records supporting transactions conducted through our platform
Anti-fraud, anti-money-laundering, and related obligations that apply to financial-services and rewards platforms
Audit and regulatory examination requirements, including responding to inquiries from state insurance regulators, consumer protection agencies, and financial regulators
Defense of legal claims, including disputes, chargebacks, and litigation arising from transactions or interactions during the period of your account
Compliance with applicable privacy laws, including the obligation to maintain records of consumer rights requests
Honoring your stated communication preferences through our suppression lists
These obligations apply to Wellfold directly and, in certain cases, to our partners whose records we are contractually required to maintain.
Legal Holds
If we receive a valid legal request — including a subpoena, court order, government investigation, or formal litigation hold — we may retain affected information beyond the periods described above until the matter is resolved.
Changes to Retention Periods
We may update our retention practices over time to reflect changes in our services, our legal and contractual obligations, or industry standards. Material changes to this section will be reflected in updates to this Privacy Policy.
Contact
If you have questions about our retention practices or your personal information, please contact us at support@wellfold.com.
