Procedure for deleting data in the Planfix application

User activity in the Planfix account is an essential metric for the Provider. If there is no activity, the User's Account will be frozen and eventually deleted.

This Data Deletion Procedure summarizes and supplements the data deletion provisions of the Provider's Privacy Policy . The Privacy Policy is the controlling document for the Provider's data practices, including data collection, processing, retention, deletion, and California Consumer rights. In the event of any inconsistency between this Data Deletion Procedure and the Privacy Policy, the Privacy Policy controls.

ACCOUNT: FREEZING AND DELETION

• The Provider automatically freezes an Account if no new activity exists for one month. For example, adding new tasks or actions.
• One week before freezing, the Provider will prompt the User to show some activity in the Account if they plan to keep using it. If there is no activity, the Provider will freeze the Account.
• A frozen Account can be unfrozen within one month from the day it was frozen.
• Only the Account Owner can unfreeze the Account.
• The Provider will automatically delete the Account and all its data if a frozen Account is not unfrozen after one month.

CALIFORNIA CONSUMER PRIVACY RIGHTS

If you live in California, you have the right under the California Consumer Privacy Act (CCPA) to ask Planfix to delete personal information we have collected from you, with some exceptions. This document explains how we handle deletion requests in practice.

For your full CCPA rights — including the rights to know, correct, opt out of sale or sharing, and limit use of sensitive information — see our California Privacy Notice , which is the controlling source for our CCPA program.

SUBMISSION CHANNELS AND VERIFICATION

To submit a deletion request, the requester may use any of the following channels:

• Online submission via the contact methods listed at https://planfix.com/support/ ;
• Postal mail to: Planfix, Inc., Attn: Privacy Office, 4445 Eastgate Mall, Suite 200, San Diego, CA 92121, USA.

Before we delete anything, we verify it's really you:

• For Account Owners and other signed-in Users, you're verified by signing in to your account (username + password, or MFA if enabled). For sensitive requests we may also send a confirmation to your account email.
• For people not signed in (California residents requesting under CCPA), we match 2 pieces of information you give us against what we have on file. For requests involving sensitive personal information, we match 3.
• For authorized agents, we need (a) your written permission for the agent to act on your behalf, and (b) verification of your identity. If your agent has a valid power of attorney, that's enough.

If we can't verify you, we'll tell you why and you can try again. We log all verification attempts for audit purposes.

RESPONSE TIMELINE

We'll confirm we got your request within 10 business days. Then we respond on the following schedule:

• For California residents under CCPA, we respond within 45 days. If we need more time (for example, your request is complex), we can take up to 45 more days, but we'll tell you within the first 45 days that we're extending and why.
• For other deletion requests, we respond within 30 days of receipt and identity verification.
• For automatic deletion of frozen accounts, if your account has been frozen for a month and you don't unfreeze it, we delete it automatically. A copy is kept for 180 days (see "Data: Storage and Deletion" below). No request needed.

EXCEPTIONS TO DELETION

California law lets us keep data even when you ask us to delete it, in these specific cases:

• To finish a transaction you started or fulfill a contract with you;
• To detect and respond to security incidents, fraud, or illegal activity;
• To debug and fix our service;
• To exercise free speech (ours or someone else's) or another legal right;
• To comply with California's electronic communications privacy laws;
• To do scientific or statistical research in the public interest, where deletion would seriously hurt the research and you've given informed consent;
• For internal uses you'd reasonably expect, given how you originally provided the information;
• To comply with a legal obligation — for example, keeping tax records for 7 years;
• For other lawful internal uses compatible with how you originally provided the information.

When we keep data under one of these exceptions, we'll tell you which one in our response.

DATA: STORAGE AND DELETION

• The Provider retains a copy of the Account for 180 days. After 180 days, all Account data will be permanently deleted automatically.
• Users can request deletion of personal data remaining in the Provider's systems by submitting a request through any of the channels described in the "Submission Channels and Verification" section above. After receipt and verification of the request, all User-provided personal data remaining in the Provider's systems will be deleted within the timeline described in the "Response Timeline" section above, subject to the statutory exceptions listed in the "Exceptions to Deletion" section above.
• Deleting the User's personal data will result in a partial or complete inability to use Planfix.

BACKUP AND LOG RETENTION

After deletion of account data from the active Service, residual copies may persist temporarily in the Provider's backup and logging systems, as follows:

• Offline backups: the Provider retains an offline backup copy of the deleted account for up to 180 days from the date of deletion, after which the backup is automatically and irrecoverably purged. The offline backup is not accessible through the Service, is encrypted at rest, and is used solely for disaster recovery or to comply with legal obligations.
• Security and audit logs: security event logs and audit logs are retained for at least one (1) year, and in some cases longer to comply with forensic, security, or regulatory needs. Logs that may contain residual references to deleted personal data are progressively reduced to aggregated, non-identifiable form on a rolling schedule.