Privacy Policy

Am I On Track To Retire (“the Service,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and tools.

1. Information We Collect

Account Information

When you create an account, we collect your email address and authentication credentials. We use Supabase for authentication, which securely manages your login information.

Financial Planning Data

To provide retirement planning projections, you may input personal and financial information including but not limited to:

• Names and dates of birth (for you and any dependents)
• ZIP codes (home and work)
• State of residence
• Salary, income, and expected raise rates
• Social Security earnings history and benefit estimates
• Assets, investments, and account balances
• Liabilities and debts
• Spending estimates and budgets
• Healthcare cost estimates
• Dependent children's names and birth years
• Retirement age and planning preferences

This data is provided voluntarily by you and is used solely to generate your retirement projections. Any dependent information (such as children's names and birth years) is entered by adult users, not by children themselves.

Automatically Collected Information

When you visit our website, we may automatically collect certain technical information, including:

• Browser type and version
• Device type and operating system
• Pages visited and time spent on pages
• Referring website or source
• IP address (anonymized where possible)

2. How We Use Your Information

We use your information to:

• Provide the Service — generate retirement projections, calculations, and scenarios based on your inputs.
• Maintain your account — authenticate you and sync your data across sessions.
• Improve the Service — understand usage patterns to make the tools more useful and fix issues.
• Communicate with you — respond to support requests or feedback you submit through our contact form.

3. What We Do NOT Do With Your Data

We do not sell, rent, trade, or share your personal or financial data with third parties for marketing or advertising purposes.

We do not use your financial planning data for any purpose other than providing the Service to you. We do not display ads. We do not build advertising profiles.

4. Data Storage and Security

Your data is stored using Supabase, a secure cloud database platform. Supabase provides encryption at rest and in transit, access controls, and regular security audits.

When you use the app, your financial planning data is also stored locally in your web browser (localStorage) to enable offline access and faster loading. This local data is not encrypted by the browser. We recommend using a device with a passcode or password and not using the app on shared or public computers. When you delete your account, both cloud and local data are removed.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal and financial planning data within 30 days, except where retention is required by law.

When you delete your account, we delete your financial planning data from our servers and clear your local browser data. Your authentication record (email address) is also removed.

6. Your Rights

You have the right to:

• Access — Request a copy of the personal data we hold about you.
• Correction — Update or correct inaccurate data through the Service or by contacting us.
• Deletion — Request deletion of your account and associated data at any time.
• Export — Request an export of your data in a standard format.
• Withdraw consent — Stop using the Service at any time. Deleting your account removes your data.

To exercise any of these rights, please contact us.

7. Cookies

We use essential cookies required for authentication and session management via Supabase. These cookies are necessary for the Service to function and cannot be disabled.

We use Google Analytics (GA4) for usage analytics. Google Analytics sets cookies (including _ga and _gid) that collect information such as page views, browser type, device information, and anonymized IP addresses. These analytics cookies are loaded only after you provide consent via our cookie consent banner.

You can withdraw your cookie consent at any time by using the cookie settings link in the website footer. For more information about how Google processes data, see Google's Privacy Policy.

8. Third-Party Services

The Service uses the following third-party services that may process your data:

• Supabase — Authentication and database storage. Subject to Supabase's Privacy Policy.
• Vercel — Website hosting. Subject to Vercel's Privacy Policy.
• Google Analytics — Usage analytics. Subject to Google's Privacy Policy.
• Formspree — Contact form processing. Subject to Formspree's Privacy Policy.

We only use third-party services that are necessary to operate the Service and that maintain appropriate security practices.

9. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know — You have the right to know what personal information we collect, how it is used, and what categories of third parties receive it.
• Right to delete — You have the right to request deletion of the personal information we have collected about you.
• Right to opt out of sale or sharing — You have the right to opt out of the sale of your personal information or sharing for cross-context behavioral advertising. We do not sell your personal information, but you can opt out of analytics tracking via our cookie consent banner.
• Right to non-discrimination — We will not discriminate against you for exercising any of your privacy rights.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. You can opt out of analytics tracking via our cookie consent banner or by visiting our Do Not Sell or Share page.

To exercise any of these rights, please visit our contact page or email us at the address listed in the Contact section below.

11. State Privacy Rights

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Montana (MCDPA), Oregon (OCPA), or Texas (TDPSA), you may have similar privacy rights under your state's data privacy law, including:

• The right to access and obtain a copy of your personal data.
• The right to request deletion of your personal data.
• The right to opt out of the processing of your personal data for targeted advertising or the sale of personal data.
• The right to correct inaccuracies in your personal data.

To exercise any of these rights, please visit our contact page.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last updated” date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us.