Privacy Policy — RetirIQ

Contents

Summary 7. How we protect it 1. What we collect 8. Minors 2. How we use it 9. Your rights 3. Legal bases 10. Do-Not-Track 4. Who we share with 11. Policy updates 5. AI features 12. Contact us 6. How long we keep it

Privacy Policy Summary

⚠️ This summary is for convenience only and is not legally binding. The full policy below contains the complete terms.

What we collect

Email address & password (Pro accounts)
Basic anonymized usage data
Payment processed by our payment provider — we never see card details
Short-lived security cookies (auto-deleted within 60 seconds)

What we don't collect

Any of your financial planning data
Income, investments, expenses, projections
Everything you enter stays on your device only

Who sees your data

Our payment provider (subscription purchases only)
Our hosting provider (server logs only)
Anthropic (Claude) if you use AI Review — optional
Law enforcement if legally required

Your rights

Access the account data we hold
Correct or delete your account
Export your plan data (it's already on your device)
Withdraw consent at any time

The bottom line: Your financial data never leaves your device. We designed RetirIQ this way on purpose. The only time any plan data is transmitted anywhere is if you choose to use the optional AI Review feature — and even then it goes directly to the AI provider to generate your response, not to us.

This Privacy Policy describes how RetirIQ ("we," "us," or "our") processes information when you use our services at retiriq.ca. Questions? Contact us at [email protected].

1. What information do we collect?

In Short: We collect only what is necessary to operate your account. Your financial planning data stays on your device and is never collected by us.

Account information (Pro users)

When you create a Pro account, we collect your email address and a hashed password. We do not collect your name, phone number, or any other identifying information unless you voluntarily provide it when contacting support.

Financial planning data

All retirement planning data you enter in RetirIQ — including income, investments, expenses, debts, benefits, and projections — is stored exclusively in your browser's local storage on your own device. This data is never transmitted to our servers and we have no access to it whatsoever.

Payment information

If you purchase a Pro subscription, your payment details are processed directly by our third-party payment provider. We receive only a confirmation of successful payment and a subscription status. We do not store or access your payment card details.

Usage data

We may collect basic, anonymized usage information such as which features are accessed and general error logs. This data does not include any of your financial planning inputs and cannot be linked back to you individually.

Technical cookies

We use strictly necessary security cookies required for the secure operation of our website. These cookies contain no personal information, expire within 60 seconds, and cannot be used to track you across websites.

Sensitive information

We do not collect sensitive personal information of any kind.

2. How do we process your information?

In Short: We use your account information to operate your subscription and improve the service. We never process your financial planning data — it never reaches us.

To manage your account

Creating and maintaining your Pro subscription, processing payments, and sending account-related communications (no marketing emails).

To improve the service

Using anonymized, aggregated usage data to understand how features are used and where improvements can be made.

To provide AI features (optional)

When you choose to use the AI Plan Review feature, your plan data is transmitted to our AI provider for that specific request only. See Section 5 for full details.

For security and fraud prevention

Protecting the integrity of accounts and detecting unauthorized access.

To comply with law

Processing your information as required by applicable legal obligations.

3. What legal bases do we rely on?

In Short: We only process your information when we have a valid legal reason to do so.

Performance of a contract: To provide the Pro subscription services you have purchased.
Legitimate interests: To improve our services, maintain security, and prevent fraud.
Legal obligations: To comply with applicable laws and regulations.
Consent: For any optional processing, including AI features.

If you are located in Canada, we process your information in accordance with PIPEDA and applicable provincial privacy legislation.

4. When and with whom do we share your information?

In Short: We share only what is necessary to operate the service. We never share your financial planning data because we don't have it.

Payment provider: Your payment information is shared with our payment provider solely to complete your subscription purchase.
Hosting and infrastructure providers: Our hosting provider may have access to server logs, including IP addresses. These providers are contractually prohibited from using this data for any other purpose.
AI service providers (optional): When you use AI features, your plan data is transmitted to our AI provider. See Section 5.
Legal requirements: We may disclose account information if required by law or valid legal process.
Business transfers: In the event of a merger or acquisition, account information may be transferred with advance notice.

We do not sell, rent, or trade your information to any third party for marketing purposes.

5. AI-powered features

In Short: AI features are optional. When used, your plan data is sent to our AI provider for that request only and is not retained by us.

RetirIQ Pro includes an AI Plan Review feature powered by Claude (Anthropic). When you choose to use this feature:

Your retirement plan data is transmitted to Anthropic's API to generate your personalized analysis.
This data is used solely to generate your response and is not used to train AI models under our current agreement.
Anthropic processes data according to their own privacy policy and our data processing agreement with them.
We do not retain a copy of the data sent to the AI after your session ends.
AI features are entirely optional. You can use RetirIQ fully without ever using the AI Review feature.

We encourage you to review Anthropic's privacy policy at anthropic.com/privacy.

6. How long do we keep your information?

In Short: Account information is kept while your account is active and for up to 6 months after deletion. Your financial data exists only on your device.

Account information: Retained while your account is active and for up to 6 months after account deletion, unless a longer period is required by law.
Financial planning data: This data exists only on your device. Deleting your browser's local storage or using RetirIQ's built-in "Clear data" function removes it permanently.
Payment records: Retained as required for accounting and legal purposes, typically 7 years.
Usage data: Anonymized usage data may be retained indefinitely as it cannot be linked to you.

Inactive Pro accounts will be automatically deactivated after 12 months of no login activity and permanently deleted after an additional 6 months.

7. How do we keep your information safe?

In Short: Your financial data is safest because we never collect it. Account data is protected by standard security measures.

We implement reasonable technical and organizational security measures to protect account information, including encrypted connections (HTTPS), hashed password storage, and access controls.

Your financial planning data is the most sensitive information in RetirIQ — and by design, it never leaves your device. The most effective protection we offer is simply not collecting it in the first place.

No internet transmission can be guaranteed 100% secure. You should use RetirIQ only on devices and networks you trust.

8. Do we collect information from minors?

In Short: No. RetirIQ is for adults only.

We do not knowingly collect information from anyone under 18 years of age. By using RetirIQ, you confirm you are at least 18 years old. If we become aware that a minor has created an account, we will delete it promptly.

9. What are your privacy rights?

In Short: You have the right to access, correct, delete, and export your data.

Depending on your location, you may have the right to:

Access: Request a copy of the account information we hold about you.
Rectification: Request correction of inaccurate account information.
Erasure: Request deletion of your account and associated data.
Data portability: Export your financial planning data using RetirIQ's built-in backup feature.
Restrict processing: Request that we limit how we use your account information.
Withdraw consent: For any processing based on consent, you may withdraw at any time.

To exercise these rights, contact us at [email protected] or delete your account directly from the app's General settings tab.

10. Do-Not-Track features

We do not currently respond to Do-Not-Track browser signals as no uniform standard has been finalized. We do not engage in cross-site tracking.

11. Do we make updates to this policy?

We may update this Privacy Policy as required by law or as our services evolve. Material changes will be communicated via email to Pro subscribers or by a notice in the app.

12. How can you contact us?

For questions, concerns, or to exercise your privacy rights:

[email protected]

A contact form will be available at retiriq.ca/contact once our full web platform launches.