Privacy Policy

1. Introduction

RetireZest ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our retirement planning application and services.

By using RetireZest, you agree to the collection and use of information in accordance with this policy. This Privacy Policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws, including Quebec's Act respecting the protection of personal information in the private sector (Law 25).

2. Information We Collect

2.1 Personal Information

We collect information that you voluntarily provide when using RetireZest, including:

• Account information: email address, name, date of birth
• Profile information: province of residence, marital status
• Partner information (if applicable): partner's name and date of birth
• Retirement planning details: target retirement age, life expectancy planning horizon

2.2 Financial Information

To provide retirement planning services, we collect financial information you choose to share:

• Asset balances (TFSA, RRSP, RRIF, non-registered, corporate accounts)
• Income sources and amounts
• Monthly expenses
• Debt information
• Government benefits calculations (CPP, OAS, GIS)

2.3 Automatically Collected Information

We automatically collect certain information when you use our services:

• Usage data: pages visited, features used, time spent on the application
• Device information: browser type, operating system, IP address
• Analytics data: aggregated usage patterns to improve our service

3. How We Use Your Information

We use your information for the following purposes:

• To provide and maintain our retirement planning services
• To perform retirement calculations and simulations
• To personalize your experience and provide tailored recommendations
• To send you important updates about your account and our services
• To improve our application and develop new features
• To ensure security and prevent fraud
• To comply with legal obligations

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit using 256-bit SSL/TLS encryption
• Password Security: Passwords are hashed using industry-standard bcrypt algorithms
• Authentication: Secure session management and email verification required
• Database Security: Data stored in secure, encrypted databases with restricted access
• Regular Security Audits: Ongoing monitoring and security assessments

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Information Sharing and Disclosure

5.1 No Sale of Personal Information

We do not sell, trade, or rent your personal information to third parties.

5.2 Service Providers

We may share information with trusted service providers who assist us in operating our application, including:

• Cloud hosting providers (Vercel, Neon)
• Payment processing (Stripe) — processes subscription payments; does not share your financial planning data
• Analytics services (Google Analytics, Vercel Analytics)
• Error tracking services (Sentry)
• Email delivery services (Resend)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

6. Your Privacy Rights

Under PIPEDA and applicable privacy laws, you have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Download your data in a portable format
• Withdrawal of Consent: Withdraw consent for data processing
• Complaint: File a complaint with the Privacy Commissioner of Canada

To exercise these rights, please contact us at the email address provided below.

7. Quebec Residents — Law 25

If you are a resident of Quebec, your personal information is also protected under Quebec's Act respecting the protection of personal information in the private sector (commonly known as Law 25 or Bill 64). In addition to the rights listed above, Quebec residents have the right to:

• De-indexation: Request that your personal information no longer be used for automated decision-making
• Portability: Receive your personal information in a structured, commonly used format
• Right to be Informed: Be informed of any privacy incidents involving your information

The person responsible for the protection of personal information at RetireZest can be reached at [email protected]. We will respond to requests within 30 days in accordance with Law 25 requirements.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide our services. You may request account deletion at any time:

• Account deletion requests trigger a 30-day grace period
• During the grace period, you can recover your account
• After 30 days, all personal data is permanently deleted from our systems
• Some information may be retained for legal or regulatory compliance

9. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Maintain your login session
• Remember your preferences
• Understand how you use our application
• Improve our services

You can control cookies through your browser settings. Disabling cookies may affect the functionality of our services.

10. Third-Party Links

Our application may contain links to third-party websites (e.g., Canada Revenue Agency calculators, Service Canada). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

11. Children's Privacy

RetireZest is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification for material changes

Your continued use of RetireZest after changes are posted constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

14. Disclaimer