Privacy Policy

Last updated: April 2026

What We Collect

When you create an account, we collect your email address and a securely hashed password. As you use RetireMe, we store the financial inputs you provide -- retirement age, savings targets, income, expenses, portfolio holdings, and simulation parameters -- to generate your projections.

How We Store Your Data

All user data is stored in a PostgreSQL database with encryption at rest. Passwords are hashed using bcrypt and never stored in plain text. Database access is restricted to our backend services only.

Data Retention

  • Active accounts: your data is retained for as long as your account remains active.
  • Deleted accounts: when you delete your account, all personal data, retirement scenarios, milestones, and portfolio data are permanently and immediately removed from our systems.
  • Cached data: temporary caches (market data lookups, simulation results) are periodically purged for inactive accounts.
  • Email logs: transactional email records (verification, password reset) are retained for up to 1 year for debugging purposes, then permanently deleted.
  • Stripe-held records: payment method and billing records held by our payment processor Stripe are retained according to Stripe's own retention policy for financial compliance. RetireMe does not control Stripe's retention of these records. See Stripe's privacy policy for details.

Authentication & Cookies

We use JWT tokens stored in httpOnly cookies for authentication. These cookies cannot be accessed by client-side JavaScript, protecting against cross-site scripting attacks. We do not use third-party tracking cookies.

Analytics & Tracking

  • RetireMe does not use any third-party analytics services (such as Google Analytics or Mixpanel).
  • We do not use advertising trackers, pixels, or third-party cookies.
  • We collect server-side usage data (such as which tools you use and when you run simulations) solely to improve the product. This data is never shared with third parties.

Market Data

Portfolio market data is fetched from Yahoo Finance entirely on our servers. No requests are made from your browser to Yahoo Finance or any other third-party data provider. We do not share your portfolio holdings with data providers.

Payment Processing

Subscription payments are handled by Stripe. We never see or store your credit card number. Stripe provides us with a customer ID and subscription status to manage your account access.

Third-Party Sharing

We do not sell, rent, or share your personal data with third parties. The only external services that receive any of your information are Stripe (payment processing) and our email provider (transactional emails like password resets and verification).

Your Privacy Rights

  • For EU residents (GDPR): Right to access, rectification, erasure, data portability, restriction of processing, and objection. Our legal basis for processing: contract performance (providing the service you signed up for) and legitimate interest (product improvement through anonymized usage analysis).
  • For California residents (CCPA): Right to know what personal information we collect, right to delete, right to opt-out of the sale of personal information (we do not sell your data to anyone), and right to non-discrimination for exercising your rights.
  • How to exercise your rights: Use the “Export My Data” and “Delete My Account” options on your account page, or email support@retireme.app.
  • Response timeline: We will respond to all data rights requests within 30 days.

Contact

Questions about this policy? Reach out at support@retireme.app.