1. Who We Are

RetiroAI ("we", "us", "our") is a retirement planning tool that helps users project and plan their financial future. We are committed to protecting your privacy and handling your data transparently.

Data Controller:

RetiroAI Ltd

Ireland

Contact: privacy@retiroai.com

For GDPR requests, please email with subject line: "GDPR Request"

2. What Data We Collect

We collect only the data necessary to provide our service:

Account Information

Email address - For authentication and communication
Password - Securely hashed, never stored in plain text
Profile preferences - Country, currency, household type

Financial Data You Provide

Assets - Savings, investments, property values
Liabilities - Mortgages, loans, debts
Income - Salary, rental income, pensions
Expenses - Monthly spending estimates
Retirement goals - Target age, lifestyle preferences

✅ We do NOT collect: Bank account numbers, credit card details, government ID numbers, or any information that could be used for identity theft.

Technical Data

IP address - For security and fraud prevention
Browser type - For compatibility and debugging
Device information - Screen size, operating system
Usage patterns - Pages visited, features used (anonymized)

3. How We Use Your Data

We use your data only for the following purposes:

Purpose	Legal Basis (GDPR)
Provide retirement projections	Contract fulfillment
Send account notifications	Contract fulfillment
Process payments (if subscribed)	Contract fulfillment
Send marketing emails	Consent (you can opt out)
Improve our service	Legitimate interest
Prevent fraud and abuse	Legitimate interest

4. Who We Share Data With

We share your data only with trusted service providers who help us operate:

Provider	Purpose	Location
Supabase	Database & authentication	EU (Ireland)
Vercel	Website hosting	Global (edge)
Stripe	Payment processing	US (GDPR compliant)
AI Providers (OpenAI, Anthropic, Groq)	AI features (chat, insights)	US (GDPR compliant via DPA)
Resend	Email delivery	US (GDPR compliant)

We do NOT sell your data to third parties. We do not share your financial data with advertisers, data brokers, or any other commercial entities.

5. AI Features & Your Data

When you use AI features (chat, insights, scenarios), your queries and relevant financial data are sent to AI providers to generate responses. This data:

Is transmitted securely (encrypted in transit)
Is NOT used to train AI models (per our provider agreements)
Is NOT stored by AI providers beyond the request/response cycle
Is processed only to provide you with insights

6. How Long We Keep Your Data

Data Type	Retention Period
Account & financial data	Until you delete your account
Payment records	7 years (legal requirement)
Server logs	30 days
Analytics (anonymized)	2 years

7. Your Rights (GDPR & Global)

You have the following rights regarding your personal data:

🔍 Right to Access

Request a copy of all data we hold about you. Available in Settings → Export Data.

✏️ Right to Rectification

Correct any inaccurate data. Edit directly in the app or contact us.

🗑️ Right to Erasure

Delete your account and all associated data. Available in Settings → Delete Account.

📦 Right to Data Portability

Download your data in a machine-readable format (JSON). Available in Settings → Export Data.

🚫 Right to Object

Opt out of marketing emails at any time via the unsubscribe link or Settings.

⏸️ Right to Restrict Processing

Request we limit how we use your data. Contact us at support@retiroai.com.

To exercise any of these rights, visit your Settings page or email us at support@retiroai.com. We will respond within 30 days.

8. Cookies

We use cookies to provide and improve our service:

Cookie Type	Purpose	Required?
Authentication	Keep you logged in	Yes (essential)
Preferences	Remember your settings	Yes (functional)
Analytics	Understand usage patterns	No (optional)

You can manage cookie preferences in your browser settings. Disabling essential cookies may prevent you from using the service.

9. Data Security

We implement industry-standard security measures:

Encryption in transit - All data transmitted via HTTPS/TLS
Encryption at rest - Database encrypted with AES-256
Password hashing - Using bcrypt with salt
Row-Level Security - Database policies ensure you only access your data
Regular audits - We monitor for security vulnerabilities
Bot protection - Cloudflare Turnstile prevents automated attacks

10. International Transfers

Your data is primarily stored in the EU (Ireland). When data is transferred to the US (for AI processing, payments), we ensure adequate protection through:

EU-US Data Privacy Framework certification
Standard Contractual Clauses (SCCs)
Provider-specific data processing agreements

11. Children's Privacy

RetiroAI is not intended for users under 18 years of age. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

13. Contact & Complaints

For privacy-related questions or to exercise your rights:

Email: support@retiroai.com
Response time: Within 30 days

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority. In Ireland, this is the Data Protection Commission.

14. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to opt out of sale of personal information
Right to non-discrimination for exercising your rights

✅ We do NOT sell your personal information. We never have and never will.