Privacy Policy
1. Introduction
Welcome to RetireRoot ("we", "us", "our", or "Company"). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the RetireRoot mobile application (the "App" or "Service").
By using RetireRoot, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the App.
2. Information We Collect
We collect several types of information to provide and improve our Service:
2.1 Information You Provide Directly
When you create an account and use RetireRoot, you voluntarily provide:
| Data Type | Examples | Collection |
|---|---|---|
| Account Information | Email address, password, first name, last name, username | Required |
| Profile Information | Full name, current age, retirement age | Optional |
| Financial Data | Current savings, monthly contribution, monthly income, annual expenses, expected return rate, inflation rate | Optional |
| Goals & Expenses | Financial goals (title, target amount, due date), expense tracking (amount, category, date, notes) | Optional |
| F.I.R.E. Planning Data | F.I.R.E. type (Classic, Lean, Fat, Coast, Barista, Semi), annual spending, safe withdrawal rate, target age, part-time income projections | Optional |
| Assessment Responses | Answers to retirement readiness questionnaire, calculated scores, recommended strategies | Optional |
| Progress Tracking | Wealth roadmap step completion, flashcard progress, habit notes, form field data | Optional |
| Collaboration Data | Shared item titles, descriptions, collaborator email addresses, permission levels (Premium feature) | Optional |
| Notification Preferences | Reminder frequency (daily, weekly, monthly, quarterly, yearly), custom reminder times, enabled/disabled status | Optional |
2.2 Information Collected Automatically
When you use the App, we automatically collect certain information:
| Data Type | Examples | Purpose |
|---|---|---|
| Device Information | Device model, operating system (iOS/Android), app version, device ID | App functionality, troubleshooting |
| Usage Data | Features accessed, screens viewed, time spent in app, interaction patterns | Improve user experience, analytics |
| Log Data | Error logs, crash reports, performance metrics | Bug fixes, app stability |
| Authentication Data | Session tokens, login timestamps, authentication status | Security, account access |
2.3 Information from Third-Party Services
We integrate with the following third-party services that may collect data:
- Supabase: Database and authentication provider (stores all user data securely)
- Google Mobile Ads (AdMob): Advertising platform for free tier users (collects advertising ID, device info for personalized ads)
- Expo: Development platform (collects app usage analytics, crash reports, update delivery)
- Apple App Store / Google Play Store: Payment processing for Premium subscriptions (transaction data, purchase history)
3. How We Use Your Information
We use the collected information for the following purposes:
3.1 Core App Functionality
- Account Management: Create and maintain your account, authenticate your identity
- Financial Calculations: Perform retirement projections, F.I.R.E. planning calculations, savings rate analysis
- Progress Tracking: Save and display your wealth roadmap progress, goal completion, expense history
- Educational Content: Track flashcard completion, provide personalized learning recommendations
- Collaboration (Premium): Enable data sharing with invited collaborators, manage permissions
3.2 Communication
- Push Notifications: Send F.I.R.E. plan reminders, goal deadlines, habit reminders, roadmap step notifications (with your permission)
- Email Notifications: Send collaboration invitations to non-users, account-related communications
- Service Updates: Notify you of app updates, new features, policy changes
3.3 Service Improvement
- Analytics: Understand how users interact with the App, identify popular features
- Bug Fixes: Diagnose and resolve technical issues, improve app stability
- Feature Development: Develop new features based on user needs and usage patterns
3.4 Advertising (Free Tier Only)
- Ad Display: Show relevant banner and interstitial ads to free tier users
- Ad Personalization: Google AdMob may use device information to personalize ads
3.5 Legal and Security
- Fraud Prevention: Detect and prevent fraudulent activity, unauthorized access
- Legal Compliance: Comply with applicable laws, regulations, legal processes
- Terms Enforcement: Enforce our Terms of Use and other policies
4. Data Storage and Security
🔐 Security Measures
We implement industry-standard security measures to protect your data:
4.1 Data Storage
- Database: All user data is stored in Supabase (PostgreSQL database) with encryption at rest
- Authentication: Passwords are hashed using bcrypt; we never store plain-text passwords
- Local Storage: Some preferences (theme mode, notification settings) are stored locally on your device using AsyncStorage
- Session Management: Authentication tokens are securely stored and automatically refreshed
4.2 Security Practices
- Encryption: Data transmission uses HTTPS/TLS encryption
- Access Control: Row-level security (RLS) policies ensure users can only access their own data
- Collaboration Security: Permission-based access control for shared data (viewer, editor, admin roles)
- Regular Updates: We regularly update dependencies and security patches
4.3 Data Retention
- Active Accounts: Data is retained as long as your account is active
- Deleted Accounts: Upon account deletion, personal and financial data is permanently deleted within 30 days
- Legal Requirements: Some data may be retained longer if required by law or for legitimate business purposes
- Backup Data: Backup copies are deleted according to our backup retention schedule (typically 30-90 days)
5. Data Sharing and Disclosure
We do not sell your personal or financial data to third parties.
5.1 When We Share Data
We may share your information only in the following circumstances:
- With Your Consent: When you explicitly share data through collaboration features (Premium)
- Service Providers: With trusted third-party services that help us operate the App:
- Supabase (database and authentication)
- Google AdMob (advertising for free users)
- Expo (app updates and analytics)
- Email service providers (for collaboration invitations)
- Legal Requirements: When required by law, court order, or government request
- Safety and Security: To protect the rights, property, or safety of RetireRoot, our users, or the public
- Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
5.2 Collaboration Features (Premium)
When you use Premium collaboration features:
- You can invite others to view or edit your financial data
- Invited collaborators can see the data you explicitly share with them
- You control permission levels (viewer, editor, admin)
- You can revoke access at any time
- Collaborators' actions are logged for transparency
5.3 Third-Party Links
The App contains links to third-party websites (InvestEdu PM, FinCollabs). We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any information.
6. Your Privacy Rights
You have the following rights regarding your personal data:
6.1 Access and Portability
- View Your Data: Access all your personal and financial data through the Profile screen
- Export Data: Request a copy of your data in a portable format (contact support)
6.2 Correction and Update
- Edit Profile: Update your personal information, financial data, and preferences at any time
- Correct Errors: Fix any inaccurate or incomplete information
6.3 Deletion
- Delete Account: Permanently delete your account and all associated data through Profile → Delete Account
- Delete Specific Data: Remove individual goals, expenses, or other data items
- Deletion Timeline: Data is permanently deleted within 30 days of account deletion request
6.4 Opt-Out Rights
- Push Notifications: Disable notifications in device settings or within the App
- Email Communications: Unsubscribe from marketing emails (account-related emails may still be sent)
- Personalized Ads: Opt out of personalized advertising through device settings (iOS: Limit Ad Tracking, Android: Opt out of Ads Personalization)
6.5 Regional Privacy Rights
Depending on your location, you may have additional rights:
- GDPR (EU/EEA): Right to data portability, right to object to processing, right to restrict processing
- CCPA (California): Right to know what data is collected, right to delete, right to opt-out of sale (we don't sell data)
- Other Jurisdictions: Rights as provided by applicable local laws
7. Children's Privacy
RetireRoot is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.
If we discover that we have collected information from a child under 18, we will promptly delete that information. If you believe we have collected information from a child, please contact us immediately.
8. Cookies and Tracking Technologies
RetireRoot uses the following tracking technologies:
8.1 Local Storage
- AsyncStorage: Stores app preferences (theme mode, notification settings) locally on your device
- Authentication Tokens: Securely stores session tokens for automatic login
8.2 Analytics
- Expo Analytics: Collects anonymous usage data to improve the App
- Crash Reporting: Automatically sends crash reports to help us fix bugs
8.3 Advertising (Free Tier)
- Google AdMob: Uses advertising ID and device information to serve personalized ads
- Ad Tracking: You can opt out of personalized ads in your device settings
9. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.
When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard contractual clauses approved by regulatory authorities
- Compliance with applicable data protection frameworks
- Encryption during transmission and storage
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
10.1 Notification of Changes
- We will update the "Last Updated" date at the top of this policy
- Material changes will be communicated through the App or via email
- Continued use of the App after changes constitutes acceptance of the updated policy
10.2 Review Regularly
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
11. Data Breach Notification
In the unlikely event of a data breach that affects your personal information:
- We will notify affected users within 72 hours of discovering the breach
- Notification will include the nature of the breach, data affected, and steps we're taking
- We will provide guidance on how to protect yourself
- We will comply with all applicable data breach notification laws
12. Third-Party Services Privacy
Our third-party service providers have their own privacy policies:
- Supabase: https://supabase.com/privacy
- Google AdMob: https://policies.google.com/privacy
- Expo: https://expo.dev/privacy
- Apple: https://www.apple.com/privacy/
- Google Play: https://policies.google.com/privacy
13. California Privacy Rights (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):
13.1 Right to Know
- Categories of personal information we collect
- Sources from which we collect information
- Business purposes for collecting information
- Categories of third parties with whom we share information
13.2 Right to Delete
You can request deletion of your personal information, subject to certain exceptions.
13.3 Right to Opt-Out
We do not sell personal information. If our practices change, we will update this policy and provide an opt-out mechanism.
13.4 Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
14. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
14.1 Legal Basis for Processing
- Contract Performance: Processing necessary to provide the Service
- Consent: You have given explicit consent for specific purposes
- Legitimate Interests: Processing necessary for our legitimate business interests
- Legal Obligation: Processing required by law
14.2 Your GDPR Rights
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
15. Contact Us
📧 Privacy Questions or Concerns?
If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:
- Email: privacy@retireroot.com
- Support Email: info@investedu-pm.com
- App: Profile → Settings → Contact Support
- Website: https://retireroot.vercel.app
Response Time: We will respond to privacy inquiries within 30 days.
16. Data Protection Officer
For GDPR-related inquiries, you can contact our Data Protection Officer:
- Email: dpo@retireroot.com
- Subject Line: "GDPR Privacy Request"
17. Consent
By using RetireRoot, you consent to:
- The collection and use of information as described in this Privacy Policy
- The transfer of your data to third-party service providers
- The use of cookies and tracking technologies
- Receiving service-related communications
You can withdraw your consent at any time by deleting your account or contacting us.