RetireArcBeta

Privacy Policy

Last updated: February 8, 2026

RetireArc is a product of [YOUR LLC NAME], a Texas limited liability company ("Company," "we," "our," or "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our retirement planning software platform.

1. Beta Program Notice

RetireArc is currently in private beta. During the Beta Period, our data practices, features, and third-party service providers may evolve. We will update this Privacy Policy to reflect any material changes and notify you accordingly. Your participation in the beta constitutes acceptance of this Privacy Policy as it exists at the time of use.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account.
  • Financial Information: Assets, liabilities, income sources, retirement accounts, investment holdings, Social Security information, tax information, and financial goals you enter into the platform.
  • Household Information: Information about household members, dependents, ages, and employment status.
  • Payment Information: For advisors subscribing to paid plans, billing information is processed securely through Stripe. We do not store your full credit card number on our servers.
  • Professional Information: For advisors, business name, credentials, firm affiliations, and client relationships.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, and interactions with the platform.
  • Device Information: Browser type, operating system, and device identifiers.
  • Log Data: IP addresses, access times, referring URLs, and action types (used for audit logging and security).

2.3 Information from Third Parties

  • Plaid: If you choose to link financial accounts, Plaid securely retrieves account balances, holdings, and transaction data. Plaid's collection and use of your data is governed by Plaid's End User Privacy Policy (plaid.com/legal). We encourage you to review it before linking your accounts.
  • Advisors (Demo Mode): If you are a prospective client, your advisor may have entered initial information about you during a demo session before you created an account. This data is subject to this Privacy Policy. If you do not create an account, demo session data is automatically deleted after 90 days.

3. How We Use Your Information

  • Provide Services: Generate retirement projections, gap analysis, Social Security optimization, Roth conversion analysis, and other financial planning tools.
  • AI-Powered Features: Process your financial data through our AI provider (Anthropic's Claude API) to generate meeting preparation briefs, copilot assistance, and planning insights. See Section 4 for details.
  • Advisor-Client Relationship: Enable advisors you've authorized to view your financial data and provide guidance.
  • Process Payments: Handle subscription billing through Stripe.
  • Improve Services: Analyze aggregate, de-identified usage patterns to enhance features and user experience.
  • Communications: Send account-related emails (e.g., security alerts, billing receipts) and, with your consent, product updates.
  • Compliance and Security: Maintain audit logs for advisor compliance requirements, detect and prevent fraud, and protect the security of the platform.

4. AI Data Processing

This section provides transparency about how your data is used in connection with our AI-powered features.

4.1 What Data Is Processed

When you or your advisor uses AI features (such as meeting prep briefs, AI copilot, or gap insights), relevant financial data from your account — such as asset summaries, income figures, retirement goals, and planning parameters — is sent to Anthropic's Claude API for processing.

4.2 How Data Is Processed

  • Data is sent to Anthropic via their API in real time and is used solely to generate the requested output (e.g., a meeting brief or insight).
  • Anthropic does not use data submitted through their API to train their AI models.
  • AI outputs are not stored by Anthropic after the response is generated.
  • We may store AI-generated outputs (such as meeting prep briefs) in your account for your convenience.

4.3 AI Limitations

AI-generated content may contain errors or inaccuracies. AI outputs do not constitute financial, tax, legal, or investment advice. You and your advisor are responsible for reviewing and verifying AI-generated content.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Your Authorized Advisor: Clients grant read access to their household data to advisors they've connected with. You can revoke this access at any time.
  • Service Providers: We use the following third-party services to operate RetireArc:
    • Supabase — Database hosting and authentication
    • Stripe — Payment processing
    • Plaid — Financial account linking (if enabled by you)
    • Anthropic — AI features via Claude API
    • Resend — Transactional emails

    Each service provider processes data only as necessary to provide their specific service and is subject to their own privacy policies and data processing terms.

  • Legal Requirements: When required by law, court order, subpoena, or to protect our legal rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. Advisor Data Responsibilities

If you are a financial advisor using RetireArc, you act as a data controller with respect to the client data you enter and manage. RetireArc acts as a data processor on your behalf. You are responsible for:

  • Obtaining appropriate consent from your clients and prospects before entering their data into RetireArc.
  • Complying with all applicable privacy and data protection laws, including GLBA, state privacy laws, and any regulations governing your practice.
  • Ensuring that your use of client data within RetireArc is consistent with any privacy notices you have provided to your clients.

Enterprise plan subscribers may request a Data Processing Agreement (DPA) by contacting support@retirearc.com.

7. Data Security

We implement industry-standard security measures including:

  • Encryption of all data in transit (TLS/HTTPS) and at rest (AES-256).
  • Row-level security in our database ensuring users can only access their own data.
  • Secure authentication through Supabase Auth with support for multi-factor authentication.
  • Regular security reviews, dependency updates, and vulnerability assessments.
  • Advisor audit logging with timestamps, IP addresses, and action types for compliance tracking.
  • Encryption keys managed separately from database storage.

While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

8. Data Breach Notification

In the event of a data breach that compromises your personal or financial information, we will:

  • Notify affected users by email within 72 hours of discovering the breach (or sooner if required by applicable law).
  • Provide a description of the nature of the breach, the types of data affected, and the steps we are taking in response.
  • Notify relevant regulatory authorities as required by applicable state and federal laws.
  • Provide guidance on steps you can take to protect yourself.

9. Data Retention

  • Active Accounts: We retain your data for as long as your account is active.
  • Financial Snapshots: Historical snapshots are retained for tracking and planning purposes while your account is active.
  • Demo Session Data: Data entered by advisors in Demo Mode for prospects who do not create accounts is automatically deleted after 90 days.
  • Account Deletion: When you request account deletion, we will delete your personal and financial data within 30 days. Certain data may be retained in encrypted backups for up to 90 additional days before being purged.
  • Audit Logs: Audit logs for advisor compliance may be retained for up to 7 years after account termination, as required by financial regulations.
  • Aggregated Data: De-identified, aggregated data that cannot be used to identify you may be retained indefinitely for analytics and product improvement.

10. Your Rights and Choices

  • Access: View and export your financial data at any time.
  • Correction: Update your information through your account settings.
  • Deletion: Request deletion of your account and data by contacting support@retirearc.com or through your account settings.
  • Advisor Access: Revoke advisor access to your data at any time through your account settings.
  • Marketing: Opt out of promotional communications via the unsubscribe link in any marketing email.
  • Data Portability: Request a copy of your data in a machine-readable format.

11. State Privacy Rights

11.1 California (CCPA/CPRA)

California residents have additional rights including the right to know what personal information is collected, the categories of sources, the business purpose for collection, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact support@retirearc.com.

11.2 Other State Privacy Laws

Residents of Colorado, Connecticut, Virginia, Texas, and other states with comprehensive privacy laws may have similar rights, including the right to access, correct, delete, and obtain a copy of their personal data, and the right to opt out of targeted advertising. We do not engage in targeted advertising based on your personal data. To exercise your rights under any applicable state law, contact support@retirearc.com. We will respond to verified requests within the timeframe required by applicable law (typically 45 days).

12. Financial Data and Regulatory Compliance

RetireArc is a technology platform and does not provide financial advice. However, because we store sensitive financial data, we are committed to meeting or exceeding relevant security and privacy standards:

  • Our infrastructure uses encryption at rest and in transit consistent with SOC 2 requirements.
  • We maintain audit logs and access controls consistent with fiduciary compliance needs.
  • Advisors using RetireArc remain responsible for their own GLBA, SEC, FINRA, and state regulatory compliance obligations. RetireArc serves as a tool to support — not replace — those obligations.

13. Children's Privacy

RetireArc is not intended for users under 18 years of age. We do not knowingly collect personal information from children. Dependent information entered by parents or guardians is limited to planning purposes (e.g., college funding goals, household projections) and is stored as part of the parent's or guardian's account.

14. International Users

RetireArc is operated from the United States and designed for U.S.-based financial planning. If you access the platform from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States. By using RetireArc, you consent to this transfer.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform at least 15 days before they take effect. Your continued use after the effective date constitutes acceptance of the updated policy. The "Last updated" date at the top of this policy indicates the most recent revision.

16. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise any of your rights, please contact us at:

Email: support@retirearc.com

We aim to respond to all inquiries within 5 business days.

© 2026 [YOUR LLC NAME] d/b/a RetireArc. All rights reserved.