Privacy Policy

1. What This Service Is

AI Financial Plan (“we,” “us,” “our”) provides a financial analysis platform for educational and informational purposes only. We are not a registered investment adviser, broker-dealer, or financial planner. Our analysis does not constitute investment advice or a recommendation to buy or sell any security.

2. Information We Collect

Account Information: When you create an account, we collect your email address. Your email is stored as a one-way cryptographic hash — we cannot read your plaintext email after account creation. Authentication is handled via secure magic links.

Financial Data: During onboarding, you provide financial information such as income, assets, debts, expenses, insurance coverage, and goals. This data is encrypted at rest using AES-256-GCM encryption.

What We Never Collect:

• Social Security numbers
• Bank account or routing numbers
• Brokerage account numbers or login credentials
• Credit card numbers (payments processed by Stripe)
• Full legal names (we use first name only for personalization)

3. How We Protect Your Data

• Encryption at rest: All financial data is encrypted using AES-256-GCM with application-level keys. Even if our database were compromised, your financial data remains encrypted.
• Encryption in transit: All communications use HTTPS/TLS. HSTS is enabled with preloading.
• Email hashing: Email addresses are stored as one-way hashes, not in plaintext.
• Payment security: All payment processing is handled by Stripe. We never store, process, or transmit credit card numbers.
• Access controls: Row-level security ensures users can only access their own data.
• No tracking: We do not sell your data to third parties. We do not use advertising trackers.

4. How We Use Your Data

Your financial data is used solely to:

• Run deterministic financial analysis engines (retirement, Social Security, tax strategy, etc.)
• Generate your personalized analysis report
• Power follow-up Q&A about your results
• Refresh your analysis annually (if subscribed)

We do not use your individual financial data for training AI models, advertising, or any purpose other than providing your personal analysis.

5. AI Processing

Our platform uses AI (Anthropic Claude) for two specific purposes:

• Conversational onboarding: AI helps guide you through data collection in natural language.
• Report explanation: AI generates plain-language explanations of your analysis results.

Importantly, the AI never generates financial numbers or projections. All calculations come from deterministic, auditable engines. The AI explains results — it does not create them.

6. Data Retention & Deletion

You can request deletion of your account and all associated data at any time by contacting support@myaifinancialplan.com. Upon deletion request, we will:

• Delete your encrypted financial data within 30 days
• Remove your email hash from our authentication system
• Cancel any active subscriptions
• Retain anonymized, aggregated analytics (not traceable to you)

7. Your Rights (GDPR / CCPA)

Regardless of where you are located, you have the right to:

• Access: Request a copy of all data we hold about you
• Correction: Update or correct your financial data at any time through the platform
• Deletion: Request complete deletion of your account and data
• Portability: Download your analysis report as a PDF
• Opt out: You may close your account at any time

To exercise any of these rights, contact us at privacy@myaifinancialplan.com.

8. Cookies & Tracking

We use only essential cookies required for authentication (session cookies). These cookies are:

• HttpOnly (not accessible to JavaScript)
• Secure (only transmitted over HTTPS)
• SameSite=Lax (protection against CSRF attacks)

We do not use analytics cookies, advertising cookies, or third-party tracking scripts.

9. Third-Party Services

• Stripe: Payment processing. Subject to Stripe's Privacy Policy.
• Anthropic: AI processing for onboarding conversation and report generation. Data is not retained by Anthropic for model training when using the API.
• Sentry: Error tracking (captures technical errors only, never financial data).
• Resend: Magic link email delivery.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or by prominently posting a notice on our platform.

11. Contact

For privacy-related inquiries: privacy@myaifinancialplan.com