Privacy Policy

Effective date: March 2026  ·  Governing law: Ontario, Canada

RetirePlanner.ca ("we", "us", "our") is committed to protecting the personal information of its users in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law. This policy explains what information we collect, how we use it, who we share it with, and your rights regarding that information.

1. Information We Collect

We collect the following categories of personal information:

• Account information: Your email address, and — if you sign in with Google — your Google profile name and profile photo (avatar) as provided by Google OAuth.
• Retirement scenario data: Financial and personal data you enter into the planner, including (but not limited to) age, retirement age, province of residence, income sources, account balances, expenses, and estate information.
• Usage data: Aggregated, anonymised analytics about how the application is used (pages visited, features used). No personally identifiable information is included in analytics data.
• Payment information: If you subscribe to a paid plan, your payment is processed by Stripe. We do not store credit card numbers or full payment card data on our servers. We retain only your Stripe customer ID and subscription status.

We do not collect sensitive personal information such as SIN, health information, or government IDs.

2. How We Use Your Information

• To create and maintain your account and authenticate your identity.
• To save, retrieve, and display your retirement scenarios.
• To process subscription payments and manage your billing.
• To send you transactional emails (account confirmation, password reset, billing receipts).
• To monitor application errors and maintain service reliability.
• To improve the application based on anonymised usage patterns.

We do not sell, rent, or trade your personal information to any third party. We do not use your data for advertising.

3. Data Storage and Location

Your personal information is stored in a Supabase database hosted in Canada (Toronto region, ca-central-1). Your data never leaves Canada. Supabase infrastructure in the ca-central-1 region is governed by Canadian data residency requirements.

We have selected Canadian data hosting specifically to ensure compliance with PIPEDA and to meet the reasonable expectations of Canadian users that their personal financial data remains in Canada.

4. Third-Party Service Providers

We use the following service providers to operate RetirePlanner.ca. Each provider processes only the data necessary to perform their service:

• Supabase (supabase.com) — Database and authentication infrastructure. Stores account data and retirement scenarios. Data hosted in Canada (ca-central-1). Supabase Privacy Policy.
• Stripe (stripe.com) — Payment processing for premium subscriptions. Stripe collects and processes payment card data on our behalf under PCI-DSS standards. We never see or store full card numbers. Stripe Privacy Policy.
• Google (google.com) — OAuth authentication ("Sign in with Google"). If you use Google sign-in, Google provides your email address, name, and profile photo to us. We do not receive your Google password. Google Privacy Policy.
• Resend (resend.com) — Transactional email delivery (account confirmations, billing receipts). Resend processes your email address to deliver messages on our behalf. Resend Privacy Policy.
• Plausible Analytics (plausible.io) — Website usage analytics. Plausible is cookieless and privacy-friendly — it does not use cookies, does not track individuals across sessions, and does not collect personally identifiable information. No cookie consent banner is required. Plausible Privacy Policy.
• Sentry (sentry.io) — Application error monitoring. Sentry captures technical error data (stack traces, browser/OS version) to help us diagnose bugs. We have configured Sentry to scrub personally identifiable information — no financial data, email addresses, or user-provided content is captured in error reports. Sentry Privacy Policy.

We do not authorise any of these providers to use your data for their own purposes beyond performing the services described above.

5. Cookies

RetirePlanner.ca uses only functional cookies necessary to maintain your authenticated session (Supabase authentication token). We do not use advertising cookies, tracking pixels, or third-party behavioural analytics cookies. Our analytics provider (Plausible) operates without cookies.

6. Data Retention

We retain your personal information and retirement scenarios for as long as your account is active. If your account is inactive for more than 24 months and you have no active subscription, we will notify you by email at least 30 days before deleting your data, giving you the opportunity to log in and reactivate your account.

When your account is deleted (by you or by us), all associated data — including your retirement scenarios, account profile, and subscription records — is permanently deleted from our database. Backups are purged on a rolling 30-day cycle.

7. Your Rights Under PIPEDA

As a Canadian user, you have the following rights regarding your personal information:

• Right of access: You may request a copy of the personal information we hold about you.
• Right to correction: You may request that inaccurate information be corrected.
• Right to deletion: You may request that your account and all associated data be permanently deleted.
• Right to withdraw consent: You may withdraw consent to data collection at any time, understanding that this may require account closure.

To exercise any of these rights, email us at hello@retireplanner.ca with the subject line "Privacy Request". We will respond within 30 days.

8. Account Deletion

You can delete your account at any time from your account settings. Deleting your account permanently removes all your retirement scenarios and personal information from our database. Active subscriptions are cancelled automatically upon account deletion. We do not offer refunds for any remaining portion of a billing period already charged.

You may also request deletion by emailing hello@retireplanner.ca.

9. Security

We implement industry-standard security measures to protect your personal information, including encrypted connections (TLS/HTTPS) for all data in transit, row-level security policies in our database (users can only access their own data), and authentication through Supabase's hardened auth infrastructure.

No method of electronic transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

10. Data Breach Notification

In the event of a security breach involving your personal information that poses a real risk of significant harm, we will: (a) notify affected users by email as soon as feasible, describing the nature of the breach, the data involved, and steps we are taking to mitigate the risk; and (b) report the breach to the Office of the Privacy Commissioner of Canada, in accordance with PIPEDA's mandatory breach notification requirements (Division 1.1). We maintain an internal breach response procedure and log all incidents regardless of severity.

11. Children's Privacy

RetirePlanner.ca is intended for adults aged 18 and older. We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided us with personal information, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the effective date above. Continued use of the service after changes take effect constitutes your acceptance of the updated policy.

13. Governing Law

This Privacy Policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. Any disputes shall be resolved in the courts of Ontario, Canada.