Privacy Policy

1. What This Service Is

AI Financial Plan (“we,” “us,” “our”) provides a financial analysis platform for educational and informational purposes only. We are not a registered investment adviser, broker-dealer, or financial planner. Our analysis does not constitute investment advice or a recommendation to buy or sell any security.

2. Information We Collect

Account Information: When you create an account, we collect your email address. Your email is stored as a one-way cryptographic hash — we cannot read your plaintext email after account creation. Authentication is handled via secure magic links.

Financial Data: During onboarding, you provide financial information such as income, assets, debts, expenses, insurance coverage, and goals. This data is encrypted at rest using AES-256-GCM encryption.

What We Never Collect:

• Social Security numbers
• Bank account or routing numbers
• Brokerage account numbers or login credentials
• Credit card numbers (payments processed by Stripe)
• Full legal names (we use first name only for personalization)

3. How We Protect Your Data

• Encryption at rest: All financial data is encrypted using AES-256-GCM with application-level keys. Even if our database were compromised, your financial data remains encrypted.
• Encryption in transit: All communications use HTTPS/TLS. HSTS is enabled with preloading.
• Email hashing: Email addresses are stored as one-way hashes, not in plaintext.
• Payment security: All payment processing is handled by Stripe. We never store, process, or transmit credit card numbers.
• Access controls: Row-level security ensures users can only access their own data.
• No tracking: We do not sell your data to third parties. We do not use advertising trackers.

4. How We Use Your Data

Your financial data is used solely to:

• Run deterministic financial analysis engines (retirement, Social Security, tax strategy, etc.)
• Generate your personalized analysis report
• Power follow-up Q&A about your results
• Refresh your analysis annually (if subscribed)

We do not use your individual financial data for training AI models, advertising, or any purpose other than providing your personal analysis.

5. AI Processing

Our platform uses AI (Anthropic Claude) for two specific purposes:

• Conversational onboarding: AI helps guide you through data collection in natural language.
• Report explanation: AI generates plain-language explanations of your analysis results.

Importantly, the AI never generates financial numbers or projections. All calculations come from deterministic, auditable engines. The AI explains results — it does not create them.

6. Data Retention & Deletion

You can delete your account and all associated data at any time via the Settings page, or by contacting support@myaifinancialplan.com. Upon deletion, we will:

• Delete your encrypted financial data within 30 days
• Remove your email hash from our authentication system
• Cancel any active subscriptions
• Retain anonymized, aggregated analytics (not traceable to you)

California residents have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt-out of sale of personal information (we do not sell personal information). To exercise these rights, contact privacy@myaifinancialplan.com.

7. International Users

The Platform is currently available only to users located in the United States. Access to account creation, financial analysis tools, and platform services is restricted to users within the United States.

If you are located outside the United States, including in the European Economic Area, the United Kingdom, or Switzerland, you are not permitted to create an account or use the Platform's financial analysis services at this time.

We may expand the availability of the Platform to additional regions in the future. If you would like to be notified when the Platform becomes available in your region, please contact hello@myaifinancialplan.com.

8. Cookies & Tracking

We use only essential cookies required for authentication (session cookies). These cookies are:

• HttpOnly (not accessible to JavaScript)
• Secure (only transmitted over HTTPS)
• SameSite=Lax (protection against CSRF attacks)

We do not use analytics cookies, advertising cookies, or third-party tracking scripts.

9. Third-Party Services

• Stripe: Payment processing. Subject to Stripe's Privacy Policy.
• Anthropic: AI processing for onboarding conversation and report generation. Data is not retained by Anthropic for model training when using the API.
• Error logging: Technical error tracking stored on our own servers (captures technical errors only, never financial data).
• Resend: Magic link email delivery.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or by prominently posting a notice on our platform.

11. Contact

For privacy-related inquiries: privacy@myaifinancialplan.com