Privacy Policy

This Privacy Policy explains how [Beacon - Financial Clarity Inc] ("Beacon," "we," "us," or "our") collects, uses, and protects information when you use Beacon, available at findyourbeacon.app and related services (the "Service").

Beacon is a private financial dashboard. We treat your data with discipline. We do not sell it, and we collect only what the Service needs to function.

1. Information We Collect

1.1 Information You Provide

When you create an account and use Beacon, you provide:

• Account credentials: email address and password, or Google account identifier if you sign in with Google OAuth.
• Profile information: name (optional) and display preferences.
• Financial inputs: account names, account types (cash, investment, debt), balances, growth rate assumptions, inflation rate assumptions, monthly contribution amounts, and historical balance snapshots.
• Configuration: target retirement income, financial independence target, withdrawal rate, currency preference, and other planning assumptions.

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Authentication and session data: session tokens, sign-in timestamps, and authentication events managed by our authentication provider (Supabase Auth).
• Technical data: IP address, browser type, operating system, device identifiers, and timestamps of requests.
• Usage data: pages viewed, features used, and error logs to maintain reliability.

1.3 Information We Do Not Collect

Beacon does not connect to your bank, brokerage, or any third-party financial institution. We do not collect, store, or have access to:

• Bank account numbers, credit card numbers, or routing numbers.
• Brokerage account credentials or login information for any financial institution.
• Social Security numbers, government identification numbers, or tax identifiers.
• Real-time transaction data from external accounts.

All financial data in Beacon is entered manually by you.

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service, including calculating projections, generating charts, and storing your snapshots.
• Authenticate you and maintain the security of your account.
• Communicate with you about your account, security alerts, and material changes to the Service.
• Diagnose technical issues and improve reliability and performance.
• Comply with legal obligations and enforce our Terms of Service.

We do not use your data to train machine learning models. We do not sell your data. We do not share your data for advertising purposes.

3. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)

If you are located in the European Economic Area, the United Kingdom, or a jurisdiction with similar requirements, we process your personal data on the following legal bases:

• Contract: to provide the Service you have requested.
• Legitimate interest: to secure, maintain, and improve the Service.
• Consent: where you have explicitly opted in (for example, optional communications).
• Legal obligation: where processing is required by law.

4. How We Share Your Information

We share information only in the limited circumstances below.

4.1 Service Providers

We use trusted third-party providers to operate the Service. These providers are bound by contractual obligations to protect your data and process it only on our instructions:

• Supabase: database hosting, authentication, and infrastructure.
• Google: OAuth authentication when you choose to sign in with Google.
• [INSERT HOSTING/CDN PROVIDER, e.g. Cloudflare, Vercel]: application hosting and delivery.
• [INSERT EMAIL PROVIDER, IF APPLICABLE]: transactional email delivery.

4.2 Legal Requirements

We may disclose information if required by law, court order, or valid government request, or to protect our rights, property, or safety, or that of our users or the public.

4.3 Business Transfers

If Beacon is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

5. Data Storage and Security

Your data is stored on infrastructure operated by Supabase, with database hosting in [INSERT REGION, e.g. North America].

We apply technical and organizational measures to protect your data, including:

• Encryption in transit (TLS) for all communication between your device and our servers.
• Encryption at rest for stored database content.
• Row-level security policies that restrict every record to its owning user.
• Authentication managed by an industry-standard provider with hashed and salted credentials.

No system is perfectly secure. We cannot guarantee absolute security, and you use the Service at your own risk.

6. Data Retention

We retain your account data for as long as your account remains active. When you delete your account, we delete your associated data, including accounts, snapshots, and settings, within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention or dispute resolution.

You can export your data at any time using the CSV export tool inside the Service.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your data.
• Portability: receive your data in a structured, machine-readable format.
• Objection or restriction: object to or restrict certain processing activities.
• Withdrawal of consent: withdraw consent where processing is based on consent.

You can exercise most of these rights directly in the Service: export your data via CSV, edit any field, or delete your account from the Profile screen. For other requests, contact us at the address in Section 12.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what personal information we collect and the right to non-discrimination for exercising your rights. We do not sell personal information.

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

8. International Data Transfers

Your data may be processed in countries other than your country of residence, including [INSERT COUNTRY OF PRIMARY HOSTING]. Where required, we use appropriate safeguards, such as Standard Contractual Clauses, to protect international transfers of personal data.

9. Cookies and Similar Technologies

Beacon uses cookies and similar technologies that are strictly necessary to operate the Service, including:

• Authentication cookies that keep you signed in.
• Session storage to maintain application state.

We do not use advertising cookies or third-party analytics cookies that track you across other websites.

10. Children

Beacon is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service before the changes take effect. The "Last updated" date at the top of this policy reflects the date of the most recent revision.

12. Contact

Questions about this Privacy Policy or your data can be sent to:

Beacon - Financial Clarity Inc.
Email: [email protected]

If you are in the EEA or UK and believe your rights have not been respected, you have the right to lodge a complaint with your local data protection authority.