Privacy Policy

RetireMynt (“RetireMynt,” “we,” “us,” or “our”) provides a retirement, cash management, and budgeting platform available at retiremynt.app (the “Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it.

RetireMynt is a financial planning tool. It is not a bank, broker-dealer, investment adviser, or tax preparer, and it does not provide investment, tax, legal, or financial advice.

Information you provide

• Account details: name, email address, password (hashed), and authentication identifiers (e.g., Google sign-in).
• Profile and planning inputs: age, employment status, household, dependents, risk tolerance, goals, real estate, expected expenses, and notes.
• Communications you send us, including support requests and feedback.

Financial data via Plaid

When you connect a bank, brokerage, or credit account, we use Plaid Inc. to securely link to your financial institution. Plaid collects the credentials you enter, and returns to us only:

• Account metadata (institution, account name, type, mask, balances).
• Transaction history (amounts, dates, merchants, categories, locations as provided by your institution).
• Identity attributes (name, addresses, phone, email on the account).
• Investment holdings and securities, where you connect those accounts.

We never see or store your bank credentials. Your use of Plaid is governed by Plaid’s End User Privacy Policy.

Automatically collected

• Device and usage data: IP address, browser, OS, pages viewed, referring URLs, timestamps, and crash diagnostics.
• Cookies and similar technologies used to keep you signed in, remember preferences, and measure aggregate product usage.

• Provide, operate, secure, and improve the Service.
• Build your personalized retirement model, cash flow view, and budget analytics.
• Authenticate you and protect against fraud, abuse, and unauthorized access.
• Send transactional messages (e.g., security alerts, account notices).
• Generate AI-powered insights you request, using de-identified or user-scoped data sent to model providers under contract.
• Comply with legal obligations and enforce our Terms.

We do not sell your personal information, and we do not use your financial transactions for cross-context behavioral advertising.

We share information only with:

• Service providers that host, secure, or operate the Service under written contracts limiting their use of your data — including Supabase (database & auth), Cloudflare (edge hosting), Plaid (financial account connectivity), and AI model providers (OpenAI, Google) for features you invoke.
• Authorities when required by law, subpoena, or to protect the rights, safety, or property of RetireMynt or others.
• Successors in connection with a merger, acquisition, or sale of assets, subject to this Policy.
• With your consent, including any account exports you initiate.

• TLS 1.2+ encryption in transit; AES-256 at rest.
• Row-level security policies isolating each user’s records.
• Least-privilege access controls and audit logging for staff.
• Secrets stored in a managed vault; credentials are never logged.
• Continuous vulnerability scanning and dependency monitoring.

No method of transmission or storage is 100% secure. Please use a strong, unique password and enable provider-side two-factor authentication.

We retain your account and planning data for as long as your account is active. When you delete your account, we delete or de-identify your personal data within 30 days, except where retention is required for legal, accounting, security, or fraud-prevention purposes. Backups are purged on our rolling retention schedule (currently 35 days).

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing. California residents have additional rights under the CCPA/CPRA, including the right to know and to delete. EU/UK residents have rights under GDPR/UK GDPR. To exercise any right, email privacy@retiremynt.app. We will respond within the timeframe required by applicable law.

You can disconnect a linked institution at any time from the Vault page. Disconnecting stops new transaction sync; you can also delete previously synced data from your account settings.

The Service is not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

RetireMynt is operated from the United States. If you access the Service from outside the U.S., you understand that your information will be transferred to, processed, and stored in the U.S. and other countries where our service providers operate, with appropriate safeguards (e.g., Standard Contractual Clauses) where required.

We may update this Policy from time to time. Material changes will be communicated by email or in-app notice at least 14 days before they take effect. The “Effective” date above reflects the current version.

Privacy questions or requests: privacy@retiremynt.app
General support: support@retiremynt.app