Privacy Policy

1.Information We Collect

Account Information

When you register, we collect your email address and a hashed password via Supabase Auth. We do not store plain-text passwords. You may optionally provide a display name.

Financial Data

To provide the Service, we store the household financial data you enter, including:

• Income sources (title, amount, pay cadence, next payday)
• Recurring obligations (bills, rent, subscriptions, utilities)
• Debt accounts (balance, APR, minimum payment, payoff priority)
• Budget allocations and zero-based budget entries

This data is stored in our Supabase-backed database and associated with your authenticated user account. We do not collect or store bank credentials, account numbers, or direct bank connections.

Billing Information

Subscription payments are processed by Stripe. We do not store your credit card number, CVV, or full payment card data on our servers. Stripe provides us with a tokenized reference and your subscription status.

Usage and Technical Data

• Error reports and stack traces (via Sentry), used to diagnose bugs
• General usage patterns (page visits, feature interactions)
• IP address and browser/device type for security and fraud prevention

Analytics & Cookies

We use Google Analytics 4 (GA4) via Google Consent Mode v2 to understand how people find and use RealiPlan. GA4 collects aggregated information like page views, approximate location (country/region, not precise), device and browser type, and where you came from (referrer). IP addresses are anonymized by default, and we do not use GA4 for advertising or retargeting.

The first time you visit, a consent banner asks whether to turn analytics on. If you decline, GA4 is never loaded and nothing is sent to Google. You can revoke analytics consent at any time by clicking the Cookie preferences link in the site footer, which will reopen the consent banner. See Google's privacy practices at policies.google.com/privacy.

2.How We Use Your Information

• Provide, operate, and maintain the RealiPlan budgeting and debt-payoff service
• Authenticate your identity and protect your account
• Process subscription payments and manage your billing status
• Send transactional emails (confirmations, password resets, billing receipts) via Resend
• Generate AI-powered budget recommendations (your financial data is transmitted to Anthropic only when you explicitly request an AI recommendation)
• Monitor and improve service reliability using Sentry error data
• Respond to support requests and communicate with you about the Service
• Comply with applicable legal obligations

We do not sell, rent, or trade your personal or financial data to third parties for marketing or advertising purposes.

3.Third-Party Services

We rely on the following trusted third-party services to operate RealiPlan. A current list is also available on our Subprocessors page.

4.Data Retention

We retain your account and financial data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain records for legal or tax purposes (typically no more than 7 years for financial records). Anonymized data may be retained indefinitely for service improvement.

5.Your Rights and Choices

To exercise any of these rights, contact us at <privacyEmail/>. We will verify your identity via your account email before processing the request and will respond within 30 days (or 45 days for California residents, see Section 6).

6.California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you the following rights with respect to the personal information we collect about you:

• Right to know what personal information we collect, use, disclose, and whether we sell or share it.
• Right to delete the personal information we hold about you, subject to legal retention exceptions.
• Right to correct inaccurate personal information.
• Right to opt-out of sale or sharing. RealiPlan does not sell or share personal information as those terms are defined under the CCPA/CPRA. There is nothing to opt out of, and no "Do Not Sell or Share" signal will change our practices.
• Right to limit the use of sensitive personal information to what is necessary to provide the Service.
• Right to non-discrimination — we will not deny you service, charge a different price, or provide a different level of service because you exercised your CCPA/CPRA rights.

To exercise these rights, email us at <privacyEmail/>. We will verify the requester's identity using the account email on file before processing any deletion or export request. We will respond to verified California requests within 45 days, as required by the CCPA/CPRA; this window may be extended once by up to another 45 days where reasonably necessary, with prior notice to you.

Authorized agents. A California consumer may designate an authorized agent to make a request on their behalf by providing us with a written and signed authorization. We may still ask the consumer directly to verify their own identity before we act on the request.

Do Not Sell or Share My Personal Information. As noted above, RealiPlan does not sell or share personal information. This section of the Privacy Policy serves as the permanent landing page for any "Do Not Sell or Share" link you may see in our site footer.

7.European Privacy Rights (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent laws give you additional rights over your personal data. FieldSphere Technologies LLC (Texas, United States) acts as the data controller for the personal data you provide to RealiPlan.

Legal bases for processing

• Contract — processing your account, financial data, and subscription is necessary to provide the Service you have signed up for.
• Consent — analytics cookies and AI recommendations are only activated when you explicitly opt in.
• Legitimate interests — fraud prevention, account security, and service improvement, where those interests are not overridden by your rights.
• Legal obligation — tax, accounting, and other regulatory requirements applicable to us.

Your data subject rights

• Right of access to the personal data we hold about you
• Right to rectification of inaccurate or incomplete data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability in a machine-readable format
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time, without affecting prior lawful processing
• Right to lodge a complaint with your local data protection supervisory authority

To exercise any of these rights, email <privacyEmail/>. We will respond within 30 days of receiving a verified request.

Cross-border data transfers

Your data is stored in the United States on infrastructure operated by Supabase and Amazon Web Services. Where personal data is transferred from the EEA, UK, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs) and supplementary technical measures (encryption in transit and at rest) as our transfer mechanism.

EU representative

RealiPlan does not currently designate an EU representative under Article 27 of the GDPR. EU residents may contact us directly at <privacyEmail/>. We will revisit this designation as our EU user base grows.

8.Coach Dashboard & Client Data Sharing

RealiPlan offers an optional Coach Dashboard that allows financial coaches to view and help manage their clients' financial data. This section explains how that sharing works.

• Invitation-based access. An individual user must explicitly invite a coach (or accept a coach's invitation) before any data is shared. Nothing is shared automatically.
• What the coach can see. Once you accept a coach invitation, the coach gains read access to your household's debts, income, recurring obligations, budget allocations, and payoff projections.
• Revocation. You may revoke coach access at any time from your account settings. Revocation is effective immediately.
• Coach obligations. Coaches are bound by the Terms of Service and are expressly prohibited from using client data for any purpose other than providing coaching services to that specific client. Coaches may not resell, export, or re-share client data.
• Scope of the coach-client relationship. RealiPlan is not a party to the relationship between a coach and their client. The coach is solely responsible for any advice they provide. RealiPlan does not endorse, vet, or supervise individual coaches.

9.Not Financial, Legal, or Tax Advice

RealiPlan provides deterministic mathematical projections based on the data you enter. Nothing in the Service — including AI-generated budget recommendations — constitutes financial, legal, tax, or investment advice. RealiPlan is not a fiduciary and does not have a duty to act in your best financial interest.

You should consult a licensed financial advisor, certified public accountant, or attorney before making significant financial decisions. AI recommendations are generated by an automated model and may be inaccurate or incomplete; you must exercise your own judgment and verify any numbers before acting on them.

10.Cookies and Local Storage

We use cookies and browser local storage to maintain your authentication session (via Supabase Auth) and remember your preferences. We do not use third-party advertising or tracking cookies. You can configure your browser to block cookies, but this may prevent you from logging in to the Service.

11.Children's Privacy

RealiPlan is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected data from a child under 13, we will delete it promptly. Contact us at <privacyEmail/> if you believe a child under 13 has provided us with personal information.

12.Data Security

We implement industry-standard security measures including TLS encryption in transit, encryption at rest, and row-level security policies in Supabase to ensure users can only access their own data. No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

To report a security vulnerability responsibly, please email <securityEmail/>. See our security.txt file for machine-readable disclosure metadata.

13.Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

14.Contact Us

If you have questions about this Privacy Policy or our data practices, please contact: