Privacy & Security
Plain English. No legalese. Here is exactly how your data works.
Last Updated: May 25, 2026
Who can see your data
| Role | Can see | Cannot see |
|---|---|---|
| You | Everything you entered | — |
| Your Strategist | The financial data you shared, to advise you | Other clients' data |
| Agency Owner | Your name and progress summary only | Your financial figures and contact details |
| FNA App Admin | Technical account info (for support) | Your financial data — unless you explicitly approve a temporary, logged session |
| Third Parties | Nothing | Everything — we never sell or share your data |
We do not use AI to process your financial data
Your financial assessment is generated by deterministic calculations — fixed formulas applied to the numbers you enter. No language model, no machine learning algorithm, and no third-party AI service ever sees your data. Your numbers stay inside FNA App and are used only to produce your own results.
Information we collect — and what we never touch
We collect (only what your assessment needs)
Basic contact details
Name and email — used to create your account and communicate with you.
Financial snapshot
A high-level picture of your income, monthly expenses, and savings — used to build your personalized financial plan. You decide what to include and how much detail to share.
Goals and life stage
Retirement timeline, family situation, and financial goals — so your strategist can tailor recommendations to where you actually are in life.
Protection details
Existing insurance coverage you choose to disclose — used only to identify gaps in your financial protection plan.
We never collect
- • Social Security numbers
- • Bank account numbers or credentials
- • Passwords (you set your own via a secure one-time link)
- • Investment account logins or holdings
- • Biometric data, health data, or data about anyone under 18
How your data is protected
- Encrypted in transit and at rest. Every connection uses TLS/HTTPS. Data stored on disk is encrypted with AES-256. This is not optional — it is how the platform is built.
- Row-level access control. Access rules are enforced at the database layer — not just in the interface. A strategist query for a client they are not assigned to returns nothing, at the data level.
- Secure account setup. We send a one-time, expiring link when your account is created. You set your own password. We never send a password in email.
- No bank connections. FNA App has no read or write access to any financial institution. There is no OAuth link to your bank. The only data here is what you typed in.
- Audit logging. All administrative access to user data is logged with a timestamp and user ID, and reviewed on a quarterly basis.
How we use your information
- Generate personalized financial reports and projections for you and your strategist
- Connect you with your assigned financial strategist
- Send account-related communications (login credentials, updates, notifications)
- Maintain platform security and prevent unauthorized access
- Comply with applicable laws and regulations
- Improve platform performance using aggregated, anonymized, non-identifiable usage data only
We do not use your data for profiling, advertising targeting, or any purpose not listed above.
Third-party service providers
We use a limited number of trusted providers to operate the platform. Each is contractually bound to protect your data and may not use it for their own purposes.
| Provider | Role |
|---|---|
| Supabase | Database and authentication hosting |
| SendGrid | Transactional email delivery (name and email only) |
| Stripe | Payment processing (we do not store card details) |
| Vercel | Application hosting and content delivery |
Your rights — real ones, not policy words
- Access. You can see everything we hold about you by logging into your account.
- Correction. If something is wrong, email us and we will fix it.
- Deletion. Email info@fna-app.com with the subject "Delete my account." We will remove all your personal and financial data within 30 days and send written confirmation.
- Portability. Request a copy of your data in a portable format (CSV or JSON) at the same email address.
- Audit log. Request a record of who has accessed your data and when.
Data retention
| Data type | Retention period |
|---|---|
| Active account data | Duration of the account |
| Financial plan records | 7 years after account closure (financial regulations) |
| Technical/session logs | 90 days |
| Deleted account data | Removed within 30 days of request |
Your regional privacy rights
EU, EEA & United Kingdom — GDPR
If you are in the EU, EEA, or UK, the GDPR or UK GDPR applies. We process your data under: contract performance (to deliver the service), legitimate interests (platform security), and legal obligation (financial regulations). Where data is transferred outside the EU/EEA, Standard Contractual Clauses (SCCs) are in place.
Additional GDPR rights: withdraw consent at any time; lodge a complaint with your national Data Protection Authority (ICO for UK residents); all recommendations involve human judgment — no automated decision-making. Contact: info@fna-app.com — subject "GDPR Request."
California residents — CCPA / CPRA
The CCPA as amended by the CPRA applies to California residents. Categories collected: identifiers (name, email), financial information, internet activity (IP, browser type). We do not sell or share your personal information — the right to opt out of sale is pre-honored.
Rights: know, delete, correct, opt out of sale (pre-honored), limit sensitive data use, non-discrimination. Email info@fna-app.com — subject "CCPA Request." Response within 45 days, no fee.
Canadian residents — PIPEDA & provincial law
We comply with PIPEDA, Alberta's PIPA, BC's PIPA, and Quebec's Law 25. We honor all 10 PIPEDA fair information principles. In the event of a breach posing real risk of harm, we notify you and the Office of the Privacy Commissioner of Canada (OPC).
Quebec residents have additional rights including data portability and the right to be forgotten. FNA App uses no automated decision-making. Email info@fna-app.com — subject "PIPEDA Request." Escalate unresolved complaints to the OPC at priv.gc.ca.
Children's privacy
FNA App is intended for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we become aware that a minor has provided data, we will delete it promptly and notify the submitting account holder.
Changes to this policy
Minor changes: updated date only. Material changes (new data uses, new sharing): email notification at least 30 days before changes take effect. Previous versions are archived and available on request.
Questions about your data?
We answer privacy and security questions directly — no ticketing system, no auto-reply.
Email info@fna-app.comFull legal terms in our Terms of Service.