Draft for review by a licensed attorney. This is not final legal text and is not legal advice.

Privacy Policy

Privacy Policy

Effective date: 2026. This Privacy Policy explains what ChequeMate collects, how it is used and protected, and the choices and rights you have. It is part of, and should be read with, our Terms of Service and Disclaimer.

1. What works without an account

The cost-of-waiting calculator runs in your browser without an account, and those inputs are not sent to us for storage. Building, viewing, and saving your full plan requires a free account; the data you provide with an account is stored and protected as described in this policy, so it is available across your sessions and devices.

2. What we collect

  • Financial inputs you enter, such as income, account balances, filing status, location, and goals.
  • Account and authentication data, such as your email address and sign-in identifiers, handled through our authentication provider.
  • Optional linked-account data if you connect an account through SnapTrade, such as read-only balances and connection tokens.
  • Usage and device data, such as basic analytics, device and browser information, and cookie data.
  • Consent records. When you create an account, we record your agreement to these terms: the agreement version, the date and time, your IP address, and your browser user-agent. We keep this as proof of consent for as long as your account exists, and we may retain it after you delete your account, as evidence that consent existed, where permitted or required by law. Consent records contain no financial data.

We store the inputs you provide, not the projections we compute from them. Computed outputs, such as projections and scores, are generated as needed and are not persisted.

3. Encryption of sensitive financial fields

Sensitive financial fields, such as income, balances, and aggregator tokens, are protected with field-level encryption at rest, in addition to encryption in transit. We scope every record to the authenticated account it belongs to and do not log financial values. We are continuing to strengthen key management, and this policy will be kept accurate as that work progresses.

4. Service providers we use, and why

  • Clerk provides account creation and authentication, and processes your email and sign-in identifiers.
  • Neon provides the encrypted Postgres database where your saved inputs are stored.
  • Anthropic powers the AI explainer. It receives only de-identified figures needed to explain your projection, and not your name, email, or account identifier.
  • SnapTrade provides optional, user-initiated, read-only account linking. ChequeMate never moves money or places trades.

These providers process data on our behalf under their own terms and security commitments. We do not sell your personal information.

5. Financial-privacy posture (GLBA)

Because ChequeMate handles financial information, we aim to align with the standards of the Gramm-Leach-Bliley Act and the FTC Safeguards Rule where they apply, including maintaining an information security program, limiting access to sensitive data, and overseeing our service providers. The precise application of these rules to ChequeMate depends on the features you use and is being confirmed with counsel.

6. Your US state privacy rights

Depending on where you live, US state privacy laws, including the California Consumer Privacy Act as amended by the CPRA and similar laws in other states, may give you rights to:

  • know about and access the personal information we hold about you;
  • delete your personal information;
  • correct inaccurate personal information;
  • opt out of any sale or sharing of personal information; and
  • be free from discrimination for exercising these rights.

To exercise a right, use the contact details at the end of this policy, or delete your account from within the app. We will verify and respond to your request as required by law, and you may appeal a decision. Where applicable, we honor browser-based opt-out signals such as Global Privacy Control.

7. EU and UK users

ChequeMate is directed to users in the United States. If the EU General Data Protection Regulation or the UK GDPR applies to you, you may have additional rights, including access, rectification, erasure, restriction, portability, and objection, and we will identify a lawful basis and appropriate transfer safeguards for any processing. The scope of EU and UK coverage is being confirmed with counsel.

8. Retention and deletion

We keep your saved inputs for as long as your account is active, and then for the period needed to meet legal, security, and record-keeping obligations. You can delete your account and data at any time from the Profile page (Delete account and data), or through your account menu. When you delete your account, we delete your stored inputs, saved scenarios, and any linked-account records, and revoke any SnapTrade connection, subject to standard backup-expiry cycles. Consent records are the one exception: we may retain them after deletion as evidence that consent existed, where permitted or required by law; they contain no financial data. The AI explainer is not used to build a long-term profile of you.

9. Security and breach handling

We use administrative, technical, and organizational safeguards, including encryption, access controls, and provider oversight, to protect your information. No method of storage or transmission is completely secure. If a breach affecting your personal information occurs, we will investigate and notify affected users and regulators as required by applicable law.

10. Children

ChequeMate is not directed to children and is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, please contact us so we can delete it.

11. Cookies and similar technologies

ChequeMate uses cookies and similar technologies. Strictly necessary cookies are needed for the app to work, including keeping you signed in and remembering your theme preference. We may also use functional and analytics cookies to understand and improve how the app is used. You can control non-essential cookies through your browser settings or any in-app cookie controls we provide, and we honor recognized opt-out signals where applicable. We do not use cookies to sell your personal information.

12. Changes and contact

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the app. The effective date above reflects the current version. To ask a question or exercise a privacy right, use the contact address provided in the app. [Contact placeholder to be completed by counsel.]