Privacy Policy
Last updated: 2026-07-02. This draft covers what FirePath actually collects and does today — it has not been reviewed by a lawyer. Get that review, especially for GDPR compliance, before relying on it with real users.
Who we are
For any privacy question or request, contact support@myfirepath.app.
What we collect
To provide the service, we store:
- Account: your email address and a hashed password (we never store your password in plain text).
- Profile: the numbers you give us to run projections — age, target retirement age, FIRE target, monthly deposit, tax country, and similar planning inputs.
- Portfolio data: the monthly balances and invested amounts you enter manually or import from a CSV/Excel file, plus any notes you attach.
- Session cookie: a single signed cookie that keeps you logged in. It is strictly necessary for the app to function — we don't use tracking, advertising, or analytics cookies, so we don't show a cookie-consent banner. If that changes, this policy (and the banner) will be updated first.
Why we collect it
Every field above exists to run the calculations you asked for — projecting your FIRE date, tracking your portfolio, and comparing your actual progress to your plan. We don't collect anything beyond what the features you use require.
Where it's stored
Your rights
Under GDPR (and similar laws elsewhere), you can:
- See exactly what we hold on you (access) — ask us, or use Export CSV on the Entries page for your portfolio data.
- Correct anything that's wrong (rectification) — most fields are editable directly in Settings or your Entries.
- Delete your data (erasure) — Settings → Portfolio → Delete portfolio removes your entries; contact us to delete your full account.
- Get a copy of your data in a portable format (portability) — the CSV export covers this for portfolio data.
- Object to or restrict how we use your data.
Retention
We keep your data for as long as your account exists. If you delete your account, we delete the associated data, other than what we're legally required to retain.
Security
Passwords are hashed with scrypt, never stored or logged in plain text. Sessions use a signed cookie that can't be forged without our server-side secret. Login and signup are rate-limited to slow down automated abuse.
Children
FirePath isn't intended for anyone under 18. We don't knowingly collect data from minors.
Changes to this policy
If this policy changes materially, we'll update the date at the top and, where required, notify you directly.