Privacy Policy

We collect only what we need to run the service:

• Account data — email address, password hash (handled by Supabase Auth), country, and the not-financial-advice acknowledgement you give at signup.
• Simulation data — the inputs you enter (income, expenses, savings rate, withdrawal rate, horizon, etc.) and the simulation results we generate from them.
• Billing data — if you upgrade to Premium, Stripe collects and stores your payment details. We never see or store full card numbers. We receive a Stripe customer ID and subscription status from Stripe.
• Usage and device data — aggregated, mostly anonymous analytics from Vercel Analytics (page views, referrer, country, device type). No personal identifiers are stored.
• Support correspondence — any messages you send us via email.

We use your data only for these purposes:

• To create and operate your account.
• To run simulations and show you the results.
• To process subscription payments and grant Premium access.
• To improve the product through aggregate, non-identifying usage data.
• To respond when you contact us.
• To comply with legal obligations (tax, accounting, anti-fraud).

We do not sell your data, share it with advertisers, or use it to train AI models without your instruction.

• Contract — to provide the service you signed up for.
• Legitimate interest — for product analytics, security and abuse prevention. You can object at any time.
• Consent — for anything optional, such as marketing emails (which you must opt in to).
• Legal obligation — for accounting and fraud-prevention records.

We rely on a small number of trusted processors:

• Supabase — account, profile and simulation data, hosted in the EU. See Supabase’s privacy policy.
• Stripe — payment processing for Premium subscriptions. See Stripe’s privacy policy.
• Vercel — application hosting and lightweight analytics.
• Anthropic — only when you use the Premium-only AI guide. Prompts and the relevant simulation context are sent to Anthropic and are not used to train their models.

Some of these providers may process data outside the UK. Where that happens, we rely on the UK’s adequacy regulations or Standard Contractual Clauses to keep your data protected.

We use a small number of strictly-necessary cookies for authentication (Supabase session cookies) and a privacy-friendly analytics cookie from Vercel that does not track you across other sites. We do not use advertising cookies.

We keep account and simulation data while your account exists. If you delete your account we remove your personal data within 30 days, except where we are required to keep records for legal reasons (e.g. billing receipts kept for six years in line with HMRC requirements).

Under UK GDPR you have the right to access, rectify, erase, port, restrict or object to the processing of your personal data, and to withdraw consent where we rely on it. To exercise any of these rights, email hello@firewealthos.com. You can also complain to the UK Information Commissioner’s Office at ico.org.uk.

FIRE Wealth OS is not intended for anyone under 18. We do not knowingly collect personal data from children. If you believe a child has signed up, contact us and we will delete the account.

Passwords are hashed by Supabase Auth. Transport is HTTPS only. Access to production systems is restricted and audited. No system is perfectly secure, however, and you use the service at your own risk.

We may update this policy from time to time. If we make material changes we will notify you by email or with a notice in the product before the change takes effect. The “last updated” date at the top of this page shows the most recent revision.

Questions about this policy or your data? Email hello@firewealthos.com.