Yearspan

Privacy Policy

Last updated: July 12, 2026

Yearspan ("we", "us", "our"), operated by [LEGAL ENTITY], is built privacy-first. This policy explains what we collect, what we deliberately do not collect, and how your financial plan stays yours.

The short version: your financial plan never leaves your browser. We hold the account and the encryption key that unlocks it, but we never receive the plan itself — we hold a key to data we never possess.

What we collect

What we do NOT collect

Payments

Purchases are processed by Paddle, our authorized reseller and merchant of record, who acts as the data controller for payment information under its own privacy policy. We receive only the subscription status needed to grant access.

Email

We send transactional email only (verification and password reset) via our email provider. We do not send marketing email without your consent.

Security & threat model

Your plan is encrypted on your device (AES-GCM) with a per-account key. Being honest about what that protects:

At-rest encryption protects against shared-computer browsing, casually read stolen disks or profile backups, and post-lapse access. It does not protect against a determined attacker on a logged-in device — that is your operating system's full-disk encryption's job. It is enforcement and hygiene, not device-loss-grade crypto.

Use your operating system's full-disk encryption (FileVault, BitLocker) for device-loss protection. Encrypted mode requires a secure context (HTTPS).

Data retention & your choices

Children

The Service is not directed to children under 18, and we do not knowingly collect their information.

Changes

We will post updates here and, for material changes, notify you by email or in-app.

Contact

Privacy questions: support@yearspanretirement.com. [Add postal address / data-protection contact as required by your jurisdiction.]