Privacy Policy

Effective Date: March 17, 2026

Waterfall Planning, LLC, a Florida limited liability company ("Waterfall Planning," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, store, and protect your personal information when you use our financial planning website, application, and related services (collectively, the "Service"). This policy is designed to comply with the California Consumer Privacy Act (CCPA/CPRA), the Florida Information Protection Act (FIPA), and other applicable United States privacy laws.

The Service is intended for use by residents of the United States only. By using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the practices described herein.

1. Information We Collect

We collect the following categories of personal information when you use the Service:

1.1 Information You Provide Directly

  • Account Information: Username, email address, password (stored in hashed form), and full name when you register for an account.
  • Profile Information: Current age, as provided by you for retirement planning calculations and contribution limit guidance.
  • Budget and Financial Planning Data: Income details (salary, hourly wage, commission), tax filing status, state of residence, employment type, expense categories and amounts (housing, transportation, food, insurance, debt payments, and other needs and wants categories), and expense frequencies that you input when creating or editing a budget.
  • Savings Goal Data: Goal types (emergency fund, debt payoff, vacation, major purchase, car down payment, home upgrade, home down payment, retirement, Roth retirement, brokerage investments, cash savings), goal names, priority levels, target amounts, current amounts, monthly allocations, timelines, current year contributions, and baseline amounts.
  • Retirement Planning Data: Current portfolio values (traditional retirement, Roth retirement, taxable, and cash accounts), annual savings contributions by account type, employer match amounts, investment return profile selections, retirement start age, plan-until age, estimated retirement expenses, pension income and cost-of-living adjustment elections, Social Security income estimates, and annuity income details.
  • Custom Scenario Data: When using the scenario modeling feature, you may provide additional income events (bonuses, rental income, annuity purchases), expense events (future planned expenses), asset events (real estate purchases, vehicle purchases, property sales including purchase prices, down payments, loan terms, interest rates, monthly costs, and sale proceeds), equity events (RSU vesting, inheritance, business sales, stock sales with gross amounts and tax treatment selections), and Social Security timing adjustments.
  • Contact and Sales Inquiry Data: If you submit a contact form or sales inquiry for organizational accounts, we collect organization name, contact name, contact title, email address, phone number, estimated number of users, company size, how you heard about us, and any messages you provide.
  • Consent Records: Your acceptance of the Privacy Policy and Terms of Use, including the date of acceptance.

1.2 Information Collected Automatically

  • IP Address: We collect your IP address for geo-restriction enforcement (to verify United States residency), security purposes, and rate limiting to prevent abuse. IP addresses are processed by our geo-restriction middleware using a locally hosted GeoIP database (MaxMind GeoLite2) and are not shared with external services for this purpose.
  • Technical Data: Device information, browser type, operating system, and referring URLs collected through standard server logs.
  • Cookie Data: Session cookies for authentication, CSRF protection tokens, cookie consent preferences, and hCAPTCHA cookies for security verification during registration and login. See Section 8 for details.
  • Usage Data: Pages visited, features used, actions taken within the Service, and timestamps of activity for the purpose of maintaining and improving the Service.

1.3 Information We Do NOT Collect

  • We do not collect Social Security numbers, bank account numbers, credit card numbers (payment processing is handled entirely by Stripe), driver's license numbers, or other government-issued identification numbers.
  • We do not collect actual investment account credentials, brokerage login information, or direct access to any financial accounts.
  • We do not link to, access, or import data from any external financial institutions, banks, or investment platforms.

Notice at Collection (CCPA): We collect the categories of personal information described above at or before the point of collection (e.g., during account registration, budget creation, savings goal setup, retirement plan configuration, or contact form submission) for the purposes outlined in Section 2 below.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Operate the Service: To create and manage your account, generate budgets, track savings goals and progress, produce retirement projections, run custom scenario models, and deliver the core functionality of the Service.
  • Process Payments: To facilitate subscription payments through our payment processor, Stripe. We transmit your email address and subscription selection to Stripe for payment processing. We store Stripe customer IDs, subscription IDs, and session IDs to manage your subscription status. We do not store your payment card information.
  • Communicate With You: To send transactional emails (account confirmation, password resets, subscription notifications), educational drip campaign emails, and promotional emails about the Service. You may opt out of promotional and drip campaign emails at any time via the unsubscribe link in each email or through your account settings. Opting out does not affect transactional emails required for account operation.
  • Security and Fraud Prevention: To verify your identity during registration and login through hCAPTCHA, enforce geo-restrictions to limit the Service to United States residents, implement rate limiting to prevent abuse, and protect the Service and its users from unauthorized access.
  • Maintain and Improve the Service: To analyze usage trends, identify and fix technical issues, and improve the user experience. This analysis is performed on aggregated or anonymized data where possible.
  • Display Third-Party Resources and Partner Content: To present general financial resources, comparison tools, referral links, sponsored educational content, or other third-party offerings within the Service that may be relevant to users. These resources are displayed based on the general context of the feature being used (for example, savings-related resources on a savings page) and are not targeted using your individual financial data. We may receive compensation from third-party partners when you click on or engage with these resources. See Section 11 for more details.
  • Generate Aggregated and Anonymized Reports: To produce aggregate, anonymized statistical reports about general usage trends, financial planning behaviors, and workforce financial wellness metrics for organizational clients. These reports contain no individually identifiable information and cannot be used to identify any specific user.
  • Organizational Account Management: To manage invite codes, seat allocations, and user access for organizational subscriptions.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

3. How We Share Your Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We do not provide your individual financial data to any third party for marketing or advertising purposes. We share your information only in the following limited circumstances:

  • Stripe (Payment Processing): We share your email address and subscription information with Stripe, Inc. to process payments and manage subscriptions. Stripe's handling of your information is governed by Stripe's Privacy Policy. No financial planning data (budgets, savings goals, retirement projections, or scenario data) is shared with Stripe.
  • hCAPTCHA (Security Verification): We use hCAPTCHA by Intuition Machines, Inc. during registration and login to prevent automated abuse. hCAPTCHA may collect certain technical data as described in hCAPTCHA's Privacy Policy.
  • SendGrid (Email Delivery): We use SendGrid (Twilio) to deliver transactional, educational, and promotional emails. SendGrid processes your email address and name for the purpose of delivering emails on our behalf, subject to Twilio's Privacy Policy.
  • Google Ads (Remarketing): With your explicit consent, we use Google Ads remarketing tags to build audience segments of website visitors so we can show relevant advertisements on Google Search, YouTube, and partner sites. Google operates in consent mode, meaning no advertising cookies are stored unless you grant marketing cookie consent. When consent is denied, Google may still collect anonymized, aggregated data but will not store cookies on your device or use your data for personalized advertising. No financial planning data is shared with Google. Governed by Google's Privacy Policy.
  • Meta (Remarketing): With your explicit consent, we may use Meta Pixel to build audience segments of website visitors so we can show relevant advertisements on Facebook and Instagram. Meta operates in consent mode, meaning no advertising cookies are stored unless you grant marketing cookie consent. No financial planning data is shared with Meta. Governed by Meta's Privacy Policy.
  • Cloudflare (Content Delivery and Security): Our Service uses Cloudflare for content delivery, SSL/TLS encryption, and security protection. Cloudflare may process IP addresses and technical data in the course of providing these services, subject to Cloudflare's Privacy Policy.
  • Hosting Provider (DigitalOcean): Our Service is hosted on DigitalOcean servers located in the United States. DigitalOcean provides the infrastructure on which your data is stored and processed, subject to DigitalOcean's Privacy Policy.
  • Database Provider (Supabase): Your account and financial planning data is stored in a PostgreSQL database managed through Supabase, hosted in the United States, subject to Supabase's Privacy Policy.
  • Organizational Administrators: If you access the Service through an organizational account, the organization administrator may be able to see limited information about your account status (such as whether you have registered and your subscription status). Organization administrators do not have access to your financial planning data, budget details, savings goals, or retirement projections.
  • Legal Obligations: We may disclose your information if required to do so by law, court order, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfer: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service prior to your information being subject to a different privacy policy.
  • Aggregated and Anonymized Data: We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify any individual user with organizational clients, research partners, or for general business purposes. For example, we may provide organizational clients with aggregate reports on general financial wellness trends among their enrolled users, such as average savings rates or percentage of users with active retirement plans, without identifying any individual.
  • With Your Consent: We may share your information in other circumstances if you provide explicit consent.

4. Data Storage, Security, and Retention

4.1 Storage Location

All data is stored on servers located in the United States. We do not intentionally transfer personal data outside of the United States.

4.2 Security Measures

We implement industry-standard security measures to protect your personal information, including:

  • HTTPS/SSL/TLS encryption for all data transmitted between your browser and our servers, managed through Cloudflare.
  • Passwords are stored using secure one-way hashing algorithms and are never stored in plain text.
  • Database connections are secured using SSL encryption.
  • Server access is restricted through SSH key authentication and firewall rules.
  • CSRF (Cross-Site Request Forgery) protection is implemented on all forms.
  • Rate limiting is applied to login attempts and form submissions to prevent brute force attacks.
  • Regular automated backups of application data.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your information.

4.3 Data Retention

  • We retain your personal data for as long as your account is active or as needed to provide you with the Service.
  • If you delete your account through the app's profile settings, your personally identifiable data, financial planning data, budget information, savings goals, retirement plans, custom scenarios, and all associated records are removed from our active systems. We may retain anonymized or aggregated data for internal analysis and service improvement. Account deletion is irreversible.
  • Inactive accounts and their associated data are deleted after one (1) year of inactivity.
  • We may retain certain information (notwithstanding anything to the contrary herein) as required by law (e.g., transaction records for tax or accounting purposes) or to resolve disputes, enforce our agreements, or protect our legal rights, even after account deletion.
  • Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for analytical purposes.

5. Your Privacy Rights

Depending on your state of residence, you may have the following rights regarding your personal information:

5.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know/Access: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Delete: Request deletion of your personal information, subject to certain exceptions permitted by law.
  • Correct: Request correction of inaccurate personal information.
  • Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" mechanism.
  • Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to only what is necessary to provide the Service.
  • Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

5.2 Rights Under Other State Privacy Laws

Residents of states with comprehensive privacy laws (such as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have similar rights to access, delete, correct, and opt out of certain processing of their personal information. We will honor valid requests consistent with applicable law.

5.3 Rights for All Users

  • Access and Update: You can access and update your financial planning data, budget, savings goals, and retirement plan information at any time through the Service.
  • Delete Your Account: You can permanently delete your account and all associated data through the profile settings in the app.
  • Email Opt-Out: You can opt out of promotional and drip campaign emails at any time using the unsubscribe link in each email or through your account settings.
  • Cookie Preferences: You can manage cookie preferences through the consent banner or your browser settings. See Section 8.

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 45 days as required by applicable law. We may need to verify your identity before processing your request.

6. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at [email protected].

7. Do Not Sell or Share My Personal Information

We do not sell your personal information as defined by the CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising. No financial planning data you enter into the Service (including budgets, savings goals, retirement projections, or scenario data) is ever sold to third parties or shared with advertisers. The Service may display general third-party resources, referral links, or sponsored educational content as described in Section 2 and Section 11, but these are presented based on the general context of the feature being used and are not targeted using your individual financial data. A Do Not Sell My Personal Information page is available for California residents and other users who wish to submit an opt-out request. Opting out will disable both analytics and marketing cookies.

8. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies (Required): Session cookies for authentication and maintaining your logged-in state, CSRF tokens for form security, and cookie consent preference cookies. These cannot be disabled as they are necessary for the Service to function.
  • Security Cookies: hCAPTCHA cookies used during registration and login to verify that you are a human user and prevent automated abuse.
  • Analytics Cookies (Optional): If enabled with your consent, these cookies help us understand how users interact with the Service to improve functionality and user experience.
  • Marketing Cookies (Optional): If enabled with your consent, these cookies are used by third-party advertising platforms (such as Google Ads) to help us show relevant advertisements to people who have previously visited our website. These cookies do not access your financial planning data. When declined, advertising platforms may still collect anonymized, aggregated data through consent mode but will not store cookies on your device.

A cookie consent banner will appear on your first visit allowing you to accept or decline non-essential cookies. You can manage your preferences at any time through our Cookie Policy page or your browser settings. Declining non-essential cookies does not affect core Service functionality.

9. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will notify affected users as required by the Florida Information Protection Act (within 30 days of determination), the CCPA, and any other applicable state breach notification laws. Notification will be sent to the email address associated with your account and, where required, to applicable regulatory authorities.

10. Organizational Account Privacy

If you access the Service through an organizational subscription (e.g., provided by your employer, credit union, or benefits provider):

  • Your organization's administrator can see that you have registered and your general account status, but cannot view your budget details, financial data, savings goals, retirement projections, or any financial planning information you enter into the Service.
  • Your financial planning data remains private to you and is not shared with your employer, organization, or organization administrator under any circumstances.
  • If your organizational subscription ends, you may be offered the option to convert to an individual subscription. If you choose not to continue, your account and data will be subject to the standard data retention policies described in Section 4.3.

11. Third-Party Links, Resources, and Partner Content

The Service may contain links to third-party websites, resources, tools, and services, including educational references, financial product comparison tools, advisor matching services, sponsored educational content, and affiliate or referral partner links. Waterfall Planning may receive compensation from third-party partners when you click on, engage with, or take action through these links or resources. The presence of third-party content within the Service does not constitute an endorsement, recommendation, or guarantee of any third-party product, service, or provider. These third-party sites and services have their own privacy policies and practices, which we do not control and are not responsible for. We encourage you to review the privacy policies of any third-party site you visit through links on the Service. Your individual financial planning data is never shared with these third-party partners. Third-party resources within the Service are displayed based on the general context of the feature being used (for example, advisor referral links on a retirement planning page or savings account resources on a savings goals page) and are not personalized using your individual budget, savings, or retirement data.

12. Financial Planning Disclosures

The following disclosures apply to how we handle data within the financial planning features of the Service:

  • Data Use: All financial data you enter (income, expenses, savings goals, portfolio values, retirement projections, custom scenario inputs) is used solely to provide the Service to you. This data is not sold or shared with any third party for marketing, advertising, or personalized targeting purposes. The Service may display general third-party resources or partner content within its features, but your individual financial data is never used to select, target, or personalize these resources.
  • Not Financial Advice: The Service is a self-directed planning tool. All projections, calculations, and outputs are hypothetical and for informational purposes only. See our Terms of Use for complete disclaimers.
  • Tax Data: Tax estimates use progressive federal bracket calculations and state-level tax data from publicly available sources. These are simplified approximations for planning purposes and do not constitute tax advice. Tax data entered is not shared with the IRS, any state tax authority, or any tax preparation service.
  • Retirement Projections: The Retirement Visualizer and custom scenario features use hypothetical assumptions (user-selected return rates, assumed inflation rates) that may not reflect actual future market performance. Data entered for retirement projections is stored with the same security protections as all other user data.
  • No External Account Linking: The Service does not connect to, import from, or sync with any external bank, brokerage, investment, or financial accounts. All data is manually entered by you.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. If we make material changes, we will notify you by posting the updated policy on the Service with a new effective date. Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you should discontinue use of the Service.

14. Contact Us

For questions, privacy concerns, data subject access requests, or to exercise any of your privacy rights, contact us at:

Waterfall Planning, LLC

Email: [email protected]

Phone: (904) 654-3336

Back to Home