Privacy Policy

1. Introduction

ProjectFi is an Australian financial independence planning tool operated by Andrew Haughan (ABN to be added). It helps you estimate when you might be able to retire based on figures you provide, such as income, expenses, savings, and superannuation. We're based in the Australian Capital Territory, Australia, and we're committed to handling your personal information with care and transparency.

This Privacy Policy explains what information we collect, how we use it, and your rights under Australian privacy law. We've written it in plain English because we believe you deserve to actually understand it.

By using ProjectFi, you agree to the collection and use of information as described in this policy.

2. Information We Collect

We collect only what we need to provide the service. Here's what that looks like:

Information you give us directly

• Account information: Your email address and password when you sign up. Your password is hashed and never stored in plain text.
• Financial planning data: Figures you enter into ProjectFi, such as income, expenses, superannuation balance, investment balances, date of birth, target retirement age, relationship status, and other planning inputs, entered by you to generate projections.

Important: ProjectFi does not connect to your bank or any financial institution. We do not collect real transaction data, account balances, or any information directly from your financial accounts. Everything you enter is a manual estimate provided by you.

Information we collect automatically

• Usage data: Basic information about how you use the service (e.g. pages visited, features used) to help us improve the product. This does not include your financial estimates.
• Technical data: IP address, browser type, and device information for security and performance purposes.

3. How We Use Your Information

We use your information to:

• Provide the service: run your projections (including scenarios and Monte Carlo simulations), save your data between sessions, and power your account.
• Improve the product: understand how people use ProjectFi so we can make it better (anonymous usage analytics via PostHog).
• Process payments: if you subscribe to Pro, we use Stripe to handle billing (see Section 5). We never see or store your card number.
• Send transactional emails: signup confirmation, password reset, and important service notices.

We do not sell your data. We do not share it with advertisers. We do not use it for marketing profiling. Full stop.

4. Data Storage and Security

Your data is stored securely using industry-standard practices:

• Database: Your data is stored in Supabase, a managed PostgreSQL database hosted on AWS in Sydney (ap-southeast-2). We use row-level security (RLS), which means your data is isolated from other users at the database level. Only you can access your records. Service role access is restricted to server-side admin functions.
• Encryption: All data is encrypted in transit (via HTTPS/TLS) and at rest. Your financial estimates are never transmitted or stored in plain text.
• Hosting: ProjectFi is hosted on Vercel, a global content delivery network (CDN) with enterprise-grade security.

While we take security seriously and use best-practice tools, no system is completely immune to risk. We encourage you to use a strong, unique password for your account.

5. Third-Party Services

We use a small number of trusted third-party services to run ProjectFi:

Each of these providers has their own privacy policies and security practices. We choose them carefully and only share the minimum information needed for them to perform their function. We do not authorise them to use your data for any other purpose.

6. Analytics (PostHog)

We use PostHog for product analytics under legitimate interests basis to understand how people use ProjectFi and improve the product.

• PostHog uses localStorage (not cookies), so no cookie consent banner is required.
• We record session interactions (mouse movements, clicks, scrolls, navigation, hover patterns) so we can debug user-experience issues. Both the dollar amounts you enter and the dollar amounts ProjectFi calculates and displays back to you (FIRE date, target balance, year-by-year projections, Monte Carlo outputs, scenario comparisons) are masked at your browser before transmission and never leave your device unmasked. Email addresses and password fields are also masked.
• Request and response bodies of network calls to our own API endpoints are not captured in session recordings. The same applies to request and response headers. URL paths, HTTP methods, and status codes ARE captured so we can debug routing issues and broken endpoints. Performance / Web-Vitals capture is also disabled. Your financial planning data — snapshots, scenarios, goals, profile balances — is stored only on our application database and is not transmitted to PostHog.
• Known residual: native HTML range sliders and Radix Slider widgets emit an aria-valuenow attribute that the ARIA spec requires for screen-reader users. PostHog session-replay captures DOM attribute values, and the SDK we use does not yet expose a hook to mask individual attributes. The attribute carries the raw integer position of each slider — no currency symbol, no unit suffix — so reconstructing a dollar amount requires correlating with the slider's label, which is itself masked. We consider this a low-signal residual leak, document it here, and intend to close it once a maskable-attribute hook ships in posthog-js or we move sliders onto a primitive that emits aria-valuetext instead.
• Sessions are not linked to your name or any contact details. Authenticated users are identified by an opaque user ID (not your email) so we can stitch a session across visits, but the ID cannot be traced back to you outside our own systems.
• Recording data is stored on PostHog Cloud in the United States. Under the Australian Privacy Principles (APP 8), that constitutes a cross-border disclosure to an overseas recipient. PostHog publishes a Data Processing Addendum and is GDPR-aligned; their privacy posture and sub-processor list are documented at posthog.com/privacy and the DPA is available at posthog.com/handbook/growth/customer-success/dpa.
• We honour your browser's Do Not Track setting. If DNT is on, no events are sent and no session is recorded.

You can opt out of analytics any time by going to Settings → Privacy and turning off “Help us improve ProjectFi”, or by emailing support@projectfi.com.au. The in-app toggle takes effect immediately and persists across sessions on the same browser.

7. Data Retention

We keep your data for as long as your account is active.

If you delete your account, your personal information and financial planning data will be permanently deleted within 30 days. You can delete your account at any time from the Settings page within ProjectFi, or by contacting us.

Analytics data is retained for 12 months, then automatically purged.

We may retain minimal records (such as billing history) where required by law or for legitimate business purposes (e.g. resolving disputes), but these will not include your financial planning data.

8. Your Rights Under Australian Privacy Law

ProjectFi is committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

You have the right to:

• Access your personal information: you can request a copy of what we hold about you.
• Correct your information: if something is inaccurate or out of date, you can ask us to fix it (or update it directly in your account).
• Delete your information: you can delete your account and associated data at any time via Settings.
• Make a complaint: if you believe we've mishandled your personal information, please contact us first. If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

To exercise any of these rights, contact us at support@projectfi.com.au.

9. Cookies

ProjectFi uses a minimal number of cookies, only what's necessary to keep you logged in and the service running.

• Session/authentication cookies: Used to maintain your login session. These are essential for the service to work.
• No tracking cookies: We do not use advertising cookies, third-party tracking pixels, or analytics cookies that follow you across the web.

You can disable cookies in your browser settings, but this will prevent you from logging in to ProjectFi.

10. Children

ProjectFi is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@projectfi.com.au and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top of this page and, for significant changes, notify you via email or an in-app message.

We encourage you to review this policy periodically. Your continued use of ProjectFi after any changes constitutes acceptance of the updated policy.

12. Contact Information

If you have any questions about this Privacy Policy or how we handle your data, please get in touch: