How ProjectFi protects your data

You are trusting us with sensitive financial information. Here is exactly what we store, how we protect it, and what control you have over it.

What we store

ProjectFi stores the aggregate financial figures you enter. These are summary numbers, not raw transactions, bank feeds, or linked accounts.

Display name and date of birth

Income and expense figures (aggregate totals, not transactions)

Superannuation balances and contribution amounts

Property values and mortgage details

Investment property holdings

Monthly net worth snapshots you enter over time

FIRE scenarios and goals you create

What we never store

We deliberately avoid collecting data we do not need. ProjectFi never asks for or stores the following:

Tax File Number (TFN)

Bank account or credit card numbers

Transaction-level data or bank feeds

Passwords (hashed by our authentication provider, never stored in plain text)

Your calculations stay in your browser

The FIRE projection engine, Australian tax calculator, superannuation modelling, and Monte Carlo simulations all run entirely in your browser. Your financial figures are never sent to a server for processing.

Our server stores your inputs so you can access them across devices and keep a history of your progress. But the actual financial calculations happen on your device, not ours.

Because calculations run in your browser, our servers only store the input figures you enter. Projection results and scenario comparisons are not stored on our servers.

How your data is secured

Encrypted at rest

All data is encrypted at rest using AES-256 in our database provider's managed infrastructure.

Row-level security

Every database query is scoped to your user ID at the database level. Other users cannot access your data through the application.

SOC 2 Type II infrastructure

Our database and authentication run on Supabase, which maintains SOC 2 Type II compliance. Your data lives in managed, audited infrastructure.

CAPTCHA and rate limiting

Authentication endpoints are protected by Cloudflare Turnstile and server-side rate limiting to prevent automated attacks.

You control your data

Export everything

Download all of your data as a JSON file at any time from Settings. Your profile, snapshots, scenarios, goals, and investment properties are all included. No lock-in.

Delete everything

You can permanently delete your account and all associated data from Settings at any time. Deletion is immediate and irreversible. We do not retain copies.

We never sell or share your data

Your financial data is never sold, shared, or used for advertising. It exists solely to power your projections and tracking.

Third-party services

ProjectFi uses a small number of trusted third-party services. Here is what each one does and what data it can access.

Supabase

Database and authentication

Stores your profile and financial inputs. SOC 2 Type II compliant.

Stripe

Payment processing

Handles subscription payments. We never see or store your card details.

Vercel

Application hosting

Serves the website. Does not store your financial data.

PostHog

Anonymous product analytics

Helps us understand which features are used. No financial data is sent.

Questions or concerns

If you have questions about how your data is handled, or if you believe you have found a security vulnerability, please contact us at support@projectfi.com.au.

For full legal details, see our Privacy Policy and Terms of Service.