Privacy Policy

Version 1.0 — Last updated: March 2025

We build for UK GDPR and data protection from day one. We collect only what we need to provide your FIRE planning and tracking experience. We do not sell your data.

1. Data controller

The data controller responsible for your personal data in connection with the FIRE Tracker website and application is the operator of FIRE Tracker. You can contact us for data protection enquiries at the contact or privacy email or address published on our website or in the Service. If we appoint a Data Protection Officer, we will publish their contact details here or on our website.

2. Data we collect

We may collect and process the following:

  • Account data — Email address, name (if provided), and authentication-related information (e.g. hashed passwords, session identifiers). We may use an internal pseudonymous user identifier.
  • Profile and planning data — Preferences you set, such as base currency, timezone, theme, date of birth, sex (if provided), target income, retirement age, state pension age, life expectancy, and assumptions (e.g. inflation rate, safe withdrawal rate). We may store partner-related data if you use the partner feature.
  • Portfolio data — Accounts, balances, positions, liabilities, notes, allocation goals, and related metadata that you enter for tracking net worth and FIRE progress.
  • Derived data — Snapshots, analytics, and projections we compute from your portfolio and planning data (e.g. net worth history, exposure breakdowns).
  • Subscription and billing metadata — If you subscribe to a paid plan: plan status and payment provider identifiers (e.g. Stripe customer ID). We do not store your full payment card details.
  • Product usage data — Events we record inside the Service (e.g. feature usage, reliability events) to improve the product and diagnose issues.
  • Support data — If you contact us: name, email, message, and where relevant hashed IP or user agent, retained for a limited period (e.g. 30 days) for abuse prevention and support.
  • Consent and preference logs — Cookie preferences, consent timestamps, region, anonymous ID, and where available locale, time zone, or Do Not Track signals, for compliance and preference management.

FIRE Tracker does not offer automatic bank or institution connections. We never ask for or store your online banking credentials.

3. How we use your data

We use your data to:

  • Provide the Service — dashboards, calculators, projections, snapshots, and exports tailored to your base currency and preferences.
  • Send service communications (e.g. password reset, account notifications) and, if you opt in, product updates or summaries. We do not send marketing emails without your consent.
  • Provide customer support, prevent abuse, and improve reliability.
  • Comply with legal obligations (e.g. access, deletion, accounting, incident response).

4. Lawful bases

We rely on different lawful bases under UK GDPR depending on the category of data:

Data categoryLawful basisPurpose
Account and profileContractCreate and manage your account
Portfolio and planning dataContractDeliver dashboards, analytics, snapshots, exports
Subscription and billingContract / legal obligationProcess payments, manage subscriptions, accounting
Security and abuse preventionLegitimate interestsProtect the service and users
Analytics cookiesConsentMeasure performance and improve reliability (if you opt in)
Support submissionsLegitimate interestsProvide support and prevent abuse
Consent preferencesLegal obligationDemonstrate GDPR compliance

5. Sharing and processors

We use third-party processors to operate the Service. They process data on our instructions and are bound by contracts that require them to protect your data and use it only as we instruct. We do not sell your data to advertisers or data brokers.

  • Supabase — Authentication, database, and storage (including Row-Level Security; encryption in transit and at rest).
  • Hosting and infrastructure — Our application may be hosted on providers such as Vercel or similar; they may process requests and logs in the course of serving the Service.
  • Email — We may use an email provider (e.g. Resend) for service communications and, if you opt in, product updates.
  • Payments — If we offer paid plans, payments may be processed by Stripe or similar; we receive subscription status and identifiers but do not store full card details.
  • Analytics — If we use analytics (e.g. Vercel Analytics, Speed Insights), we do so only where you have opted in to analytics cookies, in line with this policy.

We may use additional processors from time to time; we will update this section when that affects how your data is processed.

6. International transfers

Your data may be processed in the United Kingdom and, where our processors operate, in the European Economic Area or other countries. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as UK adequacy regulations, Standard Contractual Clauses (SCCs), or the International Data Transfer Agreement (IDTA), as applicable. We only work with processors that provide GDPR-ready contractual commitments.

7. Retention

We keep your data as follows:

  • Account and portfolio data — Retained while you use FIRE Tracker and deleted when you request account or data deletion, subject to any legally required retention.
  • Support logs — Retained for a limited period (e.g. up to 30 days) for abuse prevention, then purged.
  • Consent logs — Retained for up to 13 months or as required for compliance, unless a longer legal requirement applies.
  • Billing records — Retained as required for accounting, fraud prevention, and legal compliance.
  • Backups — Follow the same retention; data is removed when the source data is deleted.

8. Your rights (UK GDPR)

Under UK GDPR you have the right to:

  • Access and export — Request a copy of your personal data or download your data from the Service where we provide that feature.
  • Portability — Receive your data in a structured, machine-readable format (e.g. CSV, JSON) to transfer to another service.
  • Deletion — Request account and data deletion at any time. We will remove your portfolio data, snapshots, and associated records, subject to any legally required retention.
  • Correction — Update your account and planning data directly in the product or request correction from us.
  • Objection and restriction — Object to certain processing or ask us to restrict processing in specific circumstances.
  • Withdraw consent — Where we rely on consent (e.g. analytics cookies or marketing), you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Complain — Lodge a complaint with the UK Information Commissioner's Office (ICO) (ico.org.uk). If you are in the EEA, you may also contact your local data protection authority.

To exercise your rights, contact us at the contact or privacy email or address published on our website or in the Service. We will respond within 30 days (or explain any extension).

9. Security

We implement appropriate technical and organisational measures: data encrypted in transit and at rest; Row-Level Security where applicable so users access only their own records; least-privilege access for operational systems; and incident response procedures with notification where required by law (e.g. 72-hour breach notification where applicable).

10. Cookies and analytics

We use cookies and similar technologies where necessary to operate the Service (e.g. session and authentication cookies). Where we use analytics or performance cookies, we do so only with your consent where required by law. You can manage cookie preferences in your browser or via any preference centre we provide. Blocking essential cookies may affect the functionality of the Service. We do not use third-party marketing pixels or ad-tracking in the product.

11. Children

FIRE Tracker is not intended for children under 16. We do not knowingly collect personal data from minors. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

12. Automated decision-making

We generate projections, analytics, and summaries from your data to present information to you. These calculations do not produce legal or similarly significant decisions about you. We do not use automated decision-making that would require additional safeguards under Article 22 of UK GDPR.

13. Non-advisory stance

FIRE Tracker provides planning and tracking tools only. We do not provide regulated financial advice or execution services. You should verify any financial or legal decisions independently.

14. Updates

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. If changes are significant, we will notify you by email or through the Service. We encourage you to review this policy periodically.

15. Contact

For privacy-related questions, data subject requests, or to exercise your rights, please contact us at the contact or privacy email or address published on our website or in the Service. We will respond as soon as reasonably practicable and within any timeframes required by law.

Back to home