Privacy Policy

1. Information We Collect

1.1 Advisor Account Information

When creating an account, we collect: full name, email address, firm name, tagline, business contact details, branding assets (logo, headshot, colors), and hashed passwords. Payment information is processed by Stripe — we do not store card numbers on our servers.

1.2 End User / Lead Information

When End Users interact with calculators that have lead capture enabled, we collect on behalf of the Advisor: name, email address, phone number, financial data entered into the calculator (retirement balances, income, tax rates, contribution amounts, etc.), calculator results, and submission timestamps.

1.3 Client Data (Advisor Tool Inputs)

When Advisors use the advisor tools, they may input client financial data for analysis. This may include: client names, financial account balances, income figures, tax information, Social Security benefits, estate values, healthcare costs, RMD details, IRMAA-related data, and other financial details. This data is entered directly by the Advisor and controlled by the Advisor. We process this data solely to provide the advisor tool analytics, PDF report generation, and client management features.

1.4 Report and Client Management Data

We store advisor tool reports including analysis results, key metrics, data visualizations, chart configurations, client names, report metadata, and client notes. PDF reports are generated on-demand based on stored analysis data.

1.5 Usage and Analytics Data

We automatically collect: IP addresses, browser and operating system information, pages visited, time spent on pages, referral sources, and calculator interaction events.

1.6 Cookies and Similar Technologies

We use cookies for authentication, analytics, and preference storage. See Section 11 for details.

2. How We Use Your Information

We use collected information to: provide and improve the platform; process subscriptions and payments; deliver lead notifications and PDF reports (both calculator and advisor tool reports); send transactional emails; provide customer support; monitor security and performance; analyze usage patterns; and enforce our Terms. End User financial data is used exclusively to deliver it to the appropriate Advisor and generate calculator results and reports. Client data entered into advisor tools is used exclusively to provide analysis, generate reports, and support client management features for the Advisor.

3. How We Store and Protect Your Data

All data transmits via HTTPS encryption. Data at rest is stored in Supabase-hosted PostgreSQL with encryption enabled. Database access is restricted to authenticated service connections only. Passwords are hashed using industry-standard algorithms. Payment information is processed exclusively by Stripe, which is PCI DSS Level 1 certified. No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

4. Data Sharing and Third Parties

We do not sell, rent, or trade personal information. End User lead data is shared only with the Advisor whose calculator collected it. Client data entered into advisor tools is accessible only by the Advisor who entered it.

Third-party services we use:

• Stripe: Payment processing
• Supabase: Database hosting
• Resend: Transactional email delivery
• Vercel: Application hosting
• PostHog: Product analytics
• Google Analytics: Website traffic analysis

We may disclose information if required by law, subpoena, court order, or governmental request, or when necessary to protect rights or safety.

5. Lead Data and Advisor Responsibilities

AdvisorCal acts as a data processor; Advisors are data controllers for both lead data and client data entered into advisor tools. Advisors must:

• Ensure a lawful basis for collecting prospect data and entering client data;
• Provide appropriate disclosures to prospects and clients;
• Comply with applicable privacy and financial regulations (SEC, FINRA, state regulators);
• Respond to data access, correction, and deletion requests from End Users and clients; and
• Configure appropriate compliance disclaimers on calculators and advisor tool reports.

Advisors can view, manage, and delete leads, clients, and reports through the dashboard.

6. Data Processing Agreement

6.1 Scope and Purpose. End User data and client data entered into advisor tools are processed exclusively for the purpose of delivering the Service to Advisors: collecting and storing submissions, delivering notifications, generating calculator and advisor tool PDF reports, displaying data in dashboards, and supporting client management features.

6.2 Processing Instructions. Data is processed only per documented Advisor instructions as configured through the dashboard.

6.3 Confidentiality. All personnel with access to End User and client data maintain confidentiality obligations.

6.4 Security Measures. Technical and organizational protections include encryption in transit and at rest, access controls, and secure authentication.

6.5 Sub-processors. Supabase, Resend, and Vercel serve as sub-processors under equivalent data protection contracts.

6.6 Data Subject Rights. We assist Advisors in responding to End User and client requests for access, correction, deletion, or data portability.

6.7 Data Breach Notification. In the event of a data breach, affected Advisors will be notified within 72 hours with sufficient detail to enable their own required notifications.

6.8 Data Return and Deletion. Upon account termination, all associated End User data, client data, and advisor tool reports will be deleted within 30 days unless legally required to be retained.

6.9 Audits. Upon reasonable request, we will provide information demonstrating compliance with our data processing obligations. Advisors may request a formal Data Processing Agreement by contacting isaiah@themaestromedia.com.

7. Data Retention

Advisor Account Data. Retained while the account is active plus a reasonable period post-cancellation (90 days).

End User / Lead Data. Retained while the associated Advisor account is active. Individual leads may be deleted anytime through the dashboard.

Client and Report Data. Client data entered into advisor tools and associated reports are retained while the Advisor account is active. Individual client records and reports may be deleted anytime through the dashboard.

Post-Deletion. Account deletion revokes access immediately. Lead data, client data, and advisor tool reports are retained in our systems for regulatory, legal, and analytical purposes and are not permanently deleted. You may request full data deletion by contacting isaiah@themaestromedia.com.

Tax/Legal Records. Transaction records required for tax or legal purposes may be retained for up to 7 years.

Analytics Data. Aggregated and de-identified analytics data may be retained after 26 months for product improvement purposes.

8. Your Rights

Depending on your jurisdiction, you may request: access to personal data we hold about you; correction of inaccurate or incomplete data; deletion of your data (subject to legal retention requirements); a copy of your data in a structured, machine-readable format; objection to certain types of processing; or withdrawal of consent. We will respond to requests within 30 days.

End Users should contact the Advisor who collected their data directly. If an Advisor is unresponsive, End Users may contact us and we will forward the request to the appropriate Advisor.

9. California Privacy Rights (CCPA/CPRA)

9.1 Categories of Information Collected:

• Identifiers: Name, email, phone number, IP address
• Financial Information: Payment details (processed by Stripe), calculator financial inputs, client financial data entered into advisor tools
• Commercial Information: Subscription and transaction history
• Internet/Electronic Activity: Browsing history, search history, calculator interactions, advisor tool usage, analytics data
• Professional Information: Firm name, role, business contact information

9.2 Use and Disclosure. Information is used for business purposes as described in Section 2. Third-party service providers receive data for business purposes only. We have not sold or shared personal information in the preceding 12 months.

9.3 California Resident Rights. California residents may request: categories and specific pieces of collected information; deletion (with exceptions); correction; opt-out of sales/sharing (we do not sell personal information); limitations on use of sensitive personal information; and non-discrimination for exercising rights.

9.4 Request Submission. Email isaiah@themaestromedia.com with the subject line "California Privacy Request." We will verify your identity before fulfilling requests. Response within 45 days. Authorized agents may submit requests on your behalf.

9.5 Advisor Obligations. Advisors who collect data from California residents through calculators or enter California resident data into advisor tools must comply with the CCPA/CPRA as businesses, including providing appropriate notices and honoring data subject requests. AdvisorCal functions as a service provider under the CCPA.

10. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.

11. Cookies and Tracking Technologies

Essential Cookies: Required for authentication and core Service functionality. Cannot be disabled.

Analytics Cookies: PostHog and Google Analytics track usage patterns. You may control these through your browser settings.

We do not use advertising cookies and do not engage in cross-website advertising tracking.

12. Changes to This Policy

We may update this policy at any time. Material changes will include an updated effective date and email notifications to Advisors where appropriate. Continued use of the Service after changes constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your privacy rights, please contact us at:

AdvisorCal
Operated by The Maestro Media
Email: isaiah@themaestromedia.com