Legal

Privacy Policy

Last reviewed May 4, 2026

Effective date: May 4, 2026 Last reviewed: May 4, 2026

Yearfold is operated by Hyper Mind Technologies, LLC ("we", "us", "our"), which is the data controller for the personal information processed through yearfold.com (the "Service"). This Privacy Policy describes what we collect, what we do with it, and what we don't do. We aim to collect as little as possible and to be specific about what we do collect.

What we collect

Information you provide

Calculator inputs. Age, savings balance, monthly contribution, and similar retirement-planning fields. By default these stay in your browser and are never sent to our servers.
Account information. If you create an account, we store your email address and the magic-link sign-in tokens needed to authenticate you.
Saved plans. When you click "Save plan," your inputs and a summary of the simulation results are stored against your account.
Email subscriptions. Your email address and the source of the signup (e.g., footer form, calculator save).
PDF orders. Your email address, plan inputs, and result summary needed to render and deliver the PDF.

Information collected automatically

Anonymous calculator telemetry. When you run the calculator, we record aggregate metrics — success-probability bucket (rounded to 5%), household type ("single" / "couple"), elapsed simulation time. This is not linked to your account or any persistent identifier.
Server logs. Standard request logs (IP address, user agent, timestamps) for security and operational purposes. Logs are retained for up to 30 days.
Vercel Web Analytics. Aggregate page views, referrer, country (derived from IP, IP itself not stored), and device class. No cookies are set; no cross-site tracking; no personally identifiable data. Vercel, Inc. is the data processor. Retained for 30 days on Vercel's Hobby tier, 90 days on Pro.
Vercel Speed Insights. Real-user Core Web Vitals measurements (LCP, INP, CLS, etc.) on a sampled basis. Anonymous; no cookies; no PII. Same data processor and retention as Web Analytics.

Information we don't collect

We do not sell your data to third parties.
We do not use third-party advertising trackers on the Service except for Google AdSense on blog and content pages (when enabled). AdSense is governed by Google's privacy policy.
We do not use cookies for analytics. (Vercel Web Analytics and Speed Insights are both cookieless.)
We do not track you across other sites.
We do not sell your email address to anyone.

Cookies and similar technologies

The Service uses session cookies to keep you signed in. We do not use tracking cookies. We do not use third-party advertising cookies on the calculator pages.

If AdSense is enabled on blog/content pages, Google may set cookies for ad personalization governed by their own policy.

How we use your information

To operate the Service (saving plans, sending magic links, generating PDFs).
To send transactional email (sign-in links, plan summaries, PDF deliveries).
To send our newsletter, only if you opt in via the footer form (double opt-in required — you'll receive a confirmation link before being added).
To improve the Service via aggregate, non-personal telemetry.
To prevent abuse and respond to security incidents.

We use the following third-party services as data processors:

Provider	Purpose	Data shared
Vercel	Hosting	Server logs, request data
Supabase	Database, authentication	Account email, saved plans, PDF orders
Resend	Transactional email	Email address, message content
Stripe	Payment processing (PDF + Pro subscription)	Email, payment method (we never see card details), billing info
Vercel Web Analytics	Aggregate page-view counts	Page path, referrer, country (IP-derived, IP not stored), device class — no PII
Vercel Speed Insights	Real-user Core Web Vitals	Page path + LCP/INP/CLS sample — no PII
Google AdSense	Display ads on content pages	Browser identifiers (per Google's policy)
Sentry	Error tracking	Error details, browser version

We do not share your information with anyone else except when required by law or to protect rights and safety.

Data retention

Saved plans: kept until you delete them or close your account.
Email subscribers: kept until you unsubscribe or request deletion.
PDF orders: kept for 30 days after purchase, then archived for 7 years for tax-record purposes.
Anonymous telemetry: kept indefinitely in aggregated form.
Server logs: kept for 30 days.

Your rights

Regardless of where you live, you have the right to:

Access the personal information we hold about you.
Delete your account and associated data.
Correct inaccurate information.
Opt out of marketing email at any time.

If you live in the EU, UK, California, Virginia, Colorado, Connecticut, Utah, or similar jurisdiction with formal data-protection law, you may also have rights to data portability, to object to processing, and to lodge a complaint with your local data-protection authority.

To exercise any of these rights — including data-subject access, correction, deletion, or portability requests — write to hello@yearfold.com. We will respond within the timeframes required by your applicable law (45 days under California CCPA/CPRA; 30 days under GDPR/UK GDPR).

Children

The Service is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe we have, contact hello@yearfold.com and we will delete it promptly.

Security

We use industry-standard security measures: TLS in transit, encryption at rest for all database fields, hashed and salted authentication tokens, and least-privilege access controls. No system is perfectly secure; if we discover a security incident that affects your data, we will notify you within 72 hours.

Changes to this policy

We may update this policy. Material changes will be announced via email (if you have an account) and via a prominent notice on the Service at least 30 days before they take effect.

Contact

Hyper Mind Technologies, LLC, the data controller, can be reached at hello@yearfold.com for any privacy question or data-subject rights request.