1. Data Controller
Retirement Lab, based in Switzerland, is the data controller for the personal data processed through this service. For data protection inquiries, contact us at: legal@retirement-lab.com
2. Data We Collect
- Account information: email address and name provided during registration
- Simulation data: parameters you enter and results generated by the engine, stored to enable your simulation history
- Cookies: functional cookies required for authentication and session management only
- Payment information: if you subscribe to Pro, payment details are collected and processed by our payment processor - we do not store credit card numbers
- Analytics data: anonymous, cookie-free usage metrics (page views, feature interactions) collected via Umami. No personal identifiers, IP addresses, or cross-site tracking is involved
3. Legal Bases for Processing
We process your personal data under the following legal bases (Article 6 GDPR / Article 31 Swiss FADP):
- Contract performance: processing necessary to provide the Service (account management, simulation storage, subscription billing)
- Legitimate interest: fraud prevention and security
4. Third-Party Processors
We share personal data with the following third-party processors, each bound by data processing agreements:
- Supabase - database hosting and authentication (US-based, Standard Contractual Clauses in place)
- Vercel - application hosting and edge delivery (US-based, Standard Contractual Clauses in place)
- Stripe - payment processing and subscription billing (US-based, Standard Contractual Clauses in place)
- Umami - privacy-focused, cookie-free web analytics (EU-hosted, GDPR-compliant, no personal data processed)
5. Data Retention
- Account data: retained for the duration of your account. Deleted within 30 days of account deletion request.
- Simulation data: retained for the duration of your account. You may delete individual simulations at any time.
- Payment records: retained as required by Swiss tax law (up to 10 years for invoicing records).
6. Your Rights Under GDPR and Swiss FADP
As a data subject, you have the following rights:
- Access: request a copy of your personal data
- Rectification: correct inaccurate personal data
- Erasure: request deletion of your personal data ("right to be forgotten")
- Portability: receive your data in a structured, machine-readable format
- Restriction: request restriction of processing in certain circumstances
- Objection: object to processing based on legitimate interest
- Withdraw consent: where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at legal@retirement-lab.com. We will respond within 30 days.
7. International Data Transfers
Some of our third-party processors are based in the United States. We ensure adequate protection for international transfers through Standard Contractual Clauses (SCCs) approved by the European Commission and recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC), in accordance with Chapter V of the GDPR and Article 16 of the Swiss FADP.
8. Cookies
We use only essential cookies required for authentication and session management. These are strictly necessary for the Service to function and cannot be disabled. We do not use analytics cookies, tracking cookies, or advertising cookies. Our analytics provider (Umami) is fully cookie-free and does not collect personal data.
9. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch. If you are located in the EU/EEA, you may also lodge a complaint with the supervisory authority in your member state of residence.