Privacy Policy

Last Updated: 04/01/2025

1. Definitions

1.1 "Service" refers to the proprietary retirement analysis platform operated by Abelson Ventures Limited, an Irish-registered entity 747785, which provides automated financial projections based on user-submitted data.
1.2 "Personal Data" denotes any information that directly or indirectly identifies an individual user, including but not limited to contact details, financial inputs, and technical identifiers.
1.3 "Processing" encompasses all automated operations performed on user data, including collection, storage, analysis, and deletion, as detailed in this policy.

2. Data Collection Practices

2.1 User-Provided Data:

Contact Information: Email addresses and phone numbers are collected solely for the purpose of delivering analysis reports and critical service notifications.
Financial Details: Retirement savings balances, income levels, and asset allocations are processed to generate personalized projections.
Demographic Data: Age, geographic location, and employment status are used to contextualize retirement planning factors such as tax implications and benefit eligibility.

2.2 Automatically Collected Data:

Technical Identifiers: IP addresses, device types, and browser versions are logged for security monitoring and service optimization.
Usage Analytics: Cookie-based tracking measures feature engagement and session duration to improve user experience (opt-out available via browser settings).

3. Legal Basis for Processing (GDPR Compliance)

3.1 Contractual Necessity: Processing of core financial data is required to fulfill our service agreement and deliver purchased analyses.
3.2 Legitimate Interest: Anonymized usage data is retained for fraud prevention, network security, and service enhancement.
3.3 Explicit Consent: Optional marketing communications require affirmative opt-in via checkbox or similar unambiguous method.

4. Data Utilization

4.1 Primary Service Functions:

Generation of customized retirement reports incorporating user-specified variables.
Secure user authentication and payment processing through PCI-compliant third-party gateways (Stripe).

4.2 Ancillary Purposes:

Aggregated, anonymized datasets inform internal research on retirement planning trends.
Compliance with legally binding requests from regulatory or law enforcement entities.

5. Data Sharing Protocols

5.1 Authorized Third Parties:

Financial Institutions: Payment processors bound by PCI-DSS regulations.
Cloud Service Providers: AWS/Google Cloud under strict Data Processing Addenda (DPAs).
Legal Authorities: Only when compelled by valid court order.

5.2 Commercial Restrictions: Under no circumstances is user data sold, leased, or otherwise monetized for external marketing purposes.

6. International Data Transfers

6.1 EU/UK Transfers: Governed by Standard Contractual Clauses (SCCs) with supplementary technical safeguards.
6.2 Canadian Data: Stored exclusively on servers compliant with PIPEDA's "adequacy" requirements.

7. Data Retention Framework

7.1 Personal Data:

Retained for 24 months following last user activity or until deletion request.
Audio analysis files are permanently erased from production systems after 180 days.

7.2 Anonymized Data: Irreversibly de-identified datasets may be retained indefinitely for actuarial research.

8. User Rights & Controls

8.1 Access/Portability: Submit formal requests to receive all personal data in machine-readable format.
8.2 Rectification/Deletion: Correct inaccuracies or demand erasure of non-essential data.
8.3 Processing Restrictions: Limit data usage to core service functions only.
8.4 Consent Withdrawal: Revoke marketing permissions via account dashboard or email request.

9. Security Measures

9.1 Technical Safeguards:

Military-grade AES-256 encryption for data at rest.
TLS 1.3 protocols for all data transmissions.
Annual third-party penetration testing and vulnerability assessments.

9.2 Organizational Controls:

Mandatory confidentiality agreements for all personnel.
Principle of least privilege enforced through role-based access systems.

10. Children's Privacy Protections

10.1 The Service is expressly prohibited for users under the age of 16.
10.2 Any inadvertent collection of minor's data triggers immediate deletion protocols.

11. Policy Amendments

11.1 Material changes require 30-day advance notice via email and website banners.
11.2 Archived policy versions are permanently accessible at [archive URL].

12. Contact & Dispute Resolution

Data Protection Officer: Direct inquiries to dpo@dataprotection.ie.

By using our Service, you acknowledge having read and understood this Privacy Policy in its entirety.

Contact:
Abelson Ventures Ltd.
Church Road, Killiney
A96EH4N, Ireland
legal@abelsonwealth.com