FEEDUCIARY

Privacy Policy

Last updated: March 1, 2025

1. Introduction

FEEDUCIARY LLC (“FEEDUCIARY,” “we,” “our,” or “us”) operates the website at 401kfeeduciary.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: Full name, work email address, password
  • Plan information: 401(k) plan name, Employer Identification Number (EIN), your role (plan sponsor, administrator, advisor, etc.)
  • Fee data: Total plan assets, number of participants, annual fees, and fee breakdowns you enter to generate benchmark reports
  • Billing information: Processed via Stripe; we do not store credit card numbers on our servers
  • Communications: Messages you send us via email or the contact form

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, session duration, clicks
  • Device data: IP address, browser type and version, operating system
  • Cookies: Authentication tokens and session cookies required for the Service to function; analytics cookies (see Section 6)

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Generate 401(k) fee benchmark reports for your plan
  • Process payments and manage your subscription through Stripe
  • Send transactional emails (account confirmation, password reset, billing receipts)
  • Respond to your support requests
  • Monitor and analyze usage to improve the Service
  • Detect and prevent fraud or misuse
  • Comply with applicable laws and regulations

We do not sell your personal information. We do not use your plan data for advertising purposes.

4. Sensitive Data — Plan EIN

Your Employer Identification Number (EIN) is used solely to match your plan to publicly available Form 5500 filing data. It is stored encrypted in our database, never displayed in browser URLs, never logged to application logs, and never shared with third parties except as required by law.

5. How We Share Your Information

We may share your information with:

  • Supabase: Our database and authentication provider. Data is stored on servers in the United States.
  • Stripe: Payment processor. Subject to Stripe's own Privacy Policy.
  • Vercel: Hosting provider for our web application.
  • Resend: Transactional email delivery.
  • Analytics providers: Aggregated, anonymized usage data only.

We require all third-party service providers to maintain appropriate security measures and prohibit them from using your information for any purpose other than providing services to us.

We will disclose your information if required by law, court order, or governmental authority.

6. Cookies and Analytics

We use strictly necessary cookies for authentication and session management. We also use privacy-friendly analytics (Vercel Analytics) that do not track individuals across websites and do not require cookie consent under most jurisdictions.

You may disable cookies in your browser settings; however, doing so will prevent you from logging in to the Service.

7. Data Retention

We retain your account and plan data for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or compliance purposes.

Stripe may retain billing records for longer periods as required by financial regulations.

8. Data Security

We implement industry-standard security measures including:

  • TLS/HTTPS encryption for all data in transit
  • Row-Level Security (RLS) policies ensuring users can only access their own data
  • Encrypted storage for sensitive fields
  • Private storage buckets for uploaded documents
  • Regular security reviews

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update inaccurate information via your Profile page or by contacting us
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a machine-readable format
  • Opt-out: Unsubscribe from marketing emails at any time

To exercise these rights, contact us at privacy@401kfeeduciary.com.

10. Children's Privacy

The Service is intended for business use by adults. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have inadvertently collected such information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the Service at least 14 days before the change takes effect. Continued use of the Service after that date constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

FEEDUCIARY LLC

Austin, Texas

Email: privacy@401kfeeduciary.com

Terms of ServiceERISA DisclaimerBack to Home