Privacy policy
At myfiresimulator.com (the «Site») we process your data on a need-to-know basis. This policy explains what we collect, why, and how to exercise your rights under the EU General Data Protection Regulation (GDPR) and applicable national law.
1. Data controller
Controller: owner of the My FIRE Simulator project.
Contact: simulator contact form (no login required to send a message).
2. Summary by how you use the Site
- Without an account: core calculations run in your browser (WebAssembly). We do not store your financial figures on our servers. Drafts and plans may be kept only in your device’s local storage (
localStorage). - With a Google account: we identify your session via Supabase Auth. We may store cloud plans, AI advisor usage, and gallery comments if you publish or interact.
3. Data we process
3.1 Use without registration
- Browser-stored preferences: language (
fire_lang_pref), theme (fire_theme_pref), auto-save draft, local plans (fire_saved_sims), dismissed banners. - Minimal technical data our hosting provider (Cloudflare) may log for security and performance (e.g. IP address in server logs, limited retention).
- Aggregated, anonymous visit metrics via Simple Analytics (no tracking cookies; see section 5).
3.2 Google sign-in
When you sign in with Google, we receive via Supabase: user ID, email address, and basic public profile data (name and picture) that Google shares according to your account settings.
If you save a plan to the cloud, we store that simulation’s configuration (ages, cash flows, portfolio, taxes, etc.) linked to your account. If you publish to the gallery, other users can view the plan and comment.
3.3 Optional features
- AI advisor: when logged in, you may send a numeric summary of your last simulation (not the full form) to a language model (Google Gemini) via our backend. Daily request limits apply per user.
- Share links: generating a short link stores the simulation state in Supabase so anyone with the link can load it.
- Gallery & comments: display name, comment text, language, and timestamps. We may detect comment language via Google’s public translation API (we do not store the translation request beyond the published comment).
- Simulation errors: if a run fails, we may log the technical payload and error message in Supabase for debugging, not necessarily linked to your identity when logged out.
3.4 Contact form
Name, email (optional), and message are sent to Formspree solely to reply to you. We do not use this for advertising or sell it.
4. Legal bases (GDPR)
- Performance of requested features (Art. 6(1)(b)): cloud saves, account sync, share links, AI diagnosis.
- Consent (Art. 6(1)(a)): gallery publishing, voluntary sign-in.
- Legitimate interests (Art. 6(1)(f)): cookieless aggregated analytics, security, service improvement, technical error logs.
5. Web analytics
We use Simple Analytics (EU/EEA-based) for aggregated visit statistics. We do not use Google Analytics or Google Tag Manager. Simple Analytics does not use advertising tracking cookies and honours Do Not Track when enabled (data-collect-dnt="true").
We do not sell your personal data or use it for advertising profiling.
6. Processors and third-party services
| Provider | Purpose | Location / notes |
|---|---|---|
| Supabase | Auth, database (plans, comments, links, errors) | EU/US per project region; SCCs where applicable |
| OAuth sign-in; optional comment translation; Gemini API (AI advisor) | US/global; data limited to each feature | |
| Cloudflare | Hosting, CDN, site protection | Global |
| Simple Analytics | Anonymous visit statistics | EU |
| Formspree | Contact form | US |
7. Retention
- Cloud plans and comments: until you delete them or your account.
- Local data: until you clear browser storage.
- Error logs and analytics: minimum time needed for maintenance and aggregate stats.
- Contact messages: time needed to handle the enquiry.
8. Your rights
You may request access, rectification, erasure, restriction, objection, and portability, and withdraw consent where processing is consent-based. You may lodge a complaint with your supervisory authority (e.g. EU data protection authorities).
In the app: delete cloud plans, remove your comments, and use «Delete account» in your profile to remove your Supabase user and associated data. Technical documentation: /en/metodologia/.
9. Children
The Site is not directed at children under 16. We do not knowingly collect children’s data.
10. Security
We use reasonable technical measures (HTTPS, token auth, database access policies). No online system is 100% secure; avoid sharing public links with information you do not want exposed.
11. International transfers
Some providers may process data outside the EEA. Where required, contractual safeguards (standard contractual clauses or equivalents) apply.
12. Changes
We will post the revision date at the top. Material changes will be highlighted on the Site where practical.