Privacy Policy

Effective Date: June 2, 2026

1. Who We Are

Datum FI ("we," "us," "our") operates datumfi.com, an educational retirement planning tool. This policy explains what data we collect, what we do with it, and your rights.

2. What We Collect

The Sketch (free tool): Runs entirely in your browser. No inputs are transmitted to our servers. No account is required. No data is stored.

The Studio (authenticated): When you create an account, we collect:

• Your name and email address (for identity verification)
• Your date of birth and co-architect's date of birth (for retirement timeline modeling)
• Financial inputs you enter (assets, liabilities, income, spending targets) — used for retirement timeline modeling in your browser

We see your financial inputs only long enough to compute your plan. We store nothing beyond your profile. We sell nothing.

3. Third-Party Services

• Clerk.com: Authentication provider. Handles sign-in, sign-up, and session management. Receives your email address and OAuth provider data (if applicable). Clerk Privacy Policy.
• Cloudflare: Hosts datumfi.com and serves all pages. May log IP addresses and request metadata for security and performance purposes. Cloudflare Privacy Policy.
• Cloudflare Turnstile: Bot protection on sign-up. Runs a passive security check in your browser. No personally identifiable information is collected by Turnstile beyond what Cloudflare logs as the host. Cloudflare Privacy Policy.
• Cloudflare Fonts: Serves Fraunces and DM Mono typefaces directly from Cloudflare's network. Google's servers do not see your IP address. This is a privacy upgrade from the previous Google Fonts CDN delivery. Cloudflare Privacy Policy.
• We use no ad networks, no analytics trackers, no retargeting pixels, and no data brokers.

4. Cookies and Storage

• sessionStorage: Sketch inputs are preserved during your browser session and cleared when you close the tab. No tracking cookies are set.
• localStorage keys stored by Datum FI:
  • datum_workspace_name — your workspace display name.
  • datum_auth_hint — session presence flag used to conditionally load the authenticated navigation bar. UI-only; not a security gate.
  • datum_sketch_overlay_seen / datum_studio_overlay_seen — one-time overlay display flags. Set once, never updated.
  • datum_sketch_pickup_for_studio — a 5-minute TTL handoff flag used to pre-populate Studio from a saved Sketch. Expires automatically.
  • datumfi.privacyConsent — records that you have dismissed the privacy notice.
  • datumfi_session_id / ds_anon_id — anonymous session UUIDs for aggregate, non-identifying analytics.
• Clerk authentication cookies: Secure session cookies scoped to datumfi.com, managed by Clerk. See Clerk Privacy Policy.
• We set no tracking cookies, no advertising cookies, and no third-party analytics cookies.

5. Data Retention

• Sketch inputs: Session-only (sessionStorage). Cleared when you close the browser tab. Maximum retention: duration of browser session.
• Session token: Stored in localStorage until you clear your browser data or use our Delete My Data tool. No personal information is encoded in this token.
• Privacy consent flag: Stored in localStorage indefinitely until cleared. Contains no personal information.
• Studio computation inputs: Processed in your browser only. No financial inputs are transmitted to external servers or written to persistent storage.
• Studio account profile: Retained until you submit a deletion request. Deletion requests are honored within 30 days.

To delete all locally stored browser data immediately, use the Delete My Data tool. For account deletion, submit a Data Subject Request.

6. Your Rights (GDPR / CCPA)

Under the GDPR (EU/UK) and CCPA (California), you have the following rights:

• Art. 15 — Access: Request a copy of personal data we hold about you.
• Art. 16 — Rectification: Request correction of inaccurate data.
• Art. 17 — Erasure: Request deletion of your personal data.
• Art. 20 — Portability: Request your data in a machine-readable format.
• CCPA — Opt Out: Opt out of sale or sharing of personal information. We do not sell personal information.

To exercise any of these rights, submit a Data Subject Request or email [email protected]. We will respond within 30 days as required by GDPR Art. 12 (extensible to 90 days for complex requests, with notice).

7. Data Security

All data in transit is encrypted via TLS. Studio computation inputs are processed in memory only and never written to persistent storage.

8. Children's Privacy

Datum FI is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have inadvertently collected such data, contact us at [email protected].

9. Changes to This Policy

We may update this policy. The effective date above reflects the last revision. Continued use of the site after changes constitutes acceptance.

10. Data Protection Officer (DPO)

Our designated Data Protection Officer can be reached at:

Email: [email protected]
Mailing Address: Datum FI, Attn: Privacy, [Address on File]
DSAR Form: datumfi.com/dsar

11. Contact

For any privacy questions or DSAR requests: [email protected]

For general questions: [email protected]