What we collect

• Email address — submitted at checkout or on the fit quiz. Used to deliver your strategy PDF, send the post-purchase sequence, and match you to your subscription on return visits.
• Quiz answers — the goals, risk tolerance, and starting-capital range you typed into the 60-second fit quiz. Used to generate your blueprint and to tune the AI Coach if you upgrade.
• Stripe billing metadata — customer ID, subscription ID, tier, and last-four of the card (Stripe sends us only the masked digits, never the full PAN). Used for receipts, refunds, and tier resolution.
• Coach chat transcripts — the messages you send and receive in the AI Coach panel (Compass tier and above). Stored against your subscription so the Coach has continuity between sessions.
• Server logs — standard request logs (IP, user-agent, timestamps) kept for 30 days for abuse, rate-limit, and debugging purposes.

What we do not collect

Explicit negation matters in finance, so here it is in plain language:

• No bank credentials. We never ask for, store, or have access to your online banking username, password, or 2FA code.
• No Plaid, Yodlee, or any aggregator. MoneySmith does not connect to your bank accounts. We do not read your transactions or your balances.
• No Social Security or tax-ID numbers. We have no field for them on the site and no business need for them in our system.
• No raw card data. All card entry happens inside Stripe's checkout iframe on Stripe's domain. The card number, CVV, and expiration date never touch a MoneySmith server.
• No advertising trackers. We do not run Google Ads, Facebook Pixel, or any third-party tracking script for ad targeting on the marketing site.

How payments are handled

Every payment on MoneySmith — one-time Master Plan, Spark, Compass, or Atlas subscription — is processed by Stripe, a PCI-DSS Level 1 certified payment processor. The card form on our site is a Stripe-hosted iframe; your card details are tokenized inside Stripe before any data crosses our network. We receive only the resulting customer ID, subscription ID, and a masked card brand + last-four for display on receipts.

Refunds, cancellations, and card updates can all be handled from the Stripe customer portal linked in your dashboard. See the refund policy for the 7-day money-back window and processing timelines.

Where your data lives

Application data (email, quiz answers, subscription state, Coach transcripts) lives in a managed Postgres database on Supabase with the following protections in place:

• Row-level security (RLS) enforced and forced on every customer-data table. The public REST surface is anon-key only, and our policies deny anon reads on every ms_* table — meaning no row is reachable without a valid service-role secret.
• Service-role-only server access. All MoneySmith server routes use a service-role client, which is held in a Vercel encrypted environment variable and never sent to a browser. Only audited internal handlers can read or write your data.
• Encryption at rest and in transit. Database storage is encrypted at rest by Supabase; every request between your browser, our Next.js API routes, and Supabase is TLS-terminated.

Email and bounce handling

Transactional email (receipts, the strategy PDF delivery, post-purchase sequence, the Coach session reminders) is sent via Resend. If a message hard-bounces or you mark it as spam, your address is automatically suppressed — we do not retry or resurrect suppressed addresses on later sends. To resume email after a suppression, email support so we can clear it for you.

Your rights — export, change, delete

You can request the following at any time, regardless of where you live (we apply GDPR-style rights globally because it's simpler and fairer):

• Export — a copy of every record we hold tied to your email, delivered as JSON within 7 business days.
• Correct — fix a typo in your name, update the delivery email, re-trigger a PDF send, etc.
• Delete — permanent removal of your record. Note that Stripe-side billing records are retained per Stripe's own retention policy (financial records are legally required to persist for several years), but we sever the link on our side and stop all further contact.

To file any of these, email support@moneysmith.one from the address you used at checkout. We do not require a form, a notarized signature, or a phone call — the email itself is enough.

Reporting a security issue

If you find a vulnerability — an exposed endpoint, a leaked key, an account-takeover vector — please email support@moneysmith.one with the subject line "Security report". We acknowledge within one business day, triage within three, and do not pursue legal action against good-faith researchers who avoid privacy violations, service disruption, or data exfiltration during testing.