Privacy Policy

Anonymous Usage Data: We collect anonymous analytics about how you use our mortgage calculation tools, including pages visited, time spent, and feature usage patterns. This data cannot be traced back to individual users.

Account Information: When you create an account for premium features, we collect:
- Email address (for authentication and communication)
- Authentication tokens (Google OAuth or Magic Link)
- Premium access status and purchase timestamp

Payment Records: For premium purchases, we maintain records of:
- Purchase amount and date
- Payment processor transaction ID (Stripe)
- General location (country level) for tax compliance
- We do NOT store credit card numbers or sensitive payment details

Technical Information: Standard web data including IP address, browser type, device information, and referral sources for security and service improvement purposes.

Service Delivery: To provide mortgage calculation tools, manage your account, and deliver premium features you've purchased

Payment Processing: To process premium purchases and maintain transaction records for legal and tax compliance requirements

Communication: To send service-related emails, including purchase confirmations, account updates, and important policy changes

Service Improvement: Anonymous usage analytics help us understand feature popularity and improve user experience

Legal Compliance: To meet our obligations under applicable laws, including tax reporting and anti-fraud measures

Security: To protect our services from abuse, fraud, and unauthorized access attempts

We use carefully selected third-party services that are GDPR compliant and maintain high security standards:

Supabase (Database & Authentication):
- Stores your account data and authentication tokens
- GDPR compliant with servers in EU
- Provides secure user authentication

Stripe (Payment Processing):
- Processes premium payments securely
- PCI DSS Level 1 certified
- We only receive transaction confirmations, not payment details

Google OAuth (Authentication):
- Optional authentication method
- We only access basic profile information (name, email)
- You can revoke access at any time through Google settings

Google Analytics & Microsoft Clarity (Optional Analytics):
- Anonymous usage tracking (only if you consent)
- Helps us understand how users interact with our tools
- Can be disabled through our cookie settings

No Sale of Data: We never sell, rent, or share your personal information with third parties for marketing purposes.

We use two categories of cookies with different purposes:

Essential Cookies (Always Active):
- Authentication tokens to keep you logged in
- Security cookies to prevent fraud and abuse
- User preference settings
- These are necessary for basic site functionality

Analytics Cookies (Your Choice):
- Google Analytics for anonymous usage statistics
- Microsoft Clarity for user experience insights
- You can enable/disable these in our cookie settings

Managing Cookies: You can control analytics cookies through:
- Our cookie consent banner (first visit)
- Cookie settings in your account dashboard
- Your browser's privacy settings

Disabling analytics cookies does not affect premium features or account functionality.

We implement multiple layers of security to protect your information:

Encryption: All data transmission uses SSL/TLS encryption, and sensitive data is encrypted at rest

Authentication: Secure OAuth 2.0 and Magic Link authentication with no passwords stored

Access Controls: Strict internal access controls with role-based permissions and regular security audits

Infrastructure: Our services run on secure cloud infrastructure with regular security updates and monitoring

Payment Security: Payment processing handled entirely by PCI DSS compliant third parties (Stripe)

Incident Response: We have procedures in place to detect, respond to, and notify users of any security incidents

While we implement strong security measures, no online service can guarantee 100% security. We continuously monitor and improve our security practices.

Account Data: We retain your account information as long as your account remains active. When you delete your account, all personal data is permanently removed within 30 days.

Payment Records: Transaction records are retained for 7 years as required by tax and financial regulations, then securely deleted. These records are kept separate from active user data.

Analytics Data: Anonymous usage data is retained for up to 2 years for service improvement purposes. This data cannot be linked to individual users.

Communication Records: Support emails and service communications are retained for 2 years to maintain service quality and resolve any issues.

Automatic Deletion: We have automated processes to ensure data is deleted according to these timelines without requiring action from you.

As a user (especially if you're in the EU), you have comprehensive rights regarding your personal data:

Right to Access: Request a copy of all personal data we hold about you

Right to Rectification: Correct any inaccurate or incomplete personal information

Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)

Right to Data Portability: Receive your data in a machine-readable format for transfer to another service

Right to Withdraw Consent: Disable analytics cookies or delete your account at any time

Right to Object: Object to data processing for specific purposes

Right to Restriction: Request limitation of data processing in certain circumstances

To exercise these rights, contact us at info[@]innaton.com with "Privacy Request" in the subject line. We will respond within 30 days as required by GDPR.