Privacy Policy for My Plan Keeper Inc.

Effective January, 2026

At My Plan Keeper™, Inc. ("MPKAI," "we," "us," or "our"), our privacy is our priority. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you use our website https://www.myplankeeper.ai and https://www.myplankeeper.com (the "Site") our web and mobile applications, embeddable widgets, and smart-home experiences including Amazon Alexa (together, the "Services"), including AI-powered features supported by third-party providers such as Anthropic, Perplexity, and ElevenLabs (for Grace's synthetic voice).

1. Commitment to Data Privacy

We are committed to complying with global privacy regulations, including:

The Data Protection Act (DPA) 2018 (UK)
The General Data Protection Regulation (GDPR) (EU)
The California Consumer Privacy Act (CCPA) (US)

We ensure that your personal data is handled lawfully, fairly, and transparently.

2. Data We Collect and Why

We collect the following categories of data to provide our Services:

a. Personal Information You Provide Directly

Identity Data: Name, username, date of birth.
Contact Data: Email address, phone number, mailing address.
Account Data: Login credentials (passwords are encrypted and securely hashed, not stored in plain text) and account preferences.
Financial Data: Information necessary to process payments (via Stripe).

b. Data Collected Automatically

Device Information: IP address, browser type, device type, operating system.
Usage Data: Pages visited, time spent, and interaction patterns.

c. Special Category Data (if applicable)

We do not intentionally collect sensitive data (e.g., health, biometrics), but some data may be inferred based on financial habits.

d. Voice Interaction Data (for smart‑home and voice features):

Short‑term audio or transcripts from voice commands and conversations with “Grace” on supported devices (such as Google Home or other smart speakers).
Audio is processed to understand your request and generate a response; unless explicitly stated, we do not store raw audio long‑term.
We may retain text transcripts of your interactions to operate, secure, and improve the Services, but we do not retain raw audio longer than necessary for processing.

3. How We Use Your Data

We use your personal data for the following purposes:

Account Creation and Management: To verify your identity and maintain your user profile.
Service Delivery: To provide and improve our financial planning and AI-powered services.
AI-Generated Recommendations: Our AI features are powered by third‑party AI vendors (including Microsoft Azure OpenAI, Perplexity, and similar LLM providers). We send only the minimum data needed to answer your question, and our contracts require that your personal data is not used to train or improve the providers’ base models.
Marketing and Communication: To send you service updates, offers, and newsletters (with your consent).
Legal Obligations: To comply with applicable laws, including fraud prevention.

4. AI and Data Privacy

Multi Model AI Integration

We use third‑party AI services (for example, Microsoft Azure OpenAI and Perplexity’s real‑time search API) to power personalized retirement guidance, Smart Search, and conversational “Grace” experiences. These vendors process your inputs (questions, prompts, and related context) to generate responses on our behalf.

We implement the following safeguards:

Data sent to AI providers is limited to what is necessary to fulfill your specific request (for example, the text of your question and high‑level profile context such as age range or retirement status).
Under our current vendor contracts and configurations, your data is not used to train third‑party foundation models.
We monitor vendor documentation and will update this Policy if their training or data‑use practices change.
When you choose to hear Grace’s responses instead of reading them, the text of the response is sent to ElevenLabs to generate audio; we do not send your account credentials or financial data to ElevenLabs.

Automated Decision‑Making
Our AI systems provide education, estimates, and scenario analysis (for example, retirement budgets or country comparisons). They do not make binding decisions about eligibility for credit, insurance, employment, or other legal rights. Any important financial, tax, or healthcare decisions should always be confirmed with a qualified professional.

5. Data Sharing and Third-Party Integrations

We may share your data only when necessary, as follows:

a. Service Providers

We work with third‑party providers who support our Services, such as:

Payment processors (e.g., Stripe) to securely process transactions.
Data aggregation or connectivity providers (e.g., Plaid) if you choose to connect financial accounts.
Cloud hosting, analytics, and logging providers that help us operate and secure the Services.
AI vendors (e.g., Perplexity) that power Smart Search and Grace’s conversational experiences.
Voice and speech providers (e.g., ElevenLabs) that convert Grace’s text responses into synthetic speech.

These providers are contractually required to use your personal data only to provide services to us and to protect it in line with applicable law.

b. Legal Requirements

We may disclose your data if required by law (e.g., responding to regulatory inquiries).

c. No Sale of Personal Data

We do not sell or rent your personal information to any third parties.

d. Enterprise and Integration Partners
If you access Grace through a third‑party partner (for example, an internet provider, employer, health plan, or retirement community), we may share limited usage information with that partner so they can measure engagement, deliver the Service to you, or offer related benefits. Where required, this will be clearly disclosed in the partner’s sign‑up flow, and we will only share this data under a contract that protects your privacy.

6. Your Rights (GDPR, DPA, CCPA)

You have the following rights regarding your data:

Access and Correction: Request a copy of the data we hold about you and correct any inaccuracies.
Data Portability: Receive a copy of your data in a commonly used format.
Erasure: Request deletion of your personal data (subject to legal exceptions).
Consent Withdrawal: Withdraw your consent for data processing at any time.

To exercise your rights, contact us at info@myplankeeper.com.

7. Security Measures

We implement strong security measures to protect your personal data, including:

Encryption: All data is encrypted in transit (via SSL/TLS) and at rest.
Access Controls: Limited access to sensitive data only to authorized personnel.
Third-Party Security: We ensure that third-party providers adhere to strict data protection standards.

8. Data Retention

We retain your data only as long as necessary to provide the Services or comply with legal obligations. When data is no longer needed, it is securely deleted.

For conversational and Smart Search features, we retain logs and transcripts only as long as needed to:

deliver the answer you requested;
maintain security and prevent abuse; and
improve the quality and safety of the Services (for example, detecting harmful prompts).

Where possible, we aggregate or de‑identify data so it can no longer reasonably be linked to you.

9. Cookies and Tracking Technologies

Categories of cookies we use

Essential Cookies: Necessary for site functionality, security, and login.
Performance and Analytics Cookies: Help us understand how users interact with the Site so we can improve content and usability (for example, page views and click patterns).
Marketing Cookies (if applicable): Used to deliver or measure ads about our Services on third‑party sites. You can opt out of these where required by law.

10. Smart‑Home and Voice Integrations

You may be able to access Grace through smart‑home devices and voice assistants (for example, Amazon Alexa, Google Home, or other supported platforms) provided by third parties.

When you do this:

- Your voice commands and certain device data may be processed first by the device maker (such as Amazon or Google) under their privacy policies, before being sent to us.

- We receive only the text or structured data that the device provider sends to our systems (for example, the transcribed text of your question and high-level device metadata).

- We do not control, and are not responsible for, how the device provider collects or uses data before it reaches us. We encourage you to review the relevant smart-home or voice assistant privacy policies. If we launch deeper smart-home integrations in the future (for example, using home-graph or device state APIs), we will update this Policy and clearly explain what additional data is used and why.

11. AI Transparency and Human Oversight

Grace’s responses are generated using AI models combined with real‑time web search. While we work hard to ensure accuracy, AI results may occasionally be incomplete or incorrect.
We always show or reference sources where possible so you can verify important information.
Grace is intended for education and planning support only. It does not replace financial advisors, tax professionals, doctors, or mental‑health clinicians.

12. International Data Transfers

If you access our Services from outside the U.S., your data may be transferred to our servers in the U.S. and processed according to this Privacy Policy. We implement safeguards to ensure your data remains protected.

13. Children's Privacy

Our Services are not intended for children under the age of 13. We do not knowingly collect personal data from children. If we discover such data, we will delete it promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Changes will be posted on this page, and significant updates may be communicated via email or in-app notification.

15. Contact Us

For privacy-related inquiries, please contact:

Email: info@myplankeeper.com
Phone: +1 (954)-466-8838
Address: 261 N University Dr S-500, Sunrise, FL 33324