SSA
SSA Plan

Privacy Policy

Last updated: March 1, 2026

1. Information We Collect

We collect the following types of information:

  • Account information: Email address and firm name provided during registration
  • Google OAuth data: If you sign in with Google, we receive your name and email address from your Google profile
  • Client data: Names, dates of birth, gender, and earnings history entered by advisors
  • Uploaded files: Social Security statements (XML, PDF, or images) processed in memory and never stored
  • Payment information: Billing details are collected and processed by Stripe. We never see or store your full card number.
  • Usage data: Pages visited and features used (anonymized)

2. How We Protect Your Data

  • Social Security numbers are never stored. SSNs are stripped during file parsing and scrubbed with defense-in-depth regex patterns before any data reaches our database.
  • Client names and earnings are encrypted at the database column level using pgcrypto.
  • Row-level security ensures advisors can only access their own firm's data.
  • All PII access is logged in an audit trail.
  • File processing occurs in an isolated worker with no database access. Files are processed in memory only and never written to disk or stored on any server.
  • All connections use HTTPS with strict transport security headers.

3. How We Use Your Data

We use your data to:

  • Provide benefit estimation and scenario modeling services
  • Generate reports and shareable analysis links
  • Process payments and manage subscriptions
  • Improve the Service and fix issues

We do not sell, rent, or share your personal data or client data with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services to operate SSA Plan:

  • Supabase: Database hosting and authentication
  • Cloudflare: Application hosting and file processing infrastructure
  • Stripe: Payment processing
  • Google Cloud (Vision API): Optical character recognition for scanned PDF and image file processing. Document content is sent to Google's servers for text extraction and is not retained by Google after processing.
  • Google (OAuth): Optional sign-in authentication

Each third-party service is governed by its own privacy policy. We only share the minimum data necessary for each service to function.

5. Data Retention

Client data is retained while your subscription is active. Upon account deletion or request, all client data is permanently removed from our database, including all encrypted records. Uploaded files are never retained — they are processed in memory and discarded immediately after parsing.

6. Your Rights

You have the right to:

  • Access your data at any time through the Service
  • Request deletion of your account and all associated data
  • Export your client data
  • Revoke shared analysis links at any time

To exercise any of these rights, contact us at support@ssaplan.com.

7. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party analytics cookies.

8. Children's Privacy

SSA Plan is designed for use by licensed financial advisors and is not directed at individuals under the age of 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions, contact us at support@ssaplan.com.