Privacy Policy
Effective 2026-06-22 · Version 2026-06-22
Foresight Planner (the "Service") is operated by Multiverse Arc Inc.("we," "us"), a Canadian corporation. This policy explains what personal information we collect, why we collect it, how we use it, and the rights you have over it under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
What we collect
When you sign in, we collect:
- Account information from your Google sign-in: your email address and display name.
- Plan inputsyou enter into the planner: household members' ages, account balances and types (e.g. RRSP, TFSA), income, expected retirement age, savings rate, target retirement spending, asset allocation, and similar financial planning parameters.
- Simulation outputs produced from your inputs (Monte Carlo results, projected balances, success rates).
- Consent record: the date you accepted this policy and the version you accepted.
- Anonymous usage events (page views, feature usage) through Firebase Analytics. These events do not include your name, email, or financial inputs.
- Feedback you send usthrough the in-app feedback widget: the message you write and, only if you ask us to follow up, the email address you provide. This is stored in Canada (see "Where it's stored" below) alongside your other data.
We do not collect government identifiers (SIN, SSN), account numbers, or credentials for any financial institution.
Why we collect it
- To run the simulations and produce the results you ask the planner to compute.
- To save your plans so you can return to them, edit them, and compare revisions over time.
- To authenticate you and protect your account.
- To understand which features are used so we can improve the product (aggregate analytics only).
- To send you occasional product updates and announcements about the Service. You can opt out of these at any time using the unsubscribe link in any such message.
- To read and act on the feedback you send us, and to follow up with you at the email address you provided if you asked us to.
We do not use your information for third-party advertising, do not sell it, and do not share it with anyone outside the subprocessors listed below.
Where it's stored and processed
Your account information, plan inputs, and simulation outputs are stored in Google Cloud Firestore in the Montréal, Québec, Canada region.
Simulations are executed on Google Cloud Run in the same Montréal, Québec, Canada region. Your plan inputs, results, and any other personal information are processed and stored within Canada by design.
Authentication is handled by Google Firebase Authentication, which is a global Google service; your sign-in credentials are managed by Google under their own data-protection terms. We do not store your Google password.
Subprocessors
We rely on the following service providers to operate the Service. Each is bound by its own data-protection terms with Google LLC:
- Google Firebase Authentication: sign-in via Google OAuth.
- Google Cloud Firestore (Montréal, Canada): storage of your account, plans, and simulation results.
- Google Cloud Run (Montréal, Canada): running the simulation engine.
- Google Firebase Hosting: serving the web app.
- Google Firebase Analytics: aggregate usage analytics, no personal information.
- Cloudflare, Inc.: DNS, TLS termination, and edge network in front of the Service. Cloudflare processes request metadata (IP address, request headers, country/region derived from IP) to route and protect traffic to our origin servers. Cloudflare does not have access to your account information, plan inputs, or simulation results, which are stored at our Google Cloud origin in Montréal. Cloudflare's privacy practices are described in their privacy policy.
- Resend: delivery of transactionalemail only — account verification and password-reset messages. Resend processes your email address and the message content to deliver these. It is notused for marketing or newsletters. Resend's privacy practices are described in their privacy policy.
We do not currently use any third-party advertising network, payment processor, or marketing-email provider. If we add one, we will update this policy and re-request your consent.
Where the Service is available
The Service is currently available to residents of Canada outside Quebec. Account registration is limited to this region: we do not offer accounts to, or direct the Service at, residents of the European Union, the European Economic Area, the United Kingdom, Switzerland, or the Canadian province of Quebec. Traffic from Quebec is blocked at our edge network before it reaches the Service. Visitors from the European Union, the European Economic Area, the United Kingdom, and Switzerland may view our public pages and run the anonymous Quick Check tool, but cannot create an account. We will broaden availability as we complete the language support and regional compliance work required to fully serve those regions.
Retention
We keep your account, plans, and simulation results for as long as you have an active account. If you delete your account (Settings → Danger Zone → Delete Account), we erase your account profile, plans, and saved simulation results from our production stores at the time of the request. Backup snapshots maintained by Google Cloud may persist for a short retention window (typically up to 30 days) before being automatically overwritten.
We keep feedback you send through the in-app widget for up to 24 months, then delete it automatically. If you were signed in when you sent it, deleting your account also erases your feedback at the time of the request.
Aggregate analytics events that do not identify you are retained indefinitely.
To fulfil our obligations under PIPEDA (including breach reporting under Regulations s.6 and the records-of-handling requirement when individuals exercise their access, correction, or complaint rights), we retain a limited compliance audit record for 3 years after the event. These records contain only the information needed to evidence the operation (event type, your account identifier and email, privacy-officer identifier, date) and are not used for any purpose other than demonstrating compliance. This retention is permitted under PIPEDA s.4.5.3 (retention for legal obligation).
We also maintain short-retention operational logs in Google Cloud Logging in our Canadian region to support debugging, performance monitoring, and incident response. These logs reference your account by an opaque pseudonymous identifier (not your name or email) and are automatically deleted after 30 days. When you delete your account, the mapping from that identifier to your identity is destroyed at the same time, so any outstanding log entries can no longer be linked back to you.
Your rights
PIPEDA gives you the following rights over your personal information. To exercise any of them, contact our privacy officer using the details in the "Contact" section below. We will respond within 30 days.
- Access: request a copy of the personal information we hold about you.
- Correction: most fields (display name, plan inputs) you can edit yourself in the app. For anything you can't edit in the app (such as your email address), email us and we will correct it.
- Deletion: delete your account at any time from Settings → Danger Zone. This permanently removes your account profile, plans, and saved simulation results. The limited compliance audit record described in the Retention section above is retained for the disclosed 3-year window.
- Withdraw consent: because the only personal information we hold is what's needed to operate your account, withdrawing consent means closing your account. Use the deletion flow above.
- Challenge compliance: if you believe we have not handled your information in accordance with this policy or PIPEDA, contact our privacy officer. You may also file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.
Security
Data is encrypted in transit (TLS) and at rest. Access to production data is restricted to the privacy officer named below. Authentication is provided by Firebase Authentication; Firestore security rules enforce that you can only read and write your own account's data.
A more detailed description of our technical and organizational safeguards (covering data residency, encryption, authorization boundaries, audit logging, environment isolation, and administrative access) is available on request from the privacy officer.
Children
The Service is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18.
Changes to this policy
We may update this policy as the Service evolves. The version number above changes whenever the policy materially changes. When that happens, we will record the new version against your account the next time you sign in and may notify you in-app.
Contact
The privacy officer for Multiverse Arc Inc. is Hootan Nakhost. Reach the privacy officer at [email protected] for any access, correction, deletion, or complaint request, or for any other privacy-related question. We respond within 30 days as required by PIPEDA.
Multiverse Arc Inc. is a Canadian corporation. See also our Terms of Service.