Last updated: March 7, 2026
When you create an account or use IncomePro, we may collect the following types of information:
Account Information: Your name, email address, firm name, phone number, and professional credentials provided during registration.
Client Financial Data: Information you enter about your clients for the purpose of financial planning, including names, ages, income sources, Social Security estimates, pension details, investment account balances, withdrawal strategies, and retirement planning scenarios. This constitutes sensitive financial information and is treated with the highest level of protection.
Payment Information: Billing details processed through Stripe. IncomePro does not store your full credit card number on our servers. All payment processing is handled by Stripe in compliance with PCI-DSS standards.
Usage Data: Information about how you interact with the platform, including pages visited, features used, and session duration. This helps us improve the product experience.
We use the information we collect to provide and improve the IncomePro platform, process payments and manage your subscription, communicate with you about your account, service updates, and support requests, ensure the security and integrity of our platform, and comply with legal obligations.
We do not use client financial data for any purpose other than providing the Service to you. We do not use your clients' financial data to train machine learning models, generate aggregate analytics for sale to third parties, or for any purpose unrelated to delivering the planning features you access through IncomePro.
Given the sensitive nature of financial planning data, we apply the following specific protections to client financial information entered into IncomePro:
Data Isolation: Each advisor's client data is logically isolated through row-level security policies enforced at the database level. No advisor can access another advisor's client records under any circumstances.
Encryption: All data is encrypted in transit using 256-bit TLS encryption. Data at rest is encrypted using AES-256 encryption provided by our database infrastructure.
Access Controls: Access to client data is restricted to the authenticated advisor who created it. Our platform enforces authentication on every API request, and no administrative interface provides bulk access to client financial records.
No Data Aggregation: We do not aggregate, anonymize, or otherwise repurpose client financial data for analytics, benchmarking, or any secondary use.
We implement industry-standard security measures to protect your data, including 256-bit TLS encryption for all data in transit, encrypted database storage with row-level security policies ensuring data isolation between accounts, secure authentication powered by Supabase Auth with session token management, and infrastructure hosted on enterprise-grade cloud providers with physical and network security controls.
While we implement robust security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using commercially reasonable safeguards appropriate for the sensitivity of financial planning information.
We do not sell, rent, or trade your personal information or your clients' financial data to third parties. We share limited data only with the following trusted service providers who assist in operating our platform:
Stripe: Processes subscription payments. Stripe receives only your billing information and does not have access to client financial data.
Supabase: Provides database infrastructure and authentication services. Client data is stored in Supabase's encrypted infrastructure with row-level security enforced.
Vercel: Hosts the IncomePro web application. Vercel processes web requests but does not persistently store client financial data.
These providers are bound by their own privacy policies and data processing agreements. We select providers that maintain security standards appropriate for handling sensitive financial information.
We retain your account data and client financial data for as long as your account is active or as needed to provide you services. If you close your account or request deletion, we will permanently delete your personal data and all associated client data within 30 days, except where retention is required by applicable law or regulation.
You may request deletion of individual client records at any time through the platform. Deleted client data is permanently removed from our active databases and will be purged from backup systems within 90 days.
In the event of a data breach that affects your personal information or your clients' financial data, we will notify affected users within 72 hours of confirming the breach. Notification will include the nature of the breach, the types of data involved, the steps we are taking to address it, and recommendations for actions you may take to protect yourself and your clients.
You have the right to access, correct, or delete your personal data at any time through your account settings or by contacting us. You may also request a full export of all data we hold about you and your clients.
As a financial advisor using IncomePro, you are the data controller for the client information you enter into the platform. You are responsible for obtaining any necessary consent from your clients to input their financial data into IncomePro, informing your clients about how their data is processed within the platform, and responding to your clients' data access or deletion requests. We will support you in fulfilling these obligations by providing data export and deletion capabilities.
IncomePro is a financial planning tool and is not a registered investment advisor, broker-dealer, or financial institution. While we implement security measures appropriate for handling sensitive financial data, compliance with industry-specific regulations (such as SEC, FINRA, or state-level regulations) applicable to your practice remains your responsibility as the financial advisor.
IncomePro uses essential cookies required for authentication and session management. We do not use third-party advertising cookies or tracking pixels.
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the platform or sending you an email at least 30 days before the changes take effect. Your continued use of IncomePro after changes constitutes your acceptance of the updated policy.
If you have questions about this Privacy Policy, how we handle your data, or wish to exercise any of your data rights, please contact us at support@incomepro.org.