Last Updated: May 15, 2026
Retirement planning means trusting an application with sensitive financial details. This page describes the security controls we have in place today, so you can make an informed decision about whether RetireZest meets your standards.
Plain-language summary: Your connection is encrypted, your password is never stored in readable form, and we do not connect to your bank or hold any login credentials. All financial figures you enter (balances, income, expenses) are manually provided by you and stored in a Canadian-hosted database accessible only to you.
Every request between your browser and RetireZest is encrypted using TLS (HTTPS). Plain-text HTTP requests are automatically upgraded to HTTPS.
We send the Strict-Transport-Security header (HSTS) with a one-year max-age and the preload directive, instructing browsers to always use HTTPS for our domain — even on the first visit.
Passwords are never stored in readable form. We hash every password with bcrypt (cost factor 10) before it touches the database. Even an attacker with full database access cannot recover the original password.
After login, we issue a JSON Web Token (JWT) with a 7-day expiry, stored in an HTTP-only, Secure cookie so it cannot be read by client-side JavaScript or transmitted over an unencrypted connection.
Login and registration are gated by Cloudflare Turnstile, a privacy-friendly CAPTCHA alternative that blocks automated abuse without showing puzzles or tracking users.
New accounts must verify their email before exceeding a small free-trial threshold. This limits abuse and keeps account recovery reliable.
All state-changing API routes (saving a scenario, updating your profile, running a simulation, deleting your account) require a valid CSRF token bound to your session. Token comparison uses a constant-time function to resist timing attacks.
A strict Content Security Policy (CSP) limits which domains can load scripts, styles, fonts, and frames. The policy is enforced via response headers on every request and is designed to neutralize most cross-site-scripting (XSS) attacks.
X-Frame-Options: DENY — prevents your account from being embedded in another site (clickjacking protection).X-Content-Type-Options: nosniff — prevents browsers from guessing content types.Referrer-Policy: strict-origin-when-cross-origin — limits referrer leakage to third parties.Permissions-Policy — disables camera, microphone, geolocation, and FLoC by default.Simulation runs and other expensive endpoints are rate-limited per account and per IP to absorb accidental loops and prevent resource exhaustion.
Your account data is stored in a managed PostgreSQL database hosted in Canada by Neon. Application servers run on Vercel and Railway, fronted by Cloudflare for DNS, CDN, and DDoS protection.
Database connections are encrypted in transit. Backups are managed by the database provider with point-in-time recovery.
We never store banking credentials. RetireZest does not connect to your bank, brokerage, or any financial institution. Every balance, income, and expense figure is manually entered by you.
Every database query that reads or writes user data is scoped by the authenticated user's ID. Our automated test suite includes cross-account data-leak tests that fail the build if a logged-in user can read or modify another user's records.
You can permanently delete your account from your account settings at any time. Deletion removes your personal profile, saved scenarios, simulation history, and subscription association. Anonymized aggregate metrics may be retained for product analytics, but they cannot be linked back to you.
For more on your privacy rights under PIPEDA and Quebec Law 25, see our Privacy Policy.
To set expectations honestly:
If you believe you have found a security vulnerability in RetireZest, please email contact@retirezest.com with a clear description of the issue, steps to reproduce, and any proof-of-concept material. We aim to acknowledge reports within two business days.
We ask that researchers do not exfiltrate user data, perform denial-of-service testing, or publicly disclose issues before we have had a reasonable opportunity to fix them.
The strongest controls on our side cannot protect an account if your password leaks. We recommend:
We will revise this page as our controls change. Material changes will be reflected in the "Last Updated" date at the top.
Questions? Reach us at contact@retirezest.com.