FSFiduciarySignal
← Back to app

Privacy Policy

Last updated: May 11, 2026

This Privacy Policy explains how FiduciarySignal (the “Service”) handles your information. The Service is made available at four01k-advisor-line-report-card.onrender.com and through its mobile applications.

1. Information we collect

  • Email address. We collect your email address when you request a sign-in link. This is the only personal information we collect from you directly.
  • Authentication metadata. When you sign in, we record the timestamp of your sign-in to maintain your session.
  • Public filings data. The Service displays Form 5500 ERISA filings published by the U.S. Department of Labor. This data is about employer-sponsored retirement plans, not about you personally.

We do not collect passwords, location, contacts, or device identifiers. We do not use third-party advertising or analytics SDKs. The Service is currently free during a trial period. If we introduce paid plans in the future, payments will be processed by a PCI-compliant processor (such as Stripe); we will update this Policy before any such collection begins and we will never store full card numbers ourselves.

2. How we use your information

  • To send you a one-time sign-in link by email.
  • To maintain your authenticated session while you use the Service.
  • To respond to support requests you send to us.

We do not sell, rent, or trade your information. We do not share it with advertisers or data brokers.

3. Cookies and local storage

We set a single session cookie when you sign in. It is HttpOnly, Secure, and uses SameSite=Lax. The cookie expires after 30 days of inactivity or when you sign out. Our service worker may cache the application shell and public reference content on your device to enable offline use; this cache contains no personal information.

4. Third-party services

  • Resend (privacy policy) — delivers sign-in emails.
  • Render (privacy policy) — hosts the Service.
  • U.S. Department of Labor EFAST2 — source of public Form 5500 filings displayed by the Service. The DOL is the publisher of this data, not a recipient of your information.

5. Data retention

We retain your email address for as long as your account is active. Sign-in tokens expire 15 minutes after they are issued and cannot be reused. You may request deletion of your account at any time (see section 8).

6. Children

The Service is intended for retirement plan professionals and is not directed to individuals under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us and we will delete it.

7. Your rights

California residents (CCPA/CPRA). You have the right to know what personal information we have collected about you, to request its deletion, and to not be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising.

EEA, UK, and Swiss residents (GDPR/UK GDPR). You have the right to access, correct, delete, restrict, or port your personal data, and to object to processing. The lawful basis for processing your email is your consent (when you request a sign-in link) and our legitimate interest in operating the Service.

8. How to exercise your rights / contact us

To request access to or deletion of your data, or for any privacy question, email cdanielswpb@gmail.com. We will respond within 30 days.

9. Security

We use HTTPS for all traffic, hash and sign sign-in tokens with a server-side secret, and apply standard hardening to session cookies. No system is perfectly secure; if we become aware of a breach affecting your information, we will notify you in accordance with applicable law.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the “Last updated” date above. Continued use of the Service after a change indicates acceptance of the updated policy.

App Terms of Service Contact