nesthelm← Back

Security & your data

You're trusting us with a retirement decision. Here's how we handle that.

Plain language, not legalese. What we store, what we never ask for, who else touches it, and how to erase all of it.

What we never ask for

No SSN. No account numbers. No card details.

Your plan is built from your custodian, an approximate balance band, your age, and your distribution date — nothing that could drain an account. We never ask for your Social Security number or your full 401(k)/IRA account number, and you should never paste them into any free-text box here. If a field doesn't need it, we don't collect it.

What we store

Only what the plan needs.

Your custodian and destination, balance band, age, distribution date, and your email (so you can return to your plan and get deadline reminders). If you buy the $49 plan, we keep a payment record from Stripe. If you upload a distribution statement to confirm your rollover, we extract the date and amount and don't retain raw files longer than needed to process them.

Payments

We never see your card.

Checkout runs entirely on Stripe. Your card number, expiry, and CVC go straight to Stripe and never touch nesthelm's servers — we only ever receive a payment confirmation and a token. Stripe is a PCI-DSS Level 1 provider.

AI & your words

How the AI handles what you type.

Your plan, the Q&A, and document extraction use OpenAImodels to turn your situation into custodian-specific steps. Your inputs are sent to OpenAI to generate that output and are not used to train their models. Because anything you type in a free-text box is sent to the model, don't include SSNs or full account numbers — you never need to, and we strip identifiers from anything we log.

Analytics

Off by default, and we honor your browser.

We use privacy-friendly product analytics to improve the funnel — but nothing is collected until you acceptthe consent banner, and we automatically decline if your browser sends a Global Privacy Control or Do-Not-Track signal. We mask IDs and redact sensitive query parameters from anything we do record. We don't sell your data.

Deletion & retention

Delete everything, anytime.

Logged in? Open your account and delete it — that removes your intake, plan, email subscription, and any premium application in one action. Never made an account? Email hello@nesthelm.com and we'll erase your data. Abandoned, anonymous intakes are automatically purged within 24 months.

Who else touches your data

A short, named list of processors.

Stripe (payments), Supabase (authentication + encrypted Postgres database), Resend (transactional + reminder email), OpenAI (plan generation, gated by the controls above), and PostHog(analytics, only after consent). That's it — no data brokers, no ad networks. The full legal detail lives in our Privacy Policy.

The plumbing

Sensible defaults under the hood.

HTTPS everywhere with HSTS, hardened security headers (clickjacking, MIME-sniffing, referrer leakage), data encrypted at rest in our database, rate limiting on public endpoints, and least-privilege access to the systems that hold your data.

Question we didn't answer? Ask a human.

hello@nesthelm.com