Last Updated: August 29, 2022
What this policy covers
Your privacy and maintaining the privacy of your information is very important to us. This policy is intended to help you understand the following:
- What information we collect about you
- How we use the information we collect
- How we share the information we collect
- How we store and secure the information we collect
- How to access and control your information
- How we make changes to this policy
- How to contact us with questions about privacy
This policy addresses data collection and handling practices pertaining to all of our Services (as that term is defined in the Terms of Service). This policy is a part of the Terms of Service, and should be read together with them.
- We encourage you to only enter required information into online forms and to be cautious sharing personal information via email. We don't require your real name, so you can run use our Services with any name you want, or even with no name. We don't require Social Security Number or any account numbers in any of our Services, although we may at times see this information if you share with us.
- None of our Services are intended for children under 16 years of age. If you are under 16, do not access or use our Services or provide any personal information to us whatsoever.
What information we collect about you
Information we collect about you falls into three broad categories: information you provide to us, information we collect automatically, and information from other sources.
Information you provide to us
You provide information to us by using our programs, filling out forms, sharing it with us during service sessions, or working with our consultants/employees. This information falls into the following categories:
- Contact Information: Entered through a contact form, support ticket, or may be emailed during interactions with our consultants/employees, this is your email address or other contact information and the contents of your message, email, or question.
- Account Information: Username, email address, password, and optionally picture, time zone, phone number for two-factor authentication, and (for professionals) basic contact information about your business.
- Order Information: Information associated with an order for our Services, which includes full name, billing address, country, email, product purchased, purchase price, and sales tax. We do not store credit card information.
- Demographic and Financial Data: Demographic and financial information collected via forms in our Services, emailed to consultants/employees, or discussed during phone/video consultations.
Information we collect automatically
As you use our Services we use automatic tracking technologies to record limited information. The information we gather is:
- Page Information: Which pages you enter and exit on and visit in between, how long you stay on pages, and also occasionally interactions with pages such as buttons or links clicked or videos watched.
- System Information: Operating system, web browser version, and information about your device, such as phone or tablet.
- Visit Information: Approximate geographic location (using the first three segments of the IP address, not your specific IP address), and whether you are a return visitor or not.
Information from other sources
Third party services we use provide us with supplemental information, including:
- Google Analytics Supplemental Data: Our web traffic analytics provider, Google Analytics, includes information about the demographics and interests of visitors to our public websites. They derive this information based on a unique “cookie” or tag placed in your web browser. We do not associate this data with personal information such as name, address, etc., and only receive it from Google, LLC in aggregate, depersonalized fashion.
- Constant Contact Supplemental Data: Our marketing email provider, Constant Contact, provides information about responses to emails we send out, such as whether emails were opened and links clicked, or whether emails were blocked or bounced.
How we use the information we collect
We use Account and Order Information to process your requests, provide you with access to the Services, prevent fraud, and ensure data security. We also use this information to send Account-Based (non-marketing) emails such as new account information, renewal notices, receipts, invoices, and critical service alerts; you cannot opt out of receiving Account-Based emails.
We use Demographic and Financial Information to produce the deliverables of provide the Services you have purchased, which are typically reports based on your Demographic and Financial Information.
If you contact us to obtain a Service (including customer support), we use, as needed Demographic and Financial Information along with Order, Contact, and System Information to fulfill your request. We only examine Demographic and Financial Information of a customer upon their explicit request or if needed to provide the Service requested. Our consultants/employees may also communicate with you during and after your sessions with them using your Contact Information provided to them.
During advisor sessions, you may provide access to your Financial Information to our consultants/employees so they can help you understand how a particular Service works (e.g., Co-Pilot Service or Expert Review). During these sessions, you will make available to the consultant/employee certain Financial Information that you plan to use or are using in connection with one of our Services. Once the information is no longer needed, the consultant/employee will delete any data they may still have access to from their systems.
We use Page, System, and Visit Information and Google Analytics Supplemental Data to perform research and analysis to better understand our customers’ needs, to appropriately price and promote our Services, to develop new Services and features, and to troubleshoot errors in delivery of our Services.
We use Constant Contact Supplemental Data, at an aggregate level, to better understand our customers’ preferences regarding marketing content so we can provide relevant content to customers such as information regarding improvements to the Services they have purchased.
How we share the information we collect
We do not sell your personal information to any third party in exchange for money. We share your information in the following ways:
Amazon Web Services
Our Services store your Contact, Account, and Order Information as well as Demographic and Financial Information in Amazon Web Services managed databases. Data is transmitted and stored in encrypted format.
We share Order Information with Avalara for purposes of calculating state sales tax for purchases billed to U.S. addresses.
When you opt in to receiving marketing emails, we share your email address with Constant Contact, which is the service we use for managing our marketing email lists. The email address is only accessible in our account at Constant Contact.
We use Freshdesk for customer support. When you contact us via a Help widget or Contact form or via email, your email address and any other information you send to us and that is contained in subsequent communications between you and our support staff is processed and stored by the Freshdesk service.
We share Page, System, and Visit Information with Google Analytics, who aggregates the data for our use in analytical reporting to improve our Services.
Similar to Google Analytics, Hotjar collects Page, System, and Visit Information, including detailed information about time spent on a page, mouse movements and clicks that provides us with analytical reporting to improve our Services. Note that we do not use Hotjar on any page where you are entering any data into a form so no personally identifiable information is shared with Hotjar.
We use the MailChimp service to reliably send Account-Based emails (new account information, renewal notices, receipts, etc.). Therefore, we share some Account and Order Information with MailChimp within content of the emails. The email data is retained in MailChimp logs for approximately 30 days.
We share Order Information with Stripe for the purposes of processing your payments. In addition to the Order Information we retain, Stripe also receives your credit card information.
We sometimes use Survey Monkey to send surveys to you. Any information you share in those surveys will be shared with Survey Monkey.
In order to send validation codes to your phone if you set up optional two-factor authentication, your phone number, but no other personal data, is shared with the Twilio service.
Sometimes we embed YouTube videos to explain or showcase an available Service. If you click on a video to watch it, YouTube collects Page, System, and Visit information.
How we store and secure the information we collect
We use the following means to protect your data:
- All communication between your browser and our servers uses up to 256-bit encryption.
- Any data stored in our application database at Amazon Web Services is secured using industry-standard AES-256 encryption.
- If using Maximize My Social Security for Households, Maximize My Social Security for Financial Advisors, MaxiFi Planner for Households, MaxiFi Planner Premium for Households, or MaxiFi Planner PRO, you can optionally set up two-factor authentication (TFA) for your account to require log in verification by a code sent to your mobile phone.
- All data is stored in data centers that are protected 24/7 with biometric checkpoints, video surveillance and other industry-standard techniques.
- All data resides in data centers within the United States.
- We regularly engage third parties to review and test our application and server security.
Please see our Security Controls (which is a part of this policy and incorporated herein by this reference) document for more information about how we protect your information.
Currently we retain all data indefinitely, with the exception of Demographic and Financial Information which we retain in a customer account for 6 years from the last time the account was accessed.
How to access and control your information
We strive to allow you to easily view, modify, and delete information we collect except where we need to retain that information for legitimate business purposes. In addition, we provide straightforward ways to opt out of any automated data capture or marketing programs.
- Contact Information: Contacts made via our contact forms or email and any responses will be available in your own email account if you choose to retain the information. Support tickets and any responses can be viewed in the system in which they were entered and can be deleted upon request.
- Account Information: You can view your account information by logging into your account. Accounts are typically accessible even if your subscription has expired. You can modify certain information for your account, such as your email address. You can request deletion of your account by our consultants/employees but you must first log in to your account in order to confirm your identity.
- Order Information: You can view past orders by logging in to your account. We retain order information indefinitely.
- Demographic and Financial Data: You can log into your account for the appropriate service and view, modify or delete all information. If your subscription is no longer active you can request deletion of your Demographic and Financial Information by our consultants/employees but you will need to first log in to your account in order to confirm your identity.
- Constant Contact Supplemental Data: You can manage your Constant Contact preferences, including opting out of all marketing email communication from us, by simply clicking the link in the footer of any email you’ve received from us through Constant Contact. If for some reason you cannot do that, see the contact information below and send us a request to remove your email address from our lists.
How we make changes to this policy
May 22, 2018: Initial version
May 26, 2018: Clarified Constant Contact opt in and opt out information
May 2, 2019: Removed references to ESPlannerBASIC Canada
March 2, 2020: Removed reference to ESPlannerBASIC. Removed references to non-AWS data centers that are no longer used. Updated statement on encryption bit strength.
April 6, 2020: Changed payment processor info from PayPal to Stripe.
June 29, 2020: Alphabetized third party services list, added Freshdesk.
August 29, 2022: Added information about Survey Monkey and adjusted language as needed due to addition of Co-Pilot service.
How to contact us with questions about privacy