Privacy Policy
Effective Date: March 7, 2026
Kite Lane Group LLC ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and disclose information when you use the NestMint web application (the "Service"). It also describes your rights and choices regarding your information.
By creating an account, accessing, or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, you should not use the Service.
This Privacy Policy should be read together with our Terms of Service, which govern your use of the Service.
1. Information We Collect
We collect only the information necessary to provide the Service. The categories of information we collect are described below.
1.1. Account Information
When you create an Account, we collect:
| Data | Purpose | Storage Method |
|---|---|---|
| Username | Account identification and authentication | Stored in plaintext |
| Password | Account authentication | Stored as a SHA-256 hash with a unique cryptographic salt; we never store your plaintext password |
| Security question and answer (optional) | Account recovery | Stored on secure servers |
Note: We do not currently require an email address to create an Account. If we begin collecting email addresses in the future, this Privacy Policy will be updated accordingly.
1.2. Financial Planning Data (User Data)
The Service allows you to enter financial planning data to generate retirement projections and estimates. This may include, but is not limited to:
- Account balances (e.g., 401(k), IRA, Roth IRA, taxable brokerage, savings)
- Income amounts (e.g., salary, pension, Social Security estimates)
- Spending and budget amounts
- Tax rates and tax-related assumptions
- Expected rates of return and inflation assumptions
- Retirement age and planning horizon
- Roth conversion amounts and scenarios
- Required Minimum Distribution (RMD) parameters
- Any other financial planning inputs you choose to enter
All User Data is entered manually by you. The Service does not connect to, link with, or aggregate data from any third-party financial institution, bank, brokerage, or external data source.
User Data is stored as JSON in our database on secure servers.
1.3. Information We Do NOT Collect
We want to be transparent about what we do not collect:
- No email address is currently required for account creation.
- No cookies or browser storage. The Service does not use browser cookies or local browser storage mechanisms. Authentication and session management are handled entirely through server-side sessions.
- No analytics or tracking. We do not currently use any third-party analytics services, tracking pixels, advertising trackers, or similar technologies.
- No third-party account linking. We do not connect to or retrieve data from any external financial accounts or services.
- No location data. We do not collect precise geolocation data.
- No device fingerprinting. We do not employ browser or device fingerprinting techniques.
1.4. Automatically Collected Technical Information
When you access the Service, our servers may automatically record certain technical information in server logs, including:
- IP address
- Browser type and version
- Operating system
- Date and time of access
- Pages or features accessed within the Service
This information is collected as a standard function of web server operations and is used solely for maintaining the security and operational integrity of the Service. It is not used for tracking, profiling, or advertising purposes.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service: To operate the retirement planning tools, generate projections and estimates, and deliver the features you use.
- Account Management: To create and manage your Account, authenticate your identity, and facilitate account recovery.
- Service Improvement: To understand how the Service is used, identify bugs or errors, and improve the functionality, performance, and reliability of the Service.
- Security: To detect, prevent, and address fraud, unauthorized access, security incidents, and other harmful or illegal activities.
- Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
- Communications: To respond to your inquiries, support requests, or other communications you send to us.
We do not use your information for advertising, marketing profiling, or selling to third parties.
3. How We Store and Protect Your Information
3.1. Data Storage. Your information is stored on secure servers. User Data (financial planning inputs) is stored as JSON in our database. Your password is stored as a SHA-256 hash with a unique cryptographic salt — we never store or have access to your plaintext password.
3.2. Security Measures. We implement reasonable technical and organizational measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to:
- Cryptographic password hashing with salting
- Server-side session management (no client-side token storage)
- Secure server infrastructure
- Access controls limiting who can access user data
3.3. No Guarantee of Security. While we strive to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information. You acknowledge and accept this inherent risk when using the Service.
4. Sharing and Disclosure of Information
We take your privacy seriously and do not sell, rent, or trade your personal information or User Data to third parties for their marketing or commercial purposes.
We may share your information only in the following limited circumstances:
- Service Providers: We may share information with third-party service providers who perform services on our behalf (e.g., hosting providers, payment processors). Such providers are contractually obligated to use your information only for the purposes of providing their services to us and are required to maintain reasonable security measures.
- Legal Requirements: We may disclose your information if required to do so by law, or in the good faith belief that such action is necessary to (a) comply with a legal obligation; (b) protect and defend the rights or property of the Company; (c) prevent or investigate possible wrongdoing in connection with the Service; (d) protect the personal safety of users of the Service or the public; or (e) protect against legal liability.
- Business Transfers: If the Company is involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of such transaction. We will notify you of any such change in ownership or control of your information.
- With Your Consent: We may share your information for any purpose with your explicit consent.
5. Cookies, Tracking, and Similar Technologies
The Service does not currently use:
- Browser cookies (first-party or third-party)
- Local or session browser storage
- Tracking pixels or web beacons
- Third-party analytics services (e.g., Google Analytics)
- Advertising or retargeting technologies
- Device fingerprinting
Session management is handled entirely through server-side sessions. If we introduce any tracking or analytics technologies in the future, this Privacy Policy will be updated to reflect such changes, and you will be notified as described in Section 11 below.
6. Data Retention
6.1. We retain your Account information and User Data for as long as your Account is active and you maintain an active Subscription.
6.2. If you request deletion of your Account, we will delete your Account information and User Data within a reasonable timeframe, subject to any legal obligations requiring us to retain certain information.
6.3. Server logs containing automatically collected technical information are retained for a limited period necessary for security and operational purposes and are then deleted or anonymized.
6.4. Following Account deletion, certain information may be retained in anonymized or aggregated form that cannot be used to identify you individually.
7. Your Rights and Choices
You have the following rights regarding your information:
7.1. Access and Data Export
You may request a copy of the personal information and User Data we hold about you. To make a data export request, please contact us at support@nestmint.ai. We will respond to your request within thirty (30) days.
7.2. Correction
You may update or correct your User Data at any time through the Service. If you need to update your Account information (e.g., username), please contact us at support@nestmint.ai.
7.3. Deletion
You may request deletion of your Account and all associated data by contacting us at support@nestmint.ai. Upon receiving and verifying your request, we will delete your Account and User Data within a reasonable timeframe, subject to any legal retention obligations.
7.4. Subscription Cancellation
You may cancel your Subscription at any time. Cancellation does not automatically delete your Account or data. To delete your data, you must submit a separate deletion request as described above.
8. Children's Privacy (COPPA Compliance)
8.1. The Service is not directed at, marketed to, or intended for use by children under the age of thirteen (13). We do not knowingly collect personal information from children under 13.
8.2. If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete such information from our servers.
8.3. If you are a parent or guardian and believe that your child under 13 has provided personal information to us, please contact us at support@nestmint.ai so that we can take appropriate action.
8.4. Users must be at least eighteen (18) years of age to create an Account, as stated in our Terms of Service.
9. California Privacy Rights (CCPA/CPRA)
If you are a resident of California, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA"), provides you with certain additional rights regarding your personal information.
9.1. Right to Know
You have the right to request that we disclose to you (a) the categories of personal information we have collected about you; (b) the categories of sources from which the personal information is collected; (c) the business or commercial purpose for collecting the personal information; (d) the categories of third parties with whom we share personal information; and (e) the specific pieces of personal information we have collected about you.
9.2. Right to Delete
You have the right to request that we delete any personal information about you that we have collected, subject to certain exceptions provided by law.
9.3. Right to Correct
You have the right to request that we correct inaccurate personal information that we maintain about you.
9.4. Right to Opt-Out of Sale or Sharing
We do not sell or share your personal information as those terms are defined by the CCPA. Therefore, there is no need to opt out of sale or sharing.
9.5. Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide you with a different level of quality, or suggest any of the foregoing as a result of your exercising your rights under the CCPA.
9.6. Categories of Personal Information Collected
Under the CCPA framework, we collect the following categories of personal information:
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Username, IP address | Yes |
| Financial information | Self-reported account balances, income, spending (not linked to external accounts) | Yes |
| Internet or network activity | Server logs (browser type, pages accessed) | Yes |
| Protected classifications | Age (inferred from retirement planning inputs) | Indirectly |
| Geolocation data | Precise location | No |
| Biometric information | Fingerprint, face recognition | No |
| Sensory data | Audio, visual | No |
| Professional or employment information | Job title, employer | No |
| Education information | School, degree | No |
9.7. How to Exercise Your California Privacy Rights
To exercise any of your CCPA rights, please contact us at support@nestmint.ai with the subject line "CCPA Request." We will verify your identity before fulfilling your request. We will respond to verifiable requests within forty-five (45) days.
10. Other State and International Privacy Rights
10.1. Nevada Residents
Under Nevada law, certain consumers may opt out of the sale of "covered information." We do not sell your covered information as defined by Nevada law. If you have questions, please contact us at support@nestmint.ai.
10.2. Virginia, Colorado, Connecticut, and Other U.S. States
Residents of states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and Iowa) may have additional rights, such as the right to access, correct, delete, and obtain a copy of personal data, and the right to opt out of targeted advertising and the sale of personal data. Because we do not sell personal data or engage in targeted advertising, many of these rights are already addressed by our practices. For any privacy-related request, please contact us at support@nestmint.ai.
10.3. International Users
The Service is operated from and is intended for users in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction. By using the Service, you consent to the transfer and processing of your information in the United States.
11. Changes to This Privacy Policy
11.1. We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you by posting a prominent notice within the Service and updating the "Effective Date" at the top of this page.
11.2. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the revised Privacy Policy, you should discontinue use of the Service and request Account deletion.
11.3. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
12. Data Security Incident Response
12.1. In the event of a data breach or security incident that compromises the confidentiality or integrity of your personal information, we will:
- Investigate the incident promptly and take steps to contain and remediate the breach;
- Notify affected users as required by applicable law;
- Notify relevant regulatory authorities as required by applicable law;
- Provide information about the nature of the breach and steps you can take to protect yourself.
13. Third-Party Links
The Service may contain links to third-party websites or services that are not owned or controlled by the Company. This Privacy Policy applies only to the Service and does not govern the privacy practices of any third-party website or service. We encourage you to review the privacy policies of any third-party websites or services you visit.
14. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Because the Service does not currently employ any tracking technologies, we do not respond to DNT signals — not because we disregard your preferences, but because no tracking occurs regardless of your DNT setting.
15. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Kite Lane Group LLC
Email: support@nestmint.ai
Subject Line: "Privacy Inquiry"
We will respond to all privacy-related inquiries within thirty (30) days of receipt.