This announcement bar can be used to inform visitors of something important!
Last updated: April 22, 2025
1 Financial Plan, LLC (“1FP,” “we,” “our,” or “us”) is committed to safeguarding your privacy while helping you make smarter retirement decisions. This Privacy Policy describes what information we collect, why we collect it, how we use it, and the limited circumstances under which we share it when you:
This Policy applies to every visitor, subscriber, and registered user, anywhere in the world, unless a region‑specific addendum states otherwise. Because privacy laws differ by country and even by U.S. state, we have structured the document so you can quickly find the rules that apply to you.
By accessing or using the Site or our services, you confirm that you have read, understood, and agreed to the practices described here. If you do not agree with any part of this Policy, please close the Site and refrain from using our services. Your continued use after we post an updated version will constitute acceptance of the changes.
For ease of reading, we have included short, plain‑English explanations inside each section. If you still have questions, you can always reach us at support@1financialplan.com.
To keep this Privacy Policy clear and consistent, we use the following defined terms throughout. When you see these words capitalized, they have the specific meanings below—even if we don’t repeat the definitions every time.
“Personal Information” (or “PI”)
Any data that identifies, relates to, describes, or could reasonably be linked—directly or indirectly—to a particular individual. Examples include your name, e‑mail address, mailing address, phone number, device identifiers (such as an IP address or mobile‑ad ID), and profile details like your retirement goals or investable‑asset range.
“Processing”
An umbrella term that covers every action we might perform on Personal Information: collecting, recording, organizing, structuring, storing, modifying, analyzing, transmitting, disclosing, or deleting it—whether those actions are manual or automated.
“Service Provider” (also “Processor”)
A third‑party company that Processes Personal Information on 1FP’s behalf under a written contract. Typical examples include HubSpot (customer‑relationship management and e‑mail delivery), Google Analytics 4 (web analytics), Hotjar (user‑experience insights), Databox (dashboarding), Cloudflare (security and content delivery), and Amazon Web Services (hosting).
“Advisor”
An independent, third‑party retirement‑planning professional or firm to whom you may ask us to introduce you. Advisors are not employees or agents of 1FP; they operate under their own licenses, regulatory obligations, and privacy policies.
“Cookies and Similar Technologies”
Small files or snippets of code—such as browser cookies, pixels, local‑storage objects, beacons, or software‑development kits (SDKs)—that store or retrieve information on your device. We use these technologies for purposes like remembering preferences, measuring site performance, and showing relevant ads.
Whenever these capitalized terms appear in the sections that follow, they carry the precise meanings set out above.
We obtain information about you through three complementary channels:
We do not actively seek government‑issued IDs, credit‑card numbers, or health information; please refrain from posting or sharing such data.
We handle Personal Information for four broad purposes—service delivery, personalization, communication, and protection & compliance—each described below.
Service delivery. We process the data you provide to create and maintain your account, register you for webinars, deliver downloadable resources, and fulfil requests such as connecting you with an independent retirement‑planning Advisor. Without this information we could not perform the “contract” you initiate when you ask us for these services.
Personalization and product improvement. Usage metrics, heat‑map analytics, and feedback help us understand which articles, calculators, or videos resonate with different audiences. We combine that insight with the retirement goals you share to suggest more relevant content, A/B‑test new layouts, and develop new tools—all under our legitimate interest in making the Site more useful.
Communication and marketing. Your contact details allow us to send transactional messages (e.g., webinar links, policy updates) and, with your consent, newsletters or promotional material about new courses and events. We also use cookies and advertising pixels to gauge which campaigns bring people to the Site so we can allocate our ad budget efficiently and avoid showing you the same ad repeatedly.
Protection, fraud prevention, and legal compliance. IP addresses, device fingerprints, and security logs from providers like Cloudflare help us detect bots, brute‑force attempts, or suspicious activity. We retain certain transaction records for bookkeeping, tax, and audit purposes and may disclose information when legally compelled—for example, in response to a subpoena or to meet obligations under financial‑crimes regulations.
Legal bases. Where the GDPR or similar laws apply, we rely on (i) contractual necessity to deliver the services you request, (ii) legitimate interests to improve the Site and prevent abuse, (iii) consent for non‑essential cookies, marketing e‑mails, and Advisor introductions, and (iv) legal obligation when record‑keeping or government requests require it.
In every case, we limit our use of your information to what is proportionate and relevant to the stated purpose, and we never use sensitive personal data (such as health or government‑ID numbers) for marketing or analytics.
We respect your privacy and do not “sell” Personal Information for money—full stop. That said, running an online education platform inevitably requires sharing certain data with trusted third parties under carefully controlled conditions. Below is an overview of the limited circumstances in which we disclose information and the safeguards we apply.
Service Providers acting on our behalf. We partner with a select group of vendors that help us operate, secure, and improve the Site. For example, HubSpot stores our customer‑relationship records and delivers e‑mails; Hotjar captures anonymized heat maps and blurred session replays so we can see where users struggle; Google Analytics 4 measures traffic and engagement; Databox consolidates those metrics into internal dashboards; Cloudflare accelerates page loads and blocks malicious traffic; and Amazon Web Services hosts our servers in encrypted data centers. Each Service Provider signs a written agreement that: (i) limits use of your data to the specific tasks we assign, (ii) bars them from using the data for their own marketing, and (iii) requires robust security and confidentiality measures.
Advertising and measurement partners. When we run ads on platforms like Google, Meta (Facebook/Instagram), or LinkedIn, we share pseudonymized event data—such as a hashed e‑mail address or a cookie ID—so those platforms can tell us which campaign drove a webinar signup or page view. These partners are contractually prohibited from re‑using the data for their own purposes, and you can opt out of such sharing at any time through our cookie banner or your device’s ad‑preferences settings.
Advisor introductions at your request. If you explicitly ask us to connect you with an independent retirement‑planning Advisor, we will forward the contact details and high‑level financial profile you provide (for example, age band, retirement timeline, investable‑asset range, and any questions you submit). Once an Advisor receives that information, they become independently responsible for it under their own privacy policy and regulatory obligations.
Business transfers and corporate events. Should 1 Financial Plan undergo a merger, acquisition, asset sale, or corporate reorganization, Personal Information may be transferred as part of that transaction. If that happens, we will require the successor entity to honor this Privacy Policy or give you advance notice and an opportunity to opt out of any materially different practices.
Legal compliance and protection. We may disclose information when we believe in good faith that it is necessary to: (i) comply with a subpoena, court order, or other legal process; (ii) cooperate with regulators or law‑enforcement; (iii) enforce our Terms of Service; (iv) investigate potential fraud, abuse, or security threats; or (v) protect the rights, property, or personal safety of 1FP, our users, or the public.
Aggregated or de‑identified insights. We sometimes publish statistics—such as “43 percent of visitors completed our retirement‑readiness quiz”—or share benchmarking trends with partners. Before doing so, we strip out or transform the data so it can no longer reasonably be used to identify you.
Except for these narrowly defined situations, we do not disclose your Personal Information to third parties, and we never grant any party unconditional rights to re‑sell or re‑share it.
Like most websites, we use cookies and similar technologies. Some cookies are strictly necessary—for example, Cloudflare places a cookie that helps us distinguish legitimate traffic from bots. Others support analytics—Google Analytics and Hotjar tell us which articles are popular, how far people scroll, and where they get stuck. We also place advertising pixels from Facebook, Google, and LinkedIn so we can measure ad performance and, where allowed, show you relevant ads later. When you first visit from the European Economic Area, the United Kingdom, or U.S. states that require opt‑in consent, you will see a banner that lets you accept, reject, or customize non‑essential cookies. Your browser settings and industry opt‑out pages (for example, the Digital Advertising Alliance) offer additional control.
If you choose to join our mailing list, download a calculator, or attend a webinar, we may follow up with educational e‑mails covering retirement‑planning concepts, upcoming events, product updates, or relevant industry news. We send these messages only after you give clear consent—for example, by ticking a signup box or confirming via double‑opt‑in. Every e‑mail complies with the U.S. CAN‑SPAM Act, Canada’s CASL, and (where applicable) GDPR requirements: the sender is clearly identified, the subject line is not misleading, and a prominent “unsubscribe” link appears at the bottom. Clicking that link (or replying “unsubscribe”) removes you from the list within 48 hours; we then place your address on a “do‑not‑mail” suppression file to ensure it stays opted out.
Occasionally, we offer SMS or automated voice reminders—for instance, to deliver a one‑time webinar‑access code or confirm an Advisor appointment. We will send these messages only if you expressly opt in by checking a phone‑consent box or replying “YES.” Text frequency is disclosed at signup and never exceeds the stated limit. You can end SMS communications at any moment by texting “STOP,” after which we send one final confirmation and cease further texts.
Beyond direct messages, we use platforms such as Google Ads, Meta (Facebook/Instagram), and LinkedIn to display interest‑based advertising. These ads rely on pseudonymous identifiers—like cookie IDs or hashed e‑mails—to show you content that matches your interests and to cap how many times you see the same ad. You can disable or limit this targeted advertising by (a) refusing “Advertising & Measurement” cookies through our banner, (b) using your device’s “Limit Ad Tracking” setting, or (c) visiting self‑regulatory opt‑out pages such as the Digital Advertising Alliance (DAA) or Network Advertising Initiative (NAI).
In short, you stay in control: opt in when you want to hear from us, and opt out instantly if you change your mind. We never add you to a marketing list without permission, never hide the unsubscribe option, and never penalize you for saying “no thanks.”
Our primary servers and many of our Service Providers are located in the United States. If you are in the European Economic Area or the United Kingdom, this means your Personal Information may be transferred outside your home jurisdiction. We rely on approved legal mechanisms—such as Standard Contractual Clauses or the EU‑U.S. Data Privacy Framework—to protect your information during those transfers.
We keep Personal Information only as long as necessary for the purposes described in this Policy. Account details remain for as long as your account is active and up to three years after closure so we can satisfy tax and fraud‑prevention requirements. Google Analytics retains event data for twenty‑six months, while Hotjar keeps session recordings for one year. Marketing contact records persist until you unsubscribe or have been inactive for three years, after which we move your address to a suppression list so you do not receive further mailings. Advisor‑introduction logs are stored for seven years in case of regulatory inquiries or disputes. When retention periods expire we securely delete or irreversibly anonymize the data.
Depending on where you live, you may have legal rights to access, correct, delete, or restrict the processing of your Personal Information; to receive a portable copy of it; to opt out of targeted advertising or the “sale” or “sharing” of Personal Information as defined by certain U.S. state laws; and to object to certain processing for legitimate‑interest purposes. You may exercise these rights by e‑mailing privacy@1financialplan.com or using the web form linked in our footer. We will verify your identity—typically by asking you to confirm access to your e‑mail address—and respond within the timeframe required by law, usually no later than thirty days. Residents of the European Union, United Kingdom, or certain U.S. states may also have the right to lodge a complaint with their data‑protection authority.
We employ industry‑standard security safeguards, including TLS 1.3 encryption for data in transit, AES‑256 encryption for databases at rest, role‑based access controls, quarterly penetration tests, and 24‑hour network monitoring. Nevertheless, no Internet transmission or storage system can be guaranteed 100 percent secure, and you acknowledge that you use the Site at your own risk. If we learn of a data‑security incident that affects your Personal Information, we will notify you and the relevant authorities as required by applicable law—typically within seventy‑two hours for EU residents.
The Site is intended for adults and teenagers no younger than thirteen. We do not knowingly collect Personal Information from children under 13, and if we discover that we have inadvertently done so, we will delete that information promptly. Parents or guardians who believe we have collected data from a child may contact us at privacy@1financialplan.com.
Our articles occasionally link to external resources—for example, IRS calculators or Securities and Exchange Commission filings. We have no control over, and are not responsible for, the privacy practices or the content of those external sites. We encourage you to review the privacy statements of every website you visit before providing any Personal Information.
We may update this Policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make a material change we will post a prominent notice on the Site and, if you are a registered user, send you an e‑mail at least thirty days before the revisions take effect. Your continued use of the Site after the effective date constitutes acceptance of the updated Policy.
If you have questions about this Privacy Policy or wish to exercise your privacy rights, you may reach us by e‑mail at support@1financialplan.com
we collect only the data we need to give you a better retirement‑planning experience,
we never sell it for cash,
we share it sparingly with trusted partners,
and you remain in control of how it’s used.
Feel free to write or call us if anything is unclear.
My Financial Plan is owned and operated by Hariri Financial Services Corporation.