Privacy Policy

Last updated: April 2026 · Effective date: April 2026 · Applies to: RetiroGo.com and ClaimRight service

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have over your data. We are subject to the General Data Protection Regulation (GDPR) as an operator based in Portugal, and we take our obligations under GDPR seriously.

1. Who we are

RetiroGo / ClaimRight is a financial education service operated by Dave Timmermans, based in Portugal, European Union. We provide educational analysis of Social Security claiming strategies to individuals based primarily in the United States.

For the purposes of GDPR, we are the data controller of the personal information you provide to us.

Contact: info@retirogo.com

2. What information we collect

Information you provide directly

Full name and date of birth
Email address
Social Security benefit estimates (as provided by you from ssa.gov — we do not access SSA systems directly)
Date of birth of spouse or partner (if applicable)
Approximate retirement account balances
Government pension amounts (if applicable)
Employment status and planned retirement age
Self-reported health status
Any additional information you choose to share in forms or email correspondence

Information collected automatically

IP address and approximate location (country/region level only)
Browser type and version
Pages visited and time spent on our website
Referring URL (how you found our site)
Device type (desktop, mobile, tablet)

Payment information

We use Stripe to process all payments. We do not store, see, or have access to your credit card or bank account details. Stripe processes and stores your payment information directly. Stripe's privacy policy is available at stripe.com/privacy.

3. Why we collect this information and our legal basis

Purpose	Data used	Legal basis (GDPR)
Delivering your Clarity Report or Guided Package	All intake form data	Contract performance (Art. 6(1)(b))
Processing your payment	Email, name, transaction reference	Contract performance (Art. 6(1)(b))
Responding to your questions and follow-up emails	Email, name, report data	Contract performance (Art. 6(1)(b))
Sending our newsletter (Beehiiv) if you subscribed	Email address, name	Consent (Art. 6(1)(a))
Improving our service and website	Anonymised usage data	Legitimate interests (Art. 6(1)(f))
Complying with legal obligations	Transaction records	Legal obligation (Art. 6(1)(c))

4. How long we keep your information

Client intake data and reports: 3 years from the date of service delivery, then securely deleted.
Payment records: 7 years, as required by EU accounting and tax law.
Email correspondence: 2 years from last contact.
Newsletter subscribers: Until you unsubscribe, at which point we delete your data within 30 days.
Website analytics data: 14 months, then automatically purged.

5. Who we share your information with

We do not sell, rent, or trade your personal information to any third party, ever. We share data only with service providers necessary to operate our business:

Stripe — payment processing. Data shared: name, email, transaction amount. Location: USA (Standard Contractual Clauses apply for GDPR compliance).
Beehiiv — newsletter platform. Data shared: name, email address (only if you subscribed). Location: USA (Standard Contractual Clauses apply).
Typeform — intake form collection. Data shared: all intake form responses. Location: USA (Standard Contractual Clauses apply).
Google Workspace — email and document storage. Data shared: email correspondence and report files. Location: EU data region selected.
Calendly — booking platform for video calls. Data shared: name, email, selected time slot. Location: USA (Standard Contractual Clauses apply).

All third-party processors have been selected for their GDPR compliance capabilities. We have data processing agreements in place where required.

We may disclose your information if required by law, court order, or regulatory authority. We will notify you of any such disclosure to the extent permitted by law.

6. International data transfers

We are based in Portugal (EU) and serve clients primarily in the United States. When we transfer your personal data to service providers based in the USA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission. You may request a copy of these safeguards by contacting us.

7. Your rights under GDPR

If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:

Right of access: You can request a copy of all personal data we hold about you.
Right to rectification: You can ask us to correct any inaccurate or incomplete data.
Right to erasure ("right to be forgotten"): You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.
Right to restrict processing: You can ask us to pause processing of your data in certain circumstances.
Right to data portability: You can request your data in a structured, machine-readable format.
Right to object: You can object to processing based on legitimate interests, including for direct marketing.
Right to withdraw consent: Where processing is based on consent, you can withdraw that consent at any time.

To exercise any of these rights, email us at info@retirogo.com. We will respond within 30 days. You also have the right to lodge a complaint with the Portuguese data protection authority (CNPD) at cnpd.pt, or with the data protection authority in your country of residence.

8. Data security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include encrypted data storage, access controls limiting who can view client data, and secure communication channels. No method of internet transmission is 100% secure, and we cannot guarantee absolute security, but we take our obligations seriously and review our security practices regularly.

9. Children's privacy

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the Last updated date at the top of this page and, where the changes are material, notify existing clients by email. Your continued use of our services after any change constitutes acceptance of the updated policy.

11. Contact

For any questions about this Privacy Policy or your personal data, contact us at: info@retirogo.com
Dave Timmermans
Av. da Correeira, 8200-350 Albufeira, Portugal