MyFNA

Privacy Policy

Last updated: April 16, 2026

This policy describes how MyFNA ("we", "us") handles information when you use our website and software. It is meant to be clear and practical. It does not create rights beyond what the law provides, and it is not personalized legal advice for your firm.

Who this applies to

The service is built for financial professionals and their teams ("advisors") who run client intake through our application. When advisors collect information from their clients, advisors act as a controller for that client relationship. We process data on behalf of the advisor workspace to deliver the product.

Information we process

  • Account and access. Identity and session data from our authentication provider (Clerk), including email, name, organization membership, and security events needed to protect accounts.
  • Workspace and intake content. Questionnaire responses, metadata about submissions, and optional file uploads that advisors or clients attach to an intake flow.
  • Billing. Subscription status and payment identifiers from our payments provider (Stripe). We do not store full payment card numbers on our servers.
  • Support and product email. Messages you send through contact or in-product flows, and transactional email delivery metadata from our email provider (Resend) when we send system messages.
  • Technical logs. Standard server and diagnostic data used to operate the service, fix errors, and detect abuse.

How we use information

We use the data above to provide and secure the product, bill workspaces, send operational notifications, improve reliability, respond to lawful requests, and communicate with you about the service. We do not sell personal information as a line of business.

Where data is stored and subprocessors

The application runs on managed infrastructure chosen for reliability. Subprocessors that are central to delivery today include Clerk (authentication), Stripe (payments), Resend (email), and our database host for PostgreSQL. Advisors should review each vendor's documentation for regional hosting and certifications that matter to their compliance program.

Retention

We keep workspace and intake records for as long as the account is active and for a reasonable period afterward for backups, disputes, and legal obligations. Exact retention can evolve as the product adds export, archive, and deletion tools. Contact us if you need a workspace-level deletion request.

Security

We use industry common controls: encrypted transport (HTTPS), access controls tied to authenticated sessions, tenant scoping for workspace data, and least-privilege practices in development. No method of transmission or storage is perfectly secure. Advisors should use strong passwords, limit seats, and follow their own firm policies for client communications.

Your choices

You may access and update much of your profile data through the authentication provider's account experience. For intake records, use in-product tools where available, or contact us for assistance. Depending on your region, you may have additional privacy rights. We will respond in line with applicable law.

Children

The service is directed at businesses and adults. We do not knowingly collect information from children under 13 (or the age required in your jurisdiction) for consumer purposes.

International users

If you access the service from outside the United States, your information may be processed in the United States or other regions where our subprocessors operate.

Changes

We may update this policy from time to time. We will post the new date at the top and, when the change is material, provide additional notice through the product or email where appropriate.

Contact

Questions about privacy: use the contact form at /contact with "Privacy" in the subject line.