Security & privacy
Your data stays in Canada. Period.
TruePath is built for Canadians, by Canadians, with bank-grade security. No bank linking, ever. We do not sell your data, and we never will.
Three things we will never do
The honest list, first.
We never connect to your bank
No linking, no screen scraping, no Plaid, no third-party connectors. You enter your numbers yourself. We have no way to log into your accounts, even if we wanted to.
We never sell your data
Your information is not a product. We do not have advertisers. We do not run an analytics-for-sale business. We make money from your subscription. That is it.
We never share with third parties
Your numbers are not shared with banks, advisors, marketing partners or anyone else. The only people who see your data are the engineers who keep TruePath running.
How we protect you
Six pillars of TruePath security.
Canadian data residency
Your information is stored in Canada, in a Canadian-hosted database, governed by Canadian privacy law. It does not leave the country.
Encrypted at rest
All stored data is encrypted using AES-256, the same standard banks use. Even our own engineers cannot read it without authenticated access.
Encrypted in transit
Every connection uses TLS 1.3. Nothing leaves your browser unencrypted. Your numbers are protected on the way to us, and on the way back.
Strong authentication
Passwords are hashed with bcrypt and never stored in plain text. Session tokens are short-lived and expire automatically on sign-out.
Privacy-first by design
We designed TruePath around the principles in Canada's federal privacy law (PIPEDA): collecting only what we need, storing it securely and giving you full control over your own data.
Row-level data isolation
Your data is locked to your account at the database level. No other TruePath user can access it, not through a setting, not through a bug. It is built into how the system works.
Data policy
Your data, your control.
We collect what we need to make a plan
Your name, email, account credentials, and the financial numbers you enter. That is it. We do not collect your SIN, banking details or anything beyond what is needed.
You can delete your account any time
Account deletion is a single click from settings. Your data is permanently removed within 30 days, with no copy retained beyond legal requirements.
You can export your plan any time
PDF export is always available while your subscription is active. Export anytime to keep a copy of your plan, including right before you cancel.
Security questions
Honest answers.
Why don't you connect to my bank like other apps?
Bank linking through aggregators creates a copy of your credentials and a long-term security risk. It is also unnecessary for retirement planning, where ballpark balances are enough. We chose to build a tool that works without ever needing your login. Less risk for you, less risk for us, simpler all around.
Where is my data physically stored?
In Canadian-hosted data centres, governed by Canadian privacy law. Your data does not cross the border to be processed.
What happens if you go out of business?
You can export your plan as a PDF any time, including before that day. We also commit to 60 days of read-only access in any wind-down scenario, so you always have time to retrieve your data.
Do you use my data to train AI models?
No. The Ask TruePath feature uses your plan numbers to give you a personalised answer in real time, but your data is not used to train any model.
Is two-factor authentication available?
Yes. Two-factor authentication using an authenticator app (Google Authenticator, Authy, 1Password and similar) is available in Settings, Security. We do not require it at signup so it never adds friction, but we strongly encourage every Canadian planning their retirement to turn it on. You will get ten one-time recovery codes during setup in case you lose your phone.
What if I forget my password?
A standard reset email returns you to your account. Your data is encrypted but recoverable on a successful reset, because we want planning tools to be usable, not user-hostile.
Your retirement plan, kept current as life changes.
Fourteen days free. Start fast. Keep refining as your real life moves. Cancel any time before the trial ends and you pay nothing.