Skip to content
Retirology Buy

Privacy statement

Privacy

Last updated: 2026-05-09

Retirology is a desktop application. It runs entirely on your computer. We don't operate servers that store your financial data, because there is no transmission to a server in the first place. This page explains exactly what that means in practice, what the single network request the app makes does, and what to do if you find anything that contradicts this statement.

Summary

  • Every input you enter — accounts, balances, salaries, scenarios — lives on your machine in a single SQLite file.
  • The app makes one network request, once per launch: a fetch of https://retirology.app/version.json to check for updates. It sends nothing about you.
  • There are no user accounts, no telemetry, no analytics, no crash reporting, no third-party SDKs. Not in the app, not on this website.
  • The source code is published. You can read it, audit it, or compile your own binary from it.

Where your data lives

Your plan, your accounts, your assumptions — everything you enter — is stored in a single SQLite database on your local disk. The app reads and writes to that one file; nothing goes anywhere else.

  • macOS: ~/Library/Application Support/Retirology/retirology.db
  • Windows: %APPDATA%\Retirology\retirology.db
  • Linux: ~/.config/Retirology/retirology.db

You own the file. Back it up, copy it between machines, encrypt it at the disk level, or delete it — none of that requires us, and none of it touches a server.

The one network request

Once per launch the app fetches https://retirology.app/version.json — a static JSON file describing the latest released version. The fetch is a plain HTTPS GET. It contains:

  • A standard User-Agent header (the HTTP client's default).
  • The URL above.

It does not contain:

  • Your name, email, license key, or any account identifier.
  • Your installed version, OS, locale, screen size, or hardware specs.
  • Any plan data, account balances, or anything you've entered.
  • A unique device ID, install ID, or session ID generated by us.

The response is the same static file every user gets. The app compares the version string to its own and, if a newer one exists, displays a banner pointing at the download page or the customer portal — but it never downloads or installs anything automatically.

If the fetch fails (offline, firewall, ad blocker, our domain unreachable), the app continues normally. The update check is a courtesy, not a requirement.

If you'd rather it didn't happen at all, you can block retirology.app at the firewall or hosts level. The app keeps working.

No accounts

There is no Retirology account, no sign-up, no login. You buy a copy through Lemon Squeezy (our payments processor) and download the binary. The app launches and works.

The only personal information involved in the purchase is what Lemon Squeezy needs to process payment and email you a receipt. That data is held by them, not us — see the Lemon Squeezy privacy policy. We can see your name, email, and order details in the merchant dashboard for support purposes, and we delete records on request.

No telemetry, analytics, or crash reporting

The app contains no analytics SDK (no Google Analytics, no Mixpanel, no PostHog, no Amplitude). No crash-reporting SDK (no Sentry, no Bugsnag, no Crashlytics). No A/B testing. No feature flags fetched from a remote service. No remote logging. No "anonymous usage statistics" with any opt-in checkbox, because none of that infrastructure exists in the codebase.

This website is the same. No tracking pixels. No analytics scripts. No cookies. The only third-party assets it loads are Tailwind from a CDN, the Inter web font from Google Fonts, and the Lemon Squeezy checkout overlay (which only initializes when you click a Buy button).

What about the bundled historical dataset?

The Monte Carlo bootstrap mode draws from a 1928–2024 dataset of S&P 500, 10-year Treasury, T-bill, and CPI returns. That dataset ships with the application as a static file. It's read locally; the app never fetches market data from a network source at runtime.

Build it yourself

If you'd rather verify what's running than trust this page, the source code is public:

You can grep the codebase for network calls (there's exactly one). You can rebuild your own binary and run that instead of ours. We'd rather you do that than use software you don't trust.

Children

Retirology is a financial planning tool intended for adults. We don't knowingly market it to anyone under 18. There's no account system, so no children's data is collected even in principle.

Changes to this statement

If the privacy posture of the app ever changes — e.g. a future version adds optional telemetry — that change will be (a) opt-in by default, (b) clearly described in the changelog and on this page, and (c) reflected in source code you can verify. The "last updated" date at the top of this page tracks revisions.

How to file a privacy concern

Email retirology.app@gmail.com with the subject line "Privacy". Include what you observed and how to reproduce it. We treat anything that contradicts this statement as a serious bug.

Contact

Retirology — retirology.app@gmail.com