Skip to content
TIO2Tech
Open Magellan Start a project
Legal · Privacy

Privacy Policy

How Magellan collects, uses, and protects your information. We believe in full transparency — this page explains exactly what data we handle and why.

Last updated: April 12, 2026  ·  Effective: April 12, 2026

1. Overview

Magellan Cash Flow Forecaster ("Magellan," "we," "us," or "our") is an AI-powered financial forecasting application developed and operated by TIO2Tech (Tania I. Ortiz Inc.). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use Magellan at magellan.tio2tech.com or our mobile applications.

By using Magellan, you agree to this policy. If you do not agree, please discontinue use.

Plain English: We collect only what we need to run the app. We never sell your financial data. Our AI uses your numbers only to generate your forecast — nothing else.

2. Data We Collect

Account information

When you create an account we collect your email address, a hashed password (never stored in plaintext), and account timestamps. Authentication is handled via Supabase Auth (SOC 2 Type II certified).

Financial forecast data

To provide the service we store the data you enter: starting cash balance, income sources, expense items, saved scenario names, and forecast history. This data is never shared, sold, or used for advertising.

Usage and technical data

We automatically collect limited technical data to keep the app running: browser type, device type, OS, pages and features used, error logs, and IP address (security only).

Subscription and billing data

Payments are processed entirely by Stripe. We never store card numbers or CVV — only subscription status, dates, and a Stripe Customer ID reference.

No credit card data stored No plaintext passwords SOC 2 compliant infrastructure

3. AI Features & Data Processing

Magellan uses Google Gemini 2.5 Flash to generate AI-powered cash flow insights.

What data is sent to the AI

When you request AI insights, we send your anonymized forecast numbers — income totals, expense totals, monthly balances, and the 6-month projection summary. No personally identifiable information (name, email) is included in AI requests.

Important: AI requests are sent to Google's Gemini API. Google's data processing terms apply to data in transit. We use the API with data logging disabled where available. Google Privacy Policy →

  • AI-generated insights are not stored permanently — generated on demand only
  • We do not use your data to train AI models
  • Previous AI responses are not retained after your session

AI limitations

Magellan's AI insights are for informational and planning purposes only. They do not constitute financial advice. Always consult a qualified financial professional before making significant business decisions.

4. How We Use Your Data

  • Provide the service — generate forecasts, save scenarios, display your runway chart
  • Authenticate your account and protect your data
  • Process payments and manage your subscription via Stripe
  • Deliver AI insights by sending anonymized data to Google Gemini
  • Improve the product using aggregated, anonymized usage patterns
  • Send transactional emails — account confirmation, password resets, receipts
  • Prevent fraud and protect the platform from unauthorized activity

We do not use your data to serve advertisements, sell to third parties, or build marketing profiles.

5. Data Sharing & Third Parties

We share data only with the following trusted providers, and only as necessary to operate Magellan:

Supabase

Our database and authentication provider — SOC 2 Type II certified. Stores your account and forecast data. Supabase Privacy Policy →

Stripe

Our payment processor — PCI DSS Level 1 certified. Handles all subscription billing. Stripe Privacy Policy →

Google Gemini

Processes anonymized forecast data to generate AI insights. Google Privacy Policy →

Vercel

Our web hosting platform. Processes request metadata for routing and security. Vercel Privacy Policy →

We do not sell, rent, or trade your personal information to any third party.

6. Storage & Security

Your data is stored on Supabase's AWS infrastructure in the United States. Security measures include TLS 1.2+ encryption in transit, bcrypt password hashing, role-based access control, and row-level security ensuring users can only access their own data.

If you discover a security vulnerability, contact inquiry@tio2tech.com immediately.

Data retention

We retain your data while your account is active. Deleted accounts are permanently purged within 30 days, except where legally required.

7. Payments & Subscriptions

Magellan charges $10/month via Stripe. You can cancel anytime from the billing portal — cancellation stops future charges immediately and you retain access until the end of your billing period. TIO2Tech never has access to your full card number.

For billing questions contact inquiry@tio2tech.com.

8. Your Rights & Choices

Access and portability

Request a copy of your personal data by emailing inquiry@tio2tech.com. We respond within 30 days.

Correction & deletion

Update your email in account settings or contact us for other corrections. Delete your account from settings — all data is purged within 30 days.

California residents (CCPA)

You have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. Contact inquiry@tio2tech.com to exercise your rights.

European residents (GDPR)

You have rights to access, rectify, erase, restrict processing, and data portability under GDPR. Our legal basis is contract performance and legitimate interests. Contact inquiry@tio2tech.com.

9. Children's Privacy

Magellan is intended for adults aged 18 and older. We do not knowingly collect data from children under 13 (or 16 in the EEA). Contact us immediately if you believe a child has provided personal information.

10. Policy Changes

When we make material changes we will update the date at the top of this page, send an email notification to registered users, and display an in-app notice for 30 days. Continued use after changes constitutes acceptance.

11. Contact Us

Questions, concerns, or data requests:

TIO2Tech — Privacy

Tania I. Ortiz Inc.
Email: inquiry@tio2tech.com
Website: tio2tech.com

We aim to respond to all privacy inquiries within 5 business days.