Privacy Policy

ExitAge (ABN 63 495 763 422) (“ExitAge”, “we”, “us”, or “our”) is committed to protecting your personal information. This Privacy Policy explains what information we collect, why we collect it, how we use it, who we share it with, and what rights you have. It applies to all users of the ExitAge platform at exitage.com and any associated services.

1. Who We Are & How to Contact Us

ExitAge is the data controller (or equivalent under applicable law) in respect of the personal information we collect from you.

Privacy Officer:

• Email: corporate@exit-age.com

We aim to respond to all privacy enquiries within 30 days.

2. What Personal Information We Collect

2.1 Information You Provide Directly

When you register for an account or use our Platform, we may collect:

• Identity information: name, date of birth, age range
• Contact information: email address, country of residence
• Account credentials: username and encrypted password
• Financial planning inputs: current income, savings, superannuation/pension balance, target retirement age, expected retirement income — entered by you into the calculator
• Payment information: billing address and payment card details (processed by our third-party payment provider; we do not store full card numbers)
• Communications: any messages or feedback you send us

2.2 Information We Collect Automatically

When you access the Platform, we automatically collect:

• Device and browser information: IP address, browser type and version, operating system, device type
• Usage data: pages visited, features used, time spent, clicks, session duration
• Log data: access timestamps, error logs, referring URLs
• Cookie data: as described in Section 9 below

2.3 Information From Third Parties

We may receive limited information from:

• Payment processors: transaction confirmation and billing details
• Analytics providers: aggregated and anonymised usage statistics
• App stores or partner platforms: if you access ExitAge via a third-party channel

2.4 Special Category Data

We do not intentionally collect sensitive or special category data (such as health, racial origin, or political opinions). Please do not enter such information into the Platform.

3. Why We Collect Your Information — Purposes & Legal Bases

Providing the Platform & your Subscription

Data used: Identity, contact, financial planning inputs, payment information.
Legal basis: Contract performance (AU: legitimate interest / contractual necessity; UK/EU: Article 6(1)(b) GDPR; US: contractual necessity).

Processing payments & managing your Subscription

Data used: Identity, contact, payment information.
Legal basis: Contract performance and legal obligation (AU: contractual necessity; UK/EU: Article 6(1)(b) and (c) GDPR; US: contractual necessity).

Improving the Platform & user experience

Data used: Usage data, log data, cookie data (aggregated/anonymised where possible).
Legal basis: Legitimate interests (AU: legitimate interest; UK/EU: Article 6(1)(f) GDPR — our interest in improving our product, balanced against your rights; US: legitimate business interest).

Customer support & communications

Data used: Identity, contact, communications.
Legal basis: Contract performance and legitimate interests (UK/EU: Article 6(1)(b) and (f) GDPR).

Sending service notices & renewal reminders

Data used: Identity, contact information.
Legal basis: Contract performance and legal obligation (UK/EU: Article 6(1)(b) GDPR).

Marketing & promotional communications (opt-in only)

Data used: Name, email address.
Legal basis: Consent (AU: Spam Act 2003; UK/EU: Article 6(1)(a) GDPR and ePrivacy Directive; US: CAN-SPAM Act). You may opt out at any time.

Complying with legal obligations

Data used: Any data as required by law.
Legal basis: Legal obligation (AU: various; UK/EU: Article 6(1)(c) GDPR; US: applicable federal and state law).

Fraud prevention & platform security

Data used: Identity, device/usage data, IP address.
Legal basis: Legitimate interests and legal obligation (UK/EU: Article 6(1)(f) and (c) GDPR).

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

4.1 Service Providers

Trusted third-party vendors who process data on our behalf, under strict contractual obligations, including:

• Payment processors (e.g., Stripe) — for billing and subscription management
• Cloud hosting providers — for Platform infrastructure and data storage
• Analytics providers — for aggregated Platform performance analysis
• Email service providers — for transactional and service emails
• Customer support tools — for managing support enquiries

4.2 Legal & Regulatory Disclosures

We may disclose your information where required by law, court order, or regulatory authority, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of ExitAge, our users, or the public.

4.3 Business Transfers

If ExitAge is involved in a merger, acquisition, asset sale, or restructuring, your personal information may be transferred to the successor entity. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties where you have given us explicit consent to do so.

4.5 Aggregated & De-identified Data

We may share aggregated, de-identified data that cannot reasonably identify you, for research, benchmarking, or business development purposes.

5. International Data Transfers

ExitAge is headquartered in Australia. Your personal information may be stored and processed in countries outside your jurisdiction, including Australia, the United States, and other countries where our service providers operate.

For users in the UK and EU, where we transfer your personal information outside the UK/EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission or UK Information Commissioner's Office;
• adequacy decisions where applicable; or
• other lawful transfer mechanisms as permitted under the UK GDPR and EU GDPR.

For Australian users, we comply with Australian Privacy Principle 8 regarding cross-border disclosure of personal information.

For US users, transfers are made in accordance with applicable state and federal law.

6. Data Retention

We retain your personal information only for as long as necessary for the purposes for which it was collected, and to comply with our legal obligations. Our general retention periods are:

• Account and Subscription data: retained for the duration of your Subscription and for 7 years thereafter (for tax and legal compliance purposes).
• Financial planning inputs (calculator data): retained for the duration of your Subscription. You may delete this data at any time via your account settings.
• Payment records: retained for 7 years in accordance with financial recordkeeping obligations.
• Marketing consent records: retained until you withdraw consent, and for 3 years thereafter.
• Support communications: retained for 3 years from the date of resolution.
• Usage and log data: retained for up to 12 months, then aggregated or deleted.

When personal information is no longer required, we securely delete or anonymise it.

7. Your Privacy Rights

7.1 Rights Available to All Users

Regardless of your location, you have the right to:

• access the personal information we hold about you;
• correct inaccurate or incomplete information;
• request deletion of your personal information (subject to legal retention requirements);
• opt out of marketing communications at any time; and
• lodge a complaint with a relevant privacy regulator.

7.2 Additional Rights for EU & UK Users (GDPR)

If you are located in the EU or UK, you also have the right to:

• Restriction of processing: request that we limit how we use your data in certain circumstances;
• Data portability: receive your personal information in a structured, machine-readable format;
• Object to processing: object to processing based on legitimate interests or for direct marketing;
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior lawful processing; and
• Rights related to automated decision-making: not be subject to a decision based solely on automated processing that significantly affects you. ExitAge does not currently use automated decision-making of this nature.

EU users may lodge a complaint with their national supervisory authority. UK users may contact the Information Commissioner's Office (ICO) at ico.org.uk.

7.3 Rights for Australian Users

Australian users may make a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have interfered with your privacy.

7.4 Rights for US Users (California & Other States)

California residents have rights under the California Consumer Privacy Act (CCPA), including:

• the right to know what personal information we collect, use, disclose, and sell;
• the right to delete personal information we hold (subject to exceptions);
• the right to opt out of the sale of personal information (we do not sell personal information); and
• the right to non-discrimination for exercising your rights.

Other US state privacy rights (Virginia, Colorado, Connecticut, Texas, etc.) are honoured as applicable.

7.5 How to Exercise Your Rights

To exercise any of the above rights, please contact us at corporate@exit-age.com. We may require verification of your identity before processing your request. We will respond within 30 days (or within the timeframe required by applicable law).

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These measures include:

• encryption of data in transit (TLS/HTTPS) and at rest;
• access controls and authentication requirements for our systems;
• regular security assessments and vulnerability testing;
• staff training on data protection and privacy obligations; and
• incident response procedures in the event of a data breach.

In the event of a data breach that is likely to result in a risk to your rights and freedoms (UK/EU) or that meets the notifiable data breach threshold (Australia), we will notify you and the relevant regulatory authority as required by law.

No method of electronic transmission or storage is 100% secure. Whilst we use commercially reasonable measures, we cannot guarantee absolute security.

9. Cookies & Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our Platform.

9.2 Types of Cookies We Use

We use two categories of cookies: strictly necessary cookies required for the Platform to function, and — with your consent — analytics and advertising cookies used to measure the effectiveness of our advertising.

Strictly necessary cookies cannot be disabled without breaking core functionality of the Platform. Analytics and advertising cookies are only placed after you give your consent via the cookie banner.

9.3 Managing Cookies

When you first visit the Platform, a cookie banner will ask for your consent to analytics and advertising cookies. You may accept or decline. You can change your preference at any time by clicking the “Cookie Preferences” link in the banner or by contacting us at corporate@exit-age.com.

You may also block or delete cookies through your browser settings. Blocking strictly necessary cookies will prevent you from signing in or using the Platform.

For EU and UK users, analytics and advertising cookies are placed only on the basis of your explicit consent (UK/EU GDPR Article 6(1)(a) and the ePrivacy Directive). You may withdraw consent at any time without affecting prior lawful processing.

10. Children's Privacy

The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information without parental consent, please contact us at corporate@exit-age.com and we will take steps to delete that information promptly.

11. Third-Party Links & Services

The Platform may contain links to third-party websites, tools, or services. This Privacy Policy applies only to ExitAge. We are not responsible for the privacy practices or content of any third-party site. We encourage you to review the privacy policy of any third-party service you access.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where changes are material, we will notify you by email at least 30 days before the changes take effect. The updated policy will be published at exitage.com/privacy with the revised effective date.

Continued use of the Platform after the effective date of a revised Privacy Policy constitutes acceptance of the updated policy.

13. Complaints

If you have a concern about how we have handled your personal information, please contact our Privacy Officer at corporate@exit-age.com in the first instance. We will acknowledge your complaint within 5 business days and respond substantively within 30 days.

If you are not satisfied with our response, you may escalate your complaint to the relevant authority:

• Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
• United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
• European Union: your national data protection authority (e.g., CNIL in France, BfDI in Germany)
• United States: Federal Trade Commission (FTC) — ftc.gov, or your applicable state Attorney General

14. Contact Us

For all privacy-related enquiries:

ExitAge — Privacy Officer
Email: corporate@exit-age.com
General enquiries: corporate@exit-age.com
Website: exit-age.com/privacy
Registered in Australia (ABN 63 495 763 422)

© 2026 ExitAge. All rights reserved.