Retirement Operating System™ (ROS™) is designed with a privacy-first architecture. Understanding how data flows through the application is important before you decide how to use it.

• Your complete financial plan (account balances, income, Social Security, retirement dates, spending targets)
• All tax calculations and projections
• Your yield history and portfolio snapshots
• Your AI API keys (stored only in browser localStorage)

None of this data is transmitted to any server by the ROS™ application.

If you use the cloud AI assistant (Claude, Gemini, or Groq), your financial plan data — including account balances, income figures, and tax results — is included in the prompt sent to the AI provider. This is necessary for the AI to give you relevant, personalized analysis.

If this is a concern, use the local Ollama option (Settings → AI Configuration → Local Mode). Ollama runs on your own hardware and makes zero external network calls.

1. React 18 and Chart.js — loaded from cdnjs.cloudflare.com on first open. These are standard open-source libraries. No financial data is sent.

2. Yahoo Finance API — used to fetch trailing dividend yields for ETFs when you click "Fetch Live Yields" in the Yields tab. No authentication is required; no financial data is sent. Only ticker symbols are transmitted.

3. FRED API (Federal Reserve) — used to fetch Treasury yield curve data. Requires a free API key (your key is stored locally, not sent to any ROS™ server because there is no ROS™ server). Only the API key and series identifiers are transmitted.

This is a client-side-only application with no server component. There are no authentication systems, no databases, and no server-side secrets to protect.

However, if you identify a security concern — such as a way the application could unintentionally transmit data to an unexpected destination, or a vulnerability in how API keys are stored — please report it by opening a GitHub Issue tagged "security".

If the concern is particularly sensitive, you may describe it at a high level in the public issue and offer to provide details through a private channel.

This application handles sensitive personal financial data. Users are responsible for:

1. Keeping the HTML file in a secure location (not a shared folder or cloud sync that others can access)
2. Being aware that browser localStorage is accessible to any JavaScript running in the same browser origin
3. Choosing appropriate AI providers for their privacy requirements
4. Not sharing screenshots or exports that reveal personal financial details

© 2026 Faiyaz Haider. All rights reserved.