Get In Touch

PRIVACY STATEMENT

Last Updated: January 15, 2026

At Smooth 401k, we value the trust you place in us. This Privacy Statement explains how we collect, use, protect, and share your personal information across our website and services. As a financial institution, our practices are governed by both federal law (the Gramm-Leach-Bliley Act) and applicable state privacy laws.

1. Information We Collect

We collect “Nonpublic Personal Information” (NPI) and “Personal Information” (PI) to provide retirement advisory and account management services. This includes:

  • Identifiers: Name, alias, postal address, email, Social Security number (SSN), and IP address.

  • Financial Information: Bank account numbers, 401(k) balance details, contribution history, and income information.

  • Protected Characteristics: Age, citizenship status, or marital status (as required for retirement planning).

  • Internet Activity: Browsing history and interactions with our website/app via cookies or similar technologies.

2. How We Use Your Information

We use your data for “Business Purposes” only, including:

  • Providing Services: Managing your 401(k) accounts and executing trades.

  • Security: Detecting and preventing identity theft or fraudulent transactions.

  • Compliance: Meeting legal obligations under the Department of Labor (DOL) and SEC regulations.

  • Communication: Sending account statements, tax forms, and service updates.

3. Sharing and Disclosure

Smooth 401k does not sell your personal information to third parties. We share information only as follows:

  • Service Providers: With recordkeepers, custodians, and IT providers who assist in managing your account. These parties are contractually prohibited from using your data for any other purpose.

  • Affiliates: We may share information with our corporate affiliates for everyday business purposes.

  • Legal Necessity: To respond to subpoenas, court orders, or government audits.

4. State-Specific Privacy Rights

Depending on where you reside (e.g., California, Virginia, Colorado, Connecticut, Utah, etc.), you may have the following rights:

  • Right to Know/Access: Request a list of the categories and specific pieces of data we have collected about you.

  • Right to Deletion: Request that we delete your personal information (subject to certain financial record-keeping legal exemptions).

  • Right to Correct: Request that we fix inaccurate personal data.

  • Right to Opt-Out of Targeted Advertising: You can opt-out of the “sharing” of your data for cross-contextual behavioral advertising.

  • Right to Limit Use of Sensitive Personal Information: You can request that we limit the use of sensitive data (like your SSN) to only what is necessary to provide the service.

California Residents (CCPA/CPRA)

Under California law, we must disclose that we have collected the categories of information listed in Section 1 in the last 12 months. We do not “sell” or “share” (for targeted ads) the personal information of minors.

5. Security of Your Information

We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your NPI. This includes multi-factor authentication (MFA), encryption of data at rest and in transit, and regular security audits.

6. How to Exercise Your Rights

To submit a request to access, delete, or correct your data, please contact us via:

  • Toll-Free Phone: (440) 505-5678

  • Email: info@smooth401k.com

  • Online Form: smooth401k.com/contact-us/

We will verify your identity before processing any request to protect your security.

Note to Smooth 401k: This statement should be linked in your website footer and provided to new clients during the onboarding process to satisfy the “Initial Privacy Notice” requirement under the GLBA.

Would you like me to draft a “Notice at Collection” banner specifically for your website’s homepage to comply with California’s immediate disclosure rules?