A privacy audit workflow for local calculator execution, browser storage, sharing, analytics, health checks, and AI request boundaries. It keeps personal financial assumptions under user control.
5 data areas14 checks
Local Calculation Boundary
Verify calculator math runs in the browser and does not require uploading financial inputs.
3 checks
Confirm calculator runs locally
Change all calculator inputs with the network panel open and confirm no calculation request is sent.
Browser memoryNetwork trace
Inspect result recalculation path
Confirm result cards, warnings, charts, and tables update from client-side state.
Browser memoryCode review note
Verify no server persistence
Confirm there is no database write for raw conversion amount, income, basis, or account balance.
Browser memoryArchitecture note
Browser Storage
Make local convenience features transparent and bounded.
3 checks
Review localStorage contents
Inspect saved scenario data and confirm it stays in the user's browser.
localStorageStorage screenshot
Confirm clear local data path
Use the reset or clear path and verify cached calculator inputs are removed.
localStorageManual QA note
Avoid sensitive identifiers
Confirm storage never asks for or stores SSNs, account numbers, names, email addresses, or full tax returns.
localStoragePrivacy review note
Sharing and Export
Keep user-controlled sharing explicit and visible.
3 checks
Inspect share-link parameters
Generate a share link and confirm encoded parameters are placed in the URL hash rather than silently uploaded.
URL hashShare link sample
Review PDF report contents
Confirm PDF exports contain user-selected inputs, results, methodology notes, and the required disclaimer.
Downloaded PDFPDF sample
Check copy-summary wording
Confirm copied summaries include educational framing and do not imply professional advice.
ClipboardClipboard sample
Analytics and Monitoring
Measure product use without collecting exact personal financial inputs.
2 checks
Verify privacy-safe GA4 events
Confirm analytics use ranges, completion signals, or feature events rather than exact conversion amounts.
GA4 event rangesGA4 debug view
Review health endpoint payload
Confirm /api/health exposes only public operational metadata and no user data.
Public health JSONHealth payload
AI API Boundary
Keep AI explanations useful while blocking sensitive data and preserving no-advice rules.
3 checks
Block sensitive data before AI requests
Send prompts containing SSNs, account numbers, or personal identifiers and confirm they are blocked or sanitized.
Serverless AI routeAI guardrail test
Review AI request payload
Confirm AI payloads contain only the minimum calculator context needed for educational explanation.
Serverless AI routePayload review
Confirm AI fallback privacy
Simulate provider failure and confirm fallback responses do not leak prompts, stack traces, or secrets.
Serverless AI routeFallback test
Data Surfaces
Browser memorylocalStorageURL hashDownloaded PDFClipboardGA4 event rangesPublic health JSONServerless AI route
This Roth Conversion Calculator is for educational and illustrative purposes only. It does NOT constitute tax, financial, legal, or investment advice. The calculation results are based on the information you provide and the latest IRS tax rules, which are subject to change. We do not guarantee the accuracy of the results. Please consult a licensed Certified Public Accountant (CPA), financial advisor, or tax professional before making any financial decisions.