Stochaven

Privacy Policy

Stochaven LLC  ·  Effective Date: May 1, 2026  ·  Last Updated: May 29, 2026

1. Introduction

Stochaven LLC ("Stochaven," "we," "our," or "us") operates stochaven.com and provides a retirement financial planning tool available to any individual planning for retirement, with dedicated support for modeling Federal Employees Retirement System (FERS) pension benefits. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

We do not sell, rent, or share your personal information or financial planning data with advertisers or data brokers — ever.

Please read this policy carefully. If you disagree with its terms, please discontinue use of our services.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use Stochaven, you may provide:

  • Account information — email address, collected via email authentication (passwordless sign-in)
  • Financial planning inputs — retirement age, account balances, income stream details (Social Security, pension, W-2, other income), spending estimates, and savings assumptions
  • Federal employment data — FERS retirement type, years of service, High-3 average salary, survivor benefit elections, and related inputs, if applicable
  • Scenario data — named projection scenarios and the inputs associated with each

We do not collect Social Security numbers, bank account numbers, brokerage account credentials, or any credentials that provide access to external financial accounts.

2.2 Information Collected Automatically

When you use our services, we may automatically collect:

  • Usage data — pages visited, features used, session duration, and interaction patterns
  • Device and browser information — browser type and version, operating system, and IP address
  • Log data — server logs, error reports, and performance data

2.3 Information from Third Parties

We do not use third-party identity providers for authentication. We do not receive information about you from any external service unless you explicitly initiate such a connection in the future.

2.4 Cookies and Session Data

We use session cookies to maintain your authenticated state. These cookies are set by our authentication provider (Supabase) and are necessary for the Service to function. They do not track you across third-party sites and are deleted when your session ends or when you sign out. We do not use advertising cookies or third-party tracking cookies.

3. How We Use Your Information

We use the information we collect to:

  • Provide the service — store your profile, run retirement projections, and save scenarios
  • Maintain and improve the service — diagnose errors, improve performance, and develop new features
  • Communicate with you — send account-related notices, respond to support inquiries, and notify you of material updates to the service or this policy
  • Ensure security — detect and prevent fraud, unauthorized access, and abuse
  • Comply with legal obligations — respond to lawful requests from government authorities and meet applicable regulatory requirements

We do not use your financial inputs to provide personalized investment advice, and we do not sell, rent, or share your financial planning data with advertisers or data brokers.

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We use a limited number of third-party service providers to operate Stochaven:

  • Supabase — database hosting and authentication (United States)
  • Vercel — application hosting and deployment (United States)
  • Resend — transactional email delivery (United States)

These providers are contractually obligated to use your information only as directed by us and in accordance with this policy.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in good-faith belief that such disclosure is necessary to comply with a legal obligation, protect our rights or property, prevent fraud or illegal activity, or protect the safety of users or the public.

4.3 Business Transfers

If Stochaven is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website prior to such a transfer.

5. Data Retention

We retain your account information and financial planning data for as long as your account is active or as needed to provide you with the service. If you delete your account, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal compliance purposes.

You may request deletion of your data at any time by contacting us at the address listed in Section 10.

6. Data Security

We implement technical and organizational safeguards designed to protect your information, including:

  • Data encrypted at rest using database-level encryption (AES-256)
  • Encrypted data transmission (TLS/HTTPS)
  • Row-level security on all database tables — your data is accessible only to your authenticated account
  • Server-side session verification on all projection requests
  • Environment variable controls that prevent sensitive credentials from being exposed client-side

No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your information, we will notify you as required by applicable law.

7. Your Rights and Choices

7.1 Account Information

You may update your account information at any time by logging into your account.

7.2 Data Deletion

You may request deletion of your account and associated data by contacting us. We will process your request within 30 days.

7.3 California Residents — CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — you may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purpose for collecting it, and the categories of third parties with whom we share it
  • Right to Delete — you may request deletion of personal information we have collected from you, subject to certain exceptions
  • Right to Opt Out of Sale — we do not sell personal information; this right does not apply
  • Right to Non-Discrimination — we will not discriminate against you for exercising any of your CCPA rights

To exercise your CCPA rights, contact us at the address in Section 10. We may need to verify your identity before processing your request.

7.4 Virginia Residents — CDPA Rights

If you are a Virginia resident, you have the following rights under the Virginia Consumer Data Protection Act (CDPA):

  • Right to Access — you may confirm whether we are processing your personal data and request access to it
  • Right to Correct — you may request correction of inaccurate personal data we hold about you
  • Right to Delete — you may request deletion of personal data we have collected from you
  • Right to Data Portability — you may request a copy of your personal data in a portable format
  • Right to Opt Out of Sale or Targeted Advertising — we do not sell personal data or use it for targeted advertising; these rights do not currently apply

To exercise your CDPA rights, contact us at the address in Section 10. We will respond within 45 days as required by Virginia law.

7.5 Do Not Track

Our services do not currently respond to browser Do Not Track signals. We do not use third-party tracking cookies or behavioral advertising. If we implement analytics or tracking in the future, we will update this policy accordingly.

7.6 Data Export

You may export your financial planning data at any time using the self-service export tool in your Account Settings. You may also request an export by contacting us at [email protected]; we will provide your data in a machine-readable format within 30 days. This right applies to all users, regardless of state of residence.

8. Children's Privacy

Stochaven is not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at the address in Section 10.

9. Third-Party Links

Our service may contain links to third-party websites or resources. This Privacy Policy does not apply to those sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Stochaven LLC
Email: [email protected]

We will respond to privacy-related inquiries within 30 days.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. For material changes, we will provide notice via email or a prominent notice within the service at least 14 days before the change takes effect. Continued use of the service after the effective date of a revised policy constitutes your acceptance of the updated terms.