HomePrivacy Policy

Privacy Policy

Your data belongs to you. This policy explains exactly what we collect, how it is stored, and how you can delete it.

Last UpdatedApril 17, 2026

Overview

RetireCiv is designed from the ground up with privacy as a default — not an afterthought. This Privacy Policy describes how RetireCiv (“we,” “us,” or “our”) handles information when you use our federal retirement calculator.

The short version: all of your retirement calculator data is stored locally in your own web browser — not on our servers and not in any database we operate. Your inputs never leave your device unless you explicitly export them. We have no ability to see, access, or recover your retirement data, and we do not sell or share personal financial information with third parties.

Your retirement inputs live in your browser’s local storage on this device only. Clearing your browser data, switching devices, or using a different browser will remove access to that data — there is no server-side copy.

Data We Collect

We collect only what is necessary to operate and improve the Service. This falls into three categories:

Account Data

An account is required to use RetireCiv. We collect your email address for authentication and, for paid plans, billing information for payment processing. We do not store full payment card details.

Retirement Calculator Data

Retirement inputs you enter — including service history, salary, TSP balances, and benefit elections — are stored exclusively in your browser’s local storage on your own device. This data is never transmitted to RetireCiv, never written to any database we operate, and is not accessible to us.

Subscription & Billing Status

For paid accounts, we store your subscription tier (free or Pro) and a Stripe customer token so we can verify your access level when you log in. Raw card details are never stored by RetireCiv.

How Your Data Is Stored

Your retirement data is stored locally in your own web browser using the browser’s built-in localStorage API. It is not transmitted to RetireCiv, and we do not operate any database that holds your retirement inputs or results.

  • All calculator inputs persist only on the device and browser where you entered them
  • No RetireCiv server, database, or backend system ever receives your retirement data
  • Because the data is local, RetireCiv has no ability to view, export, or recover it on your behalf
  • Clearing your browser’s site data, using private/incognito mode, or switching devices will remove or hide your saved inputs
  • Data is never shared with or sold to third parties — there is nothing on our side to share

You can export a copy of your data to a file at any time, delete it from your browser by clearing site data, or re-import a previously exported file to resume your analysis on another device.

Third-Party Processors

RetireCiv uses two trusted third-party processors. Your retirement calculator data is not shared with either of them — it stays in your browser.

Authentication Provider

SOC 2 Type 2

We use Supabase to manage user accounts and login sessions. Supabase stores your email address, subscription status, and session tokens — not your retirement calculator data, which remains in your browser.

  • SOC 2 Type 2 certified — independently audited annually
  • AES-256 encryption at rest; TLS encryption in transit
  • Hosted on AWS; data does not leave the selected region
  • Retirement inputs are never written to Supabase

Payment Processing

PCI DSS Level 1

When you enter payment information, it is sent directly from your browser to our payment processor — it never passes through RetireCiv's servers. RetireCiv stores only a non-sensitive token (card brand, last four digits, expiration) returned by the payment processor.

  • PCI DSS Level 1 Service Provider — the highest certification tier in the payments industry
  • SOC 1 Type II, SOC 2 Type II, and ISO 27001 certified
  • AES-256 encryption at rest; TLS 1.2+ in transit
  • Card numbers are tokenized and stored exclusively in the payment processor's isolated environment
  • RetireCiv never receives, processes, or stores raw card numbers

Data We Do Not Collect

We want to be explicit about what we do not collect:

  • Your name, Social Security number, or federal employee ID
  • Your agency, department, or specific position details
  • Salary or TSP data beyond what you explicitly enter into the calculator
  • Location data, device identifiers, or biometric data
  • Behavioral tracking data linked to your identity
  • Information from third-party social logins or data brokers

Cookies & Analytics

RetireCiv uses a minimal cookie footprint. We do not use advertising cookies or cross-site trackers.

  • Essential cookies: Required for the Service to function, including maintaining your authenticated session. Cannot be disabled.
  • Analytics cookies: We use Google Analytics 4 to measure aggregate site usage — pages viewed, traffic sources, device categories. IP addresses are anonymized at collection. Calculator inputs (your wizard data, scenarios, TSP balances, salary, and any other figures you enter) are NEVER sent to Google or any analytics service. Only standard URL paths and browser metadata are reported. Cookies set by Google Analytics include _ga and _ga_*.
  • No advertising cookies: We do not run advertising networks or retargeting campaigns, and we do not share data with advertisers.

You can control cookie behavior through your browser settings. Disabling essential cookies will prevent you from staying logged in to your account. To opt out of Google Analytics specifically, install the official Google Analytics opt-out browser add-on, or block third-party cookies and scripts in your browser. Disabling analytics has no effect on the calculator’s functionality.

Your Rights

You have the following rights regarding your data:

Access

All of your saved retirement data is visible in the app whenever you open it in the browser where you entered it — it lives on your device, not on our servers.

Export

Export a complete copy of your retirement data to a file at any time. Data is provided in a standard file format you can save, back up, or move between devices.

Re-import

Resume your analysis on any device by re-importing a previously exported data file. Your full analysis and inputs will be restored into that browser’s local storage.

Deletion

Because your retirement data is stored only in your browser, you can delete it by clearing site data for retireciv.com in your browser settings. Deletion is immediate and irreversible — we hold no backup copy.

Correction

All calculator inputs are fully editable within the app. Simply update any field and recalculate.

Objection

You can opt out of Google Analytics measurement by installing the official Google Analytics opt-out browser add-on or by blocking third-party cookies and scripts. Calculator inputs are never sent to analytics services regardless of your opt-out choice.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, the “Last Updated” date at the top of this page will be revised.

Continued use of the Service after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

Material changes — particularly those affecting how personal data is collected or shared — will be communicated through a notice on the Service at least 14 days before taking effect.

Contact

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us:

RetireCiv Support

We typically respond within 2 business days.

support@retireciv.com