Privacy Policy

Our Commitment to Your Privacy

At Occam's Model, operated by Occam's Model, Inc., a Delaware corporation, we take your privacy seriously. This policy explains what information we collect, how we use it, and your rights regarding your data.

Effective Date: November 20, 2025. Material changes to this policy will be communicated via email and will take effect 30 days after notification.

Children's Privacy (COPPA Compliance)

Age Requirement: You must be at least 16 years old to use our service.

• We do not knowingly collect personal information from children under 16
• If we discover that a child under 16 has created an account, we will immediately delete it
• Parents or guardians who believe their child has provided us with information should contact us at privacy@occamsmodel.com

Information We Collect

Account Information

• Email address and username
• Name (optional)
• Basic demographic information (age, location, occupation)

OAuth Authentication

If you sign in using Google or Microsoft:

• We receive your email address, name, and profile photo from the OAuth provider
• We use this information solely for account creation and authentication
• Your relationship with Google/Microsoft is governed by their respective privacy policies
• We do not access any other data from your Google/Microsoft account

Financial Information

• Income sources and amounts
• Expense categories and amounts
• Tax-related information (filing status, deductions)
• Financial goals and targets
• Business model data (for Blueprint users)

Payment Information

Payment Processing: All payments are processed securely through Stripe, our payment processor.

• We do NOT store credit card numbers, CVV codes, or full payment details
• Stripe collects and processes your payment information directly
• We receive only: Stripe customer ID, subscription ID, payment intent ID, payment status, and subscription tier
• For recurring subscriptions, we store: subscription status, current period dates, and renewal information
• Your payment data with Stripe is governed by Stripe's Privacy Policy

How We Use Your Information

We use your information solely to:

• Calculate your Freedom Number and financial projections
• Provide personalized financial planning education
• Process Blueprint AI requests and provide AI-powered guidance
• Conduct expert consultations (for Blueprint subscribers with support packages)
• Save your progress and preferences
• Process subscription payments and manage your subscription status
• Send subscription renewal reminders and payment notifications
• Improve our service and calculations
• Send important communications (see Communications section below)

Expert Support Services

For Blueprint subscribers who purchase expert support:

• Video Consultations ($199): We review your Blueprint model data to prepare for the session
• Video consultations are conducted live and are recorded
• Email Support ($99/month): Email correspondence is retained for service quality and continuity
• All consultation and support data is used only to provide the service you purchased
• We do not share your business model data with third parties

Communications

We send two types of emails:

Transactional Emails (Cannot Unsubscribe)

These are essential for operating your account:

• Account creation and verification
• Password resets and security alerts
• Subscription payment receipts and confirmations
• Subscription renewal reminders
• Subscription cancellation confirmations
• Failed payment notifications
• Legal and policy updates (Terms of Service, Privacy Policy)
• Account deletion confirmations

Marketing Emails (Can Unsubscribe)

These are optional and can be disabled:

• Product updates and new features
• Educational content and tips
• Special offers or promotions

Unsubscribe Options:

• Click "Unsubscribe" link at the bottom of any marketing email
• Manage preferences in your Account Settings

Data Security

We implement industry-standard security measures to protect your data:

• Encrypted connections (HTTPS/TLS)
• Secure password storage using industry-standard hashing
• Regular security updates and monitoring
• Session timeout for inactive users
• Protection against common web vulnerabilities

Data Location

Your data is stored on secure servers located in the United States. By using our service, you consent to your data being stored and processed in the US.

Security Breach Notification

In the unlikely event of a data breach that affects your personal information:

• We will notify affected users via email within 72 hours of discovering the breach
• Notification will include: nature of the breach, types of data affected, steps we're taking, and recommended actions for you
• We will also notify relevant regulatory authorities as required by law
• We maintain incident response procedures and conduct regular security audits

Your Rights and Controls

You have complete control over your data:

• Access: View all your data at any time through your account
• Export: Download a complete copy of your data in JSON format
• Correction: Update or correct your information at any time
• Deletion: Permanently delete your account and all associated data

Manage Your Privacy Settings

Data Sharing

We never sell, rent, or share your personal financial data with third parties for marketing purposes.

We may share information only in these limited circumstances:

• With your explicit consent
• To comply with legal obligations
• To protect against fraud or security threats
• With third-party service providers as described below

Aggregate Anonymized Data

We may use anonymized, non-identifiable data for internal analytics and service improvement:

• What we analyze: Usage patterns, feature adoption, calculation trends
• No PII: All personal identifiers are removed before analysis
• Purpose: Admin analytics, database queries to understand user trends, service improvements
• Example: "30% of users have rental income" (not "John Smith has $2,000 rental income")

Third-Party Services

We use the following trusted third-party services to operate Occam's Model. Each service has its own privacy policy governing how they handle data:

Payment Processing - Stripe

• Purpose: Process payments and manage transactions
• Data shared: Payment information (card details processed directly by Stripe)
• Privacy Policy: stripe.com/privacy

AI Features - Google Gemini

Blueprint AI features use Google Gemini Large Language Models (LLMs):

• Purpose: Provide AI-powered guidance and assistance for Blueprint modeling
• Data shared: Non-personally identifiable cached calculation results from your Blueprint model (e.g., monthly revenue projections, expense totals)
• What we DO NOT share: Your name, email, exact financial amounts, or any personally identifiable information (PII)
• User prompts: Questions and prompts you submit to AI chat are sent to Google's Gemini API
• Privacy Policy: Google Privacy Policy and Gemini API Terms
• Our liability: We cannot control how Google processes or retains data, and we are not responsible for their data handling practices

Analytics - Google Analytics

• Purpose: Understand how users interact with our service
• Data shared: Anonymized usage data, financial amounts as ranges (not exact values)
• Privacy Policy: Google Privacy Policy

OAuth Authentication - Google / Microsoft

• Purpose: Provide convenient sign-in options
• Data shared: OAuth providers share your email, name, and profile photo with us
• Privacy Policies:
  • Google: Google Privacy Policy
  • Microsoft: Microsoft Privacy Statement

Third-Party Responsibility: We carefully select service providers, but we are not responsible for their privacy practices. We encourage you to review their privacy policies.

Data Retention and Account Deletion

We retain your data as long as your account is active. You have full control to delete your account and data at any time.

Account Deletion Process

• How to delete: Use the "Delete Account" option in your Account Settings
• Timeline: Deletion is immediate and takes effect instantly
• Irreversible: Account deletion cannot be reversed - all data is permanently deleted
• Active subscriptions: Deleting your account immediately cancels your Blueprint subscription and revokes access
• No refunds: Account deletion does not trigger refunds for subscription fees (see our Terms of Service)

What Happens After Deletion

• Subscription cancellation: Active subscriptions are immediately canceled (no refunds)
• Personal data: All personally identifiable information is immediately and permanently deleted
• Financial data: All Freedom Number and Blueprint data is permanently deleted
• Payment records: Stripe retains transaction and subscription records per their policies (required for financial regulations)
• Anonymized data: De-identified aggregate data may be retained for service improvement (no personal identifiers)
• Audit logs: Security logs retained for 90 days for fraud prevention and compliance

Cookies and Tracking

We use minimal cookies necessary for functionality:

• Session cookies: To keep you logged in
• Security cookies: For CSRF protection
• Preference cookies: To remember your settings

We use Google Analytics to understand how users interact with our service and to improve the user experience. Analytics data is anonymized and aggregated - we track financial amounts as ranges, not exact values, to protect your privacy.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Your California Rights

• Right to Know: Request disclosure of personal information we collect, use, and share
• Right to Access: View all your data through your account dashboard
• Right to Delete: Request deletion of your personal information (available through Account Settings)
• Right to Opt-Out of Sale: We do NOT sell your personal information to third parties
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

We Do Not Sell Your Data

Important: Occam's Model does NOT sell, rent, or share your personal information for monetary or other valuable consideration. We have never sold user data and have no plans to do so.

How to Exercise Your Rights

• Access & Export Data: Use the "Export My Data" button in Account Settings
• Delete Account: Use the "Delete Account" option in Account Settings
• Questions: Email privacy@occamsmodel.com with subject "California Privacy Rights"

We will respond to verifiable consumer requests within 45 days as required by law.

International Users

Occam's Model is based in the United States and designed primarily for US users. Our tax calculations and financial modeling are built for US tax law.

• If you access our service from outside the US, your data will be transferred to and stored on US servers
• By using our service, you consent to this data transfer and processing in the United States
• Our service may not be suitable for non-US financial planning due to tax law differences

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes via:

• Email notification to your registered address
• Prominent notice in the application
• Updated "Last updated" date at the top of this page

Material changes will take effect 30 days after notification. Continued use of our service after changes constitutes acceptance of the updated policy.