Privacy Policy

Last Updated: January 2026

Our Core Privacy Promise

Your privacy is our foundation.

Military Transition Toolkit protects your data with industry-standard security measures. Your information is stored securely in our cloud database with encryption at rest (AES-256), encrypted connections (HTTPS/TLS), and row-level security ensuring only you can access your data.

1. How We Store Your Data

All user data is securely stored in our cloud database with industry-leading security:

Secure Cloud Storage (All Users)

Your data is securely stored in the cloud with bank-level encryption. This enables automatic backup and access from any device while maintaining complete privacy and security.

Bank-level encryption (AES-256) protecting all data at rest
Row-level security ensuring users can only access their own data
Automatic cloud backup and sync across all devices
Secure SSL/TLS encryption for all data in transit
SOC 2 Type II certified infrastructure (Supabase)
HIPAA-compliant security for medical information
Regular automated backups with point-in-time recovery

Data Isolation & Privacy

Every user's data is isolated at the database level through row-level security (RLS). This means database queries automatically filter to show only your data.

Row-level security prevents cross-user data access
We never sell or share your personal data with third parties
Important: This is a planning tool, not a medical records system. Do not store detailed protected health information.

2. What Data We Collect

Personal Information

We collect minimal information necessary to provide secure cloud services:

Email address: For account creation, login, and service communications
Encrypted user data: Your transition planning data, securely encrypted in our database
Profile information: Name, military branch, rank, MOS (only what you choose to provide)

What We DON'T Collect or Sell

Device identifiers or precise location data
Behavioral tracking across other websites
We never sell any user data to third parties

Note: Data you enter (VA claims, appointments, notes) is stored in our database. Use this as a planning tool - we recommend NOT entering detailed medical records or sensitive health information.

3. Anonymous Analytics (Optional)

We use Google Analytics to understand basic usage patterns. This helps us improve the tool. The analytics collect:

Page views (which pages are visited)
Approximate geographic location (city/state level, not precise)
Device type (desktop, mobile, tablet)
Browser type (Chrome, Firefox, Safari, etc.)
How users navigate through the site

Analytics data is:

Completely anonymous - no personal identifiers
Aggregated - we only see trends, not individual sessions
Limited - Google Analytics only tracks page views, not form content
Optional - you can block analytics with browser extensions or do-not-track settings

4. Data Security

We implement industry-standard security practices to protect your information:

✓

Encryption at Rest (AES-256):Your data is encrypted in our database using AES-256 encryption, the same standard used by banks and government agencies.

✓

HTTPS/TLS Encryption in Transit:All connections use SSL/TLS encryption to prevent eavesdropping during transmission.

✓

Row-Level Security:Database policies ensure you can only access your own data. Other users cannot see your information.

✓

SOC 2 Compliant Infrastructure:Our database provider (Supabase) maintains SOC 2 Type II certification with regular security audits.

✓

Secure Authentication:Passwords are hashed (never stored in plain text) and we support secure session management.

5. Data Retention

Your encrypted data is retained in the cloud:

As long as your account is active
For 90 days after account deletion request (grace period for reactivation)
Permanently deleted upon your request or after the grace period
You can export your data at any time before deletion

6. Your Privacy Rights

You have complete control over your data:

Right to Access

Export your data in multiple formats at any time from your account settings

Right to Delete

Request immediate account and data deletion from settings or by contacting support

Right to Portability

Export your data in standard formats (JSON, PDF, CSV) to use elsewhere

Right to Privacy

Row-level security and encryption protect your data from unauthorized access

7. Third-Party Services

We use these external services:

Google Analytics

Purpose: Anonymous usage statistics

What they collect: Anonymous page views, device type, approximate location

Cloud Storage Provider (Supabase)

Purpose: Store user data securely with encryption at rest

What they store: Your account data, transition planning data, protected by row-level security

We do NOT use: social media trackers, advertising networks, data brokers, or marketing platforms.

8. Cookies and Similar Technologies

We use minimal cookies:

Essential Cookies (Required)

Necessary for the site to function, including authentication and preference storage.

Analytics Cookies (Optional)

Google Analytics cookies track anonymous usage patterns. You can disable these with browser settings or privacy extensions.

We do NOT use cookies for: advertising, tracking across websites, selling data, or identifying individual users beyond necessary authentication.

9. Children's Privacy

Our service is not directed to individuals under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. International Users

Our security-first approach ensures compliance with major privacy regulations:

GDPR (European Union): We use privacy-by-design principles and provide full data control rights
CCPA (California): We don't sell personal information and provide full transparency
Other Jurisdictions: Our security measures meet or exceed most privacy requirements globally

11. Data Breach Notification

In the unlikely event of a security breach:

We will notify affected users within 72 hours
Data encrypted at rest provides an additional layer of protection
We will provide clear guidance on any necessary actions
We recommend changing your password if notified of a breach

12. Changes to Privacy Policy

We may update this Privacy Policy occasionally. Changes will be posted on this page with an updated "Last Updated" date.

Material changes will be announced on the home page and via email to all users. Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

support@formationlabs.net

We aim to respond to all privacy inquiries within 48 hours.

Summary

In Plain English:

✓ Your data is stored securely in our cloud database with AES-256 encryption
✓ Row-level security ensures only you can access your data
✓ We only track anonymous page views for site improvement
✓ You have complete control over your information - export or delete anytime
✓ We'll never sell your data - 100% free for all servicemembers and veterans
✓ This is a planning tool - don't store detailed medical records here
✓ 100% free - optional donations welcome but never required

Back to Home Go to App