Privacy Policy

Last updated: March 9, 2026

1. What We Collect

Torv collects and stores the financial data you provide or authorize us to access:

• Account names, types, and balances
• Transaction descriptions, amounts, and dates
• Paycheck breakdowns you enter
• Categories, rules, contribution goals, and spending targets you create
• Tax profile information you provide (filing status, state, deductions)
• Basic account information from your authentication provider (email address)

We collect only what is necessary to provide the service. We do not collect data from other sources or build profiles beyond what you see in the app.

2. How We Use Your Data

Your data is used solely to provide and improve the Torv service:

• Generate financial statements (balance sheet, income statement, cash flow, net worth decomposition)
• Compute tax projections across all 50 states + DC
• Run lifecycle retirement projections, Social Security optimization, and savings waterfall analysis
• Track contribution goals and spending targets
• Provide charts, analysis, and insights about your finances
• Improve the product based on aggregate, anonymized usage patterns

We do not sell your data. We do not share your personal financial data with third parties for marketing, advertising, or any purpose unrelated to delivering the Torvservice.

3. Lawful Basis for Processing

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a lawful basis for processing personal data, we rely on:

• Contract performance — Processing your financial data is necessary to provide the Torv service you have subscribed to.
• Legitimate interest — First-party analytics to improve product quality and reliability, where these interests do not override your fundamental rights.
• Consent — Where required by law, such as for optional features or communications. You may withdraw consent at any time.

4. Third-Party Services

Torv relies on the following third-party services to operate. Each processes only the minimum data necessary for its function:

• Authentication — We handle authentication directly. Your email address is stored in our database. Passwords are hashed with bcrypt (never stored in plaintext). Your user ID is cryptographically pseudonymized before being associated with any financial data (see Security).
• Quiltt — Bank data aggregation (powered by MX and Finicity). When you connect a financial institution, you authenticate directly in a secure widget provided by our aggregation partner. Your bank credentials are never stored by Torv. Access tokens stored in our database are encrypted with AES-256-GCM. See Quiltt's Privacy Policy.
• Hetzner — Database server hosting. Your data is stored on a dedicated server with disk encryption at rest, plus additional application-level AES-256-GCM encryption for personally identifiable fields. See Hetzner's Privacy Policy.
• Cloudflare — Application hosting, CDN, and DNS. Cloudflare serves the Torv web application. No financial data is stored on Cloudflare; all data resides in our database. See Cloudflare's Privacy Policy.

We require that all third-party service providers maintain appropriate security measures and process your data only as necessary to perform their function.

5. Cookies & Tracking

Torv uses cookies for authentication, security, and to improve your experience. These are first-party, essential cookies required for the service to function (e.g., keeping you signed in, remembering trusted devices). We do not sell your data to third parties.

We do not currently use third-party analytics services such as Google Analytics or Facebook Pixel. If we introduce analytics or advertising cookies in the future, we will update this policy and provide a mechanism to manage your preferences.

6. First-Party Analytics

We collect basic, first-party usage data stored in our own database to understand how the product is used:

• Pages visited within the app (no external browsing data)
• Feature usage events (e.g., “categorized transactions,” “ran sync”)
• Signup attribution (which referral link brought you here)

This data is tied to your pseudonymized user ID and is deleted when you delete your account. It is never shared with third parties. You may request that we stop collecting first-party analytics on your account by contacting us at admin@torv.app.

7. Connected Financial Institution Data

When you connect a financial institution through our data aggregation provider (Quiltt),Torv may receive the following types of data depending on your institution and the products you authorize:

• Transaction history (descriptions, amounts, dates, merchant information)
• Account balances and account metadata (name, type, institution)
• Investment holdings (securities, quantities, market values, cost basis)
• Investment transactions (buys, sells, dividends, contributions, withdrawals, transfers)
• Liability information (credit card due dates, loan balances)

Important: Data retrieved from your financial institutions throughTorv does not represent the official record of your accounts. For official account records, please refer directly to your financial institution.

This data is:

• Stored in our database with application-level encryption on personally identifiable fields (account names, institution names, owner names)
• Indexed by a cryptographically pseudonymized user ID that cannot be linked to your identity without a separately stored secret
• Used solely to provide and improve the Torv service as described in this policy
• Accessible only to you through the Torv interface
• Never sold, licensed, or commercially shared with any third party
• Never used for marketing or advertising purposes
• Deleted when you delete your account or disconnect the institution

We do not sell, resell, license, exploit, or commercialize your financial institution data in any form — including anonymized, aggregated, or de-identified forms — to any third party. We do not use your data for marketing purposes.

8. Disconnecting Accounts and Revoking Access

You may disconnect any linked financial institution at any time. To disconnect an institution:

• Navigate to the Manage Accounts section within Torv
• Select the institution you wish to disconnect and click “Remove”
• Alternatively, contact us at admin@torv.app and we will disconnect the institution within one business day

When you disconnect an institution, Torv will cease accessing data from that institution. Previously synced data will be deleted upon your request or when you delete your account. You may also revoke Torv's access directly through your financial institution's own privacy or security settings.

Torv does not store your bank login credentials — those are managed exclusively by our aggregation provider. We cannot log into your accounts, move money, or perform any transactions on your behalf.

9. Data Security

We implement multiple layers of protection for your data. For full technical details, see our Security page.

• Pseudonymized identity — Your login identity is converted to an irreversible cryptographic hash (HMAC-SHA256) before entering our database. Our database contains no email addresses, names, or login credentials.
• Encrypted PII — Account names, institution names, owner names, and bank connection tokens are encrypted with AES-256-GCM (NIST-approved authenticated encryption) before storage.
• Secure transit — All data in transit is protected by HTTPS/TLS.
• Authentication — All API routes require authentication. All database queries are scoped to your pseudonymized user ID.

However, no system is perfectly secure, and we cannot guarantee absolute security. We encourage you to use a strong, unique password and enable any available multi-factor authentication.

10. Data Retention

We retain your data only as long as your account is active and as needed to provide the service. When you delete your account:

• All associated data enters a 30-day soft-delete period (safety net against accidental deletion)
• After 30 days, all data is permanently and irreversibly purged from our systems
• Backups are purged within a commercially reasonable timeframe

We retain records of your consent to access financial institution data for a minimum of three (3) years in a form that permits verification, as required by our data provider agreements and applicable law.

11. Your Rights

Regardless of where you are located, you can at any time:

• Export your data in a machine-readable format
• Delete individual records (transactions, accounts, etc.)
• Delete your entire account and all associated data
• Disconnect linked financial institutions
• Request that we stop collecting first-party analytics on your account

Additional Rights for EEA/UK Residents

If you are located in the European Economic Area or the United Kingdom, you also have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Object to processing based on legitimate interest
• Restrict processing under certain circumstances
• Lodge a complaint with your local data protection authority

Additional Rights for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights, including the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at admin@torv.app.

12. Children's Privacy

Torv is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

13. Gramm-Leach-Bliley Act (GLBA) Notice

To the extent required by the Gramm-Leach-Bliley Act and its implementing regulations, this Privacy Policy serves as our privacy notice. Torv collects nonpublic personal financial information from your connected financial institution accounts as described in Section 7. We do not disclose nonpublic personal financial information to any nonaffiliated third parties except as necessary to provide the Service (e.g., Quiltt for data aggregation, Hetzner for database hosting, Cloudflare for application hosting), as permitted by law, or with your consent. We restrict access to your nonpublic personal financial information to those systems and personnel that need it to provide the Service.

14. Business Transfers

If Torv is acquired, merged with another company, or has its assets sold, your data may be transferred as part of that transaction. In such an event, we will notify you via email or in-app notification at least 30 days in advance and provide you the opportunity to delete your account and data before any transfer occurs.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy. We will maintain an archive of prior versions upon request.

16. Contact

For privacy questions, data requests, or to exercise any of your rights, contact us at admin@torv.app.