Privacy Policy

Last updated: January 25, 2026

Our Commitment to Privacy

At Straven™, LLC ("we", "us", "our"), privacy isn't just a feature—it's a core principle. Straven is designed from the ground up to protect your security while respecting your privacy.

What Data We Collect

Local Data (Stays on Your Device)

The following data is collected and stored only on your device. It is never transmitted to our servers or any third party:

  • Browser extension information (names, permissions, risk scores)
  • macOS security settings (SIP status, FileVault status, etc.)
  • Network information (WiFi networks, connected devices)
  • Password manager detection status
  • Browser password counts (we never read actual passwords)
  • Security scan history and risk scores

Optional Cloud Features

If you choose to use optional cloud features (paid tiers), the following data may be transmitted:

  • Cloud AI queries: When you use Claude or OpenAI for AI features, your queries are sent to the respective AI provider. We do not store these queries.
  • Email breach checking: Email addresses are checked against Have I Been Pwned using k-anonymity (only a partial hash is sent, not the full email).

Account Data

If you create an account for premium features:

  • Email address
  • Payment information (processed by Stripe, we don't store card details)
  • Subscription status

Team and Enterprise Data

For Team and Enterprise plans, additional data may be collected:

  • Organization name and details
  • Team member email addresses
  • Security metrics and risk scores (aggregated, not individual device data)
  • Incident and case management data
  • Audit logs of user actions

What We Don't Collect

  • Your actual passwords (we only count entries)
  • Your browsing history
  • Your files or documents
  • Keystrokes or screen content
  • Location data (unless you opt-in for WiFi auto-categorization)
  • Telemetry or usage analytics

How We Use Your Data

Local data is used exclusively to provide security analysis and recommendations on your device. Cloud data (if you opt-in) is used only for the specific feature you requested (AI queries, breach checking). Team and Enterprise data is used to provide security management features to your organization.

Data Security

  • All local data is stored in an encrypted SQLite database
  • Sensitive credentials (like router passwords) are stored with 0o600 file permissions
  • Cloud communications use TLS encryption
  • Payment processing is handled by Stripe (PCI-DSS compliant)
  • Team/Enterprise data is encrypted at rest and in transit

Third-Party Services

Straven may integrate with the following third-party services:

  • Anthropic (Claude): Optional AI features
  • OpenAI: Optional AI features
  • Ollama: Local AI (no data leaves your device)
  • Have I Been Pwned: Breach checking (k-anonymity model)
  • Stripe: Payment processing

Data Retention

  • Local data: Retained until you delete the app or clear data
  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Cloud AI queries: Not retained by us (see provider policies)
  • Team/Enterprise data: Retained per your organization's data retention policy

Your Rights

You have the right to:

  • Access your data (local data is on your device, account data available on request)
  • Delete your data (local: delete the app; account: contact us)
  • Opt-out of cloud features (use local-only mode)
  • Export your data (available in app settings)

Children's Privacy

Straven is not intended for children under 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. We'll notify users of significant changes via the app or email.

Contact Us

Questions about this privacy policy? Contact us at:

  • Email: privacy@straven.app
  • Address: Straven, LLC