Privacy Policy

Last updated: May 24, 2026

This Privacy Policy describes what information Exhaven collects from you, how we use it, and the choices you have. We believe in collecting as little as possible and being straightforward about what we do.

What we collect

Information you give us directly

Email address. When you join the waitlist, place a Reserved order, or place a Founder pre-order.
Name. When you complete a purchase through our checkout.
Shipping address. When you place a paid order, so we can ship physical products to you.
Payment information. We never see or store your card details. Payments are processed by Stripe, which collects card information on its own infrastructure. See Stripe's Privacy Policy.

Information collected automatically

Basic technical data. Standard server logs (IP address, browser type, timestamp) when you visit our site. Used to operate the site and diagnose problems.

How we use your information

We use the information we collect to:

Process orders and ship products to you
Send transactional emails about your order, reservation, or refund
Send product updates and news, only if you have opted in to our waitlist or have an active order
Respond to questions or support requests you send us
Operate, maintain, and improve the site
Detect and prevent fraud or abuse
Comply with legal obligations

We do not sell your personal information. We do not use it for behavioral advertising.

Who we share it with

We share your information only with the service providers we need to run the business. These providers are bound by their own privacy obligations and use the data only to perform their services for us:

Stripe — payment processing, refunds, and fraud prevention. stripe.com/privacy
Loops — sending transactional and opt-in product update emails. loops.so/privacy
Google Firebase / Google Cloud — hosting our website and storing order records. policies.google.com/privacy

We may also share information when required by law, or to protect Exhaven's rights, property, or safety, or those of our customers or others.

How long we keep your information

We keep order records, including your email and shipping address, for as long as needed to fulfill the order, support warranty claims, and meet our tax and accounting obligations. In most cases this is seven years from the date of purchase.

If you only joined the waitlist (and did not pay for an order), we keep your email until you ask us to delete it or until we discontinue the waitlist.

Your choices and rights

You have the right to:

Access — Ask what information we have about you
Correct — Ask us to fix information that is wrong
Delete — Ask us to delete your information (subject to legal/tax retention requirements)
Unsubscribe — Stop receiving product updates at any time. Transactional messages (order confirmations, refund notices) will continue as long as you have an active order, because they are part of the service.

To exercise any of these rights, email us at privacy@exhaven.com. We will respond within 30 days.

If you are in California (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete it, and the right not to be discriminated against for exercising these rights. We do not sell personal information, so the right to opt out of sale does not apply. Email privacy@exhaven.com to exercise these rights.

If you are in the European Union (GDPR)

If you are in the EU, you have rights under the General Data Protection Regulation including access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is contract performance (to fulfill your order) and legitimate interest (to run the business safely and improve our service). Email privacy@exhaven.com to exercise these rights.

Security

We use industry-standard security practices to protect your information. All data is transmitted over HTTPS. Order records are stored in Google Firebase with restricted access. Payment data is handled exclusively by Stripe, a PCI-DSS compliant payment processor. No system is perfectly secure, but we take reasonable steps to keep your data safe.

Children

Our site and products are not directed to children under 13. We do not knowingly collect information from children under 13. If we learn we have collected information from a child under 13, we will delete it.

Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date at the top of this page and, for significant changes, notify you by email if you have an active order with us.

Contact

Questions about this policy or your information: privacy@exhaven.com.

Exhaven · Richmond, Virginia, USA