Back to AIPWM

Privacy Policy

Effective Date: January 9, 2026 Last Updated: January 9, 2026

Introduction

AIPWM ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered wealth management platform.

Please read this policy carefully. By using AIPWM, you consent to the practices described herein.

1. Information We Collect

1.1 Information You Provide

Account Information

  • Name, email address, phone number
  • Password (stored as a cryptographic hash, never in plain text)
  • Multi-factor authentication preferences

Investor Profile

  • Risk tolerance and investment preferences
  • Time horizon and financial goals
  • Income and net worth ranges
  • Investment experience level
  • ESG and sector preferences

Financial Goals

  • Goal descriptions and target amounts
  • Target dates and priorities
  • Progress updates you provide

Family Information (if using family features)

  • Family member names and relationships
  • Roles and access permissions
  • Contact information for family members

Documents You Upload

  • Estate planning documents (wills, trusts)
  • Legal documents (power of attorney, healthcare directives)
  • Other financial documents

1.2 Information from Connected Accounts

When you connect financial accounts through our third-party providers, we receive:

From Plaid (Banking & Investment Accounts)

  • Account names, types, and masked account numbers
  • Account balances (current and available)
  • Transaction history (deposits, withdrawals, purchases)
  • Investment holdings (positions, quantities, cost basis)
  • Institution names and identifiers

From SnapTrade (Brokerage Accounts)

  • Brokerage account information
  • Portfolio holdings and positions
  • Trade history and transactions
  • Account balances and buying power

From Manual Entry

  • Asset values you input (real estate, private equity)
  • Liability information (mortgages, loans)
  • Any other financial data you choose to provide

1.3 Information Collected Automatically

Usage Data

  • Pages visited and features used
  • Time spent on the platform
  • Actions taken (clicks, searches, navigation)
  • Device type, browser, and operating system
  • IP address and approximate location

AI Interaction Data

  • Messages you send to our AI advisor
  • AI responses and recommendations
  • Conversation history and context
  • Feedback on AI suggestions

Technical Data

  • Log files and error reports
  • Performance metrics
  • API request patterns

1.4 Information from Third Parties

Authentication Providers

  • Google OAuth: Email, name, profile picture (if you sign in with Google)

Market Data Providers

  • Stock prices, financial data, and market information (not personal data)

2. How We Use Your Information

2.1 Core Service Delivery

  • Portfolio Management: Analyze your holdings and provide recommendations
  • AI Financial Advisor: Deliver personalized advice based on your profile and goals
  • Account Aggregation: Display a unified view of your financial accounts
  • Risk Assessment: Monitor portfolio risk and provide alerts
  • Tax Optimization: Identify tax-loss harvesting opportunities and asset location strategies
  • Goal Tracking: Monitor progress toward your financial goals

2.2 Personalization

  • Remember your preferences across sessions
  • Tailor AI responses to your situation and history
  • Customize dashboard views and alerts
  • Provide relevant investment research and memos

2.3 Service Improvement

  • Analyze usage patterns to improve features
  • Debug issues and optimize performance
  • Develop new features based on user needs
  • Train and improve AI model interactions (see Section 3.4)

2.4 Communication

  • Send service notifications and alerts
  • Respond to your inquiries and support requests
  • Provide important updates about your accounts
  • Send periodic reports and summaries (if opted in)

2.5 Security and Compliance

  • Detect and prevent fraud or unauthorized access
  • Comply with legal and regulatory requirements
  • Maintain audit trails for compliance purposes
  • Verify your identity when required

3. How We Share Your Information

3.1 Third-Party Service Providers

We share information with service providers who assist in operating our platform:

| Provider | Purpose | Data Shared | |----------|---------|-------------| | Supabase | Database and authentication | All stored data (encrypted at rest) | | Vercel | Hosting and edge functions | Usage data, IP addresses | | Plaid | Bank/investment account connections | Credentials for account access | | SnapTrade | Brokerage account connections | Credentials for account access | | Anthropic | AI advisor (Claude) | Conversation messages, financial context | | Polygon.io | Market data | None (data flows to us only) |

3.2 Plaid Data Sharing

When you connect accounts via Plaid:

  • Plaid accesses your financial accounts on your behalf
  • Plaid's use of your data is governed by Plaid's Privacy Policy
  • You can disconnect Plaid access at any time through AIPWM settings
  • We retain historical data after disconnection per our Data Retention Policy

3.3 SnapTrade Data Sharing

When you connect brokerage accounts via SnapTrade:

  • SnapTrade facilitates secure connections to brokerages
  • SnapTrade's use of your data is governed by their privacy policy
  • You can disconnect SnapTrade access at any time
  • We do not share your brokerage credentials with any other party

3.4 AI Provider (Anthropic)

When you interact with our AI advisor:

  • Your messages and relevant financial context are sent to Anthropic's Claude API
  • Anthropic processes this data to generate responses
  • Anthropic's data handling is governed by Anthropic's Privacy Policy
  • Anthropic may use interactions to improve their models unless you opt out
  • We do not send your full account credentials to Anthropic

What we send to Anthropic:

  • Your messages and questions
  • Relevant portfolio context (holdings, goals, risk profile)
  • Conversation history for continuity

What we do NOT send to Anthropic:

  • Account credentials or access tokens
  • Full account numbers (only masked versions)
  • Social Security numbers or government IDs
  • Raw transaction data in bulk

3.5 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or subpoenas
  • Government or regulatory requests
  • Legal process in connection with litigation
  • Requests from law enforcement

3.6 Business Transfers

If AIPWM is involved in a merger, acquisition, or sale of assets, your information may be transferred. You will be notified via email and/or prominent notice on our platform of any change in ownership or use of your personal information.

3.7 With Your Consent

We may share your information for other purposes with your explicit consent.

3.8 What We Never Sell

We do not sell your personal information. We do not share your data with third parties for their marketing purposes.

4. Data Security

4.1 Encryption

  • In Transit: All data transmitted to and from AIPWM uses TLS 1.3 encryption
  • At Rest: Database encrypted using AES-256
  • Application Layer: Sensitive fields (credentials, account numbers) encrypted with NaCl (XSalsa20-Poly1305)

4.2 Access Controls

  • Role-based access control for all staff
  • Multi-factor authentication required for administrative access
  • Row-level security in database prevents cross-user data access
  • Regular access reviews and principle of least privilege

4.3 Infrastructure Security

  • Hosted on SOC 2 compliant infrastructure (Vercel, Supabase)
  • Regular security assessments and penetration testing
  • Automated vulnerability scanning
  • DDoS protection and rate limiting

4.4 Audit Logging

  • All user actions logged for security monitoring
  • Access attempts and authentication events recorded
  • Logs retained for security investigation purposes

4.5 Incident Response

In the event of a data breach:

  • We will investigate and contain the incident promptly
  • Affected users will be notified within 72 hours
  • Relevant regulatory authorities will be informed as required
  • We will provide guidance on protective measures

5. Your Rights and Choices

5.1 Access Your Data

You can access your personal information at any time through:

  • Your account dashboard
  • Data export feature (Settings → Export Data)
  • Requesting a full data export by contacting us

5.2 Correct Your Data

You can update your personal information:

  • Edit profile information in Settings
  • Update investor profile and goals
  • Contact us for corrections to historical data

5.3 Delete Your Data

You can request deletion of your account and data:

  • Submit deletion request in Settings → Account → Delete Account
  • 30-day grace period allows for recovery
  • Certain data retained for legal/regulatory compliance (see Data Retention Policy)

5.4 Disconnect Accounts

You can disconnect linked financial accounts at any time:

  • Go to Settings → Connected Accounts
  • Click "Disconnect" on any account
  • Access tokens are immediately revoked
  • Historical data retained per retention policy

5.5 Communication Preferences

You can manage communications:

  • Email notifications: Settings → Notifications
  • Marketing emails: Unsubscribe link in emails
  • We will always send essential service notifications

5.6 AI Memory

You can manage what our AI remembers about you:

  • View learned facts in Settings → AI Preferences
  • Delete specific memories
  • Clear all AI memory and start fresh

6. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights:

6.1 Right to Know

You may request disclosure of:

  • Categories of personal information collected
  • Sources of personal information
  • Business purposes for collection
  • Categories of third parties with whom we share
  • Specific pieces of personal information collected

6.2 Right to Delete

You may request deletion of personal information, subject to exceptions for:

  • Completing transactions
  • Security and fraud prevention
  • Legal compliance
  • Internal uses aligned with your expectations

6.3 Right to Correct

You may request correction of inaccurate personal information.

6.4 Right to Opt-Out

You have the right to opt out of:

  • Sale of personal information (we do not sell)
  • Sharing for cross-context behavioral advertising (we do not do this)

6.5 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

6.6 Submitting Requests

To exercise your California privacy rights:

  • Email: privacy@aipwm.com
  • Through the platform: Settings → Privacy → California Rights
  • We will verify your identity before processing requests
  • Requests fulfilled within 45 days

6.7 Categories of Information

| Category | Collected | Sold | Shared for Advertising | |----------|-----------|------|------------------------| | Identifiers (name, email) | Yes | No | No | | Financial information | Yes | No | No | | Internet activity | Yes | No | No | | Geolocation (approximate) | Yes | No | No | | Professional information | Yes | No | No | | Inferences (risk profile) | Yes | No | No |

7. Other State Privacy Rights

7.1 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA)

Residents of these states have similar rights to California residents, including:

  • Right to access, correct, and delete personal data
  • Right to data portability
  • Right to opt out of targeted advertising
  • Right to appeal our decisions

7.2 Nevada

Nevada residents may opt out of the sale of personal information. We do not sell personal information.

8. International Users

8.1 Data Location

Your data is stored and processed in the United States. By using AIPWM, you consent to the transfer of your information to the United States.

8.2 GDPR (European Users)

If you are in the European Economic Area, you have rights under GDPR including:

  • Right to access and portability
  • Right to rectification and erasure
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent

Legal Basis for Processing:

  • Contract performance (providing our services)
  • Legitimate interests (security, service improvement)
  • Consent (marketing, optional features)
  • Legal obligations (compliance, tax reporting)

Contact our Data Protection Officer: dpo@aipwm.com

9. Cookies and Tracking

9.1 Essential Cookies

Required for the platform to function:

  • Authentication session cookies
  • Security tokens (CSRF protection)
  • User preferences

9.2 Analytics Cookies

Used to understand how you use the platform:

  • Page views and navigation patterns
  • Feature usage statistics
  • Performance monitoring

9.3 Managing Cookies

You can manage cookies through:

  • Browser settings
  • Cookie preferences in Settings
  • Note: Disabling essential cookies may prevent platform use

9.4 Do Not Track

We honor Do Not Track browser signals by disabling non-essential analytics.

10. Children's Privacy

AIPWM is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected information from a child under 18, we will delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@aipwm.com.

11. Data Retention

We retain your personal information as described in our Data Retention Policy. Key retention periods:

| Data Type | Retention Period | |-----------|------------------| | Account information | Account lifetime + 7 years | | Financial transactions | 7 years | | Tax-related data | 7 years | | Chat history | 3 years | | Audit logs | 7 years |

12. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered address
  • Prominent notice on the platform
  • Updating the "Last Updated" date

Your continued use of AIPWM after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Email: privacy@aipwm.com

Data Protection Officer: dpo@aipwm.com

Mail: AIPWM Privacy Team [Address] [City, State ZIP]

Response Time: We aim to respond to all privacy inquiries within 5 business days.

15. Regulatory Information

AIPWM provides technology services and AI-powered financial information. We are not a registered investment advisor, broker-dealer, or bank. Information provided through our platform is for informational purposes only and does not constitute financial advice.

Financial account aggregation services are provided through partnerships with regulated third parties (Plaid, SnapTrade).

Summary of Key Points

  • We collect account info, financial data, and AI conversations to provide our service
  • We share with service providers necessary to operate (Plaid, SnapTrade, Anthropic, Supabase)
  • We never sell your personal information
  • We protect your data with encryption and security controls
  • You can access, correct, delete, and export your data at any time
  • We retain data per regulatory requirements (typically 7 years for financial data)
  • Contact us at privacy@aipwm.com with any questions

This Privacy Policy is provided for informational purposes. For legal advice regarding your privacy obligations or rights, please consult with a qualified attorney.