Privacy Policy

Effective Date: January 27, 2026
Last Updated: January 27, 2026
Version: 1.0

Important: This Privacy Policy explains how WealthWise ("we," "our," or "us") collects, uses, shares, and protects your personal and financial information. By using our services, you consent to the data practices described in this policy.

1. Introduction

WealthWise is committed to protecting your privacy and safeguarding your personal and financial information. This Privacy Policy describes:

What information we collect and why
How we use and protect your information
When and with whom we share information
Your rights and choices regarding your information
How to contact us with privacy questions or concerns

2. Information We Collect

2.1 Information You Provide Directly

When you create an account and use WealthWise, we collect information you provide to us, including:

Account Registration: Email address, password, first name, last name
Profile Information: Date of birth, country, marital status, retirement goals
Financial Information: Income, expenses, savings rate, investment holdings, retirement accounts, real estate holdings
Transaction Data: When you connect your financial accounts, we access transaction descriptions, amounts, dates, and merchant information
Communications: Messages sent through our financial advisor chatbot, support inquiries, feedback

2.2 Information Collected Automatically

When you access or use WealthWise, we automatically collect:

Device Information: IP address, browser type and version, operating system, device identifiers
Usage Information: Pages visited, features used, time spent on pages, click patterns
Session Information: Login timestamps, session duration, authentication events
Cookies and Similar Technologies: Session cookies for authentication, persistent cookies for "Remember Me" functionality

2.3 Information from Third-Party Services

With your authorization, we collect information from third-party financial service providers:

SimpleFIN: Bank account information, balances, transaction history from your connected financial institutions
Plaid (planned): Similar account aggregation data when you choose to connect accounts via Plaid

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Provide and Improve Our Services

Create and manage your account
Calculate and display your net worth and financial metrics
Sync transactions from your connected financial accounts
Categorize transactions automatically using AI and rules
Generate personalized retirement plans and projections
Provide AI-powered financial advice through our chatbot
Analyze spending patterns and income trends
Improve and optimize our services based on usage patterns

3.2 Security and Fraud Prevention

Authenticate your identity and maintain account security
Detect and prevent unauthorized access or fraudulent activity
Monitor for suspicious behavior and security threats
Maintain audit logs for security and compliance purposes

3.3 Communications

Send account notifications (e.g., successful account sync, security alerts)
Respond to your support requests and inquiries
Send marketing communications (only if you opt in)
Provide updates about new features or changes to our services

3.4 Legal and Compliance

Comply with legal obligations and regulatory requirements
Enforce our Terms of Service and other policies
Respond to legal requests and prevent harm
Maintain records as required by financial regulations

4. How We Share Your Information

We do not sell your personal or financial information to third parties. We share your information only in the following limited circumstances:

4.1 Third-Party Service Providers

We share information with trusted service providers who perform services on our behalf:

Service Provider	Purpose	Data Shared
SimpleFIN	Bank account aggregation and transaction sync	Your financial institution credentials, account data, transaction history
Plaid (planned)	Alternative account connection method	Your financial institution credentials, account data, transaction history
Anthropic (Claude API)	AI-powered financial advice and transaction categorization	Transaction descriptions, financial summaries, chatbot conversations (no account numbers or SSNs)
DreamHost	Web hosting and database services	All application data stored on their servers

Data Processing Agreements: All service providers are contractually required to protect your information and use it only for the purposes we specify. They may not use your data for their own purposes or share it with others.

4.2 Legal Requirements

We may disclose your information when required by law or in response to:

Valid legal process (subpoena, court order, search warrant)
Government or regulatory requests
National security or law enforcement requirements
Situations involving potential threats to physical safety
Protection of our legal rights and property

4.3 Business Transfers

If WealthWise is involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Security Measures

Encryption: All data transmitted over the internet is encrypted using TLS 1.2 or higher (HTTPS). Sensitive data is encrypted at rest using AES-256 encryption.
Password Security: Passwords are hashed using Argon2ID, a memory-hard algorithm resistant to brute-force attacks. We never store passwords in plain text.
Access Controls: Multi-layered access controls restrict access to your data. Role-based permissions ensure employees and systems can only access data necessary for their functions.
Session Security: Sessions expire after 30 minutes of inactivity or 8 hours maximum. Session cookies are marked HttpOnly and Secure to prevent unauthorized access.
Remember Me Tokens: Persistent login uses secure token-based authentication with automatic rotation and theft detection.

5.2 Organizational Security Measures

Security Policies: Comprehensive information security and access control policies
Audit Logging: All authentication attempts, data access, and administrative actions are logged
Security Monitoring: Daily review of logs for suspicious activity
Incident Response: Documented procedures for responding to security incidents
Employee Training: Regular security awareness training for all personnel

5.3 Physical Security

Production servers hosted in SOC 2 certified data centers (DreamHost)
24/7 physical security monitoring and access controls
Redundant power, cooling, and network infrastructure

Important: While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information using industry best practices.

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

Active Accounts: Data retained while your account is active
Closed Accounts: Financial transaction data retained for 7 years after account closure (required by IRS and financial regulations)
Backup Data: Included in automated backups for 30 days (daily backups) plus monthly archives for 1 year
Audit Logs: Security and authentication logs retained for 90 days; financial access logs retained for 7 years
Marketing Data: Deleted within 30 days of unsubscribe request

7. Your Privacy Rights

7.1 Rights for All Users

Regardless of your location, you have the following rights:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
Export: Request a machine-readable copy of your data (data portability)
Opt-Out: Unsubscribe from marketing emails at any time

7.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request details about the categories and specific pieces of personal information we collect, use, and disclose
Right to Delete: Request deletion of your personal information (with certain exceptions)
Right to Opt-Out: Opt out of the "sale" of personal information (Note: WealthWise does not sell personal information)
Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your CCPA rights

7.3 European Union Residents (GDPR)

If you are in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

Right to Access: Obtain confirmation of whether we process your data and receive a copy
Right to Rectification: Correct inaccurate personal data
Right to Erasure: Request deletion ("right to be forgotten")
Right to Restrict Processing: Request limitation of processing under certain circumstances
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
Right to Lodge a Complaint: File a complaint with your local data protection authority

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: support@imwealthwise.com
Account Settings: Many rights can be exercised directly through your account settings (e.g., update profile, export data, delete account)

We will respond to your request within 30 days (or as required by applicable law). We may request additional information to verify your identity before fulfilling your request.

8. Cookies and Tracking Technologies

WealthWise uses cookies and similar technologies for the following purposes:

8.1 Essential Cookies

Required for the operation of our services:

Session Cookie: Maintains your authenticated session while using the application (deleted when you log out or session expires)
Remember Me Cookie: Keeps you logged in across browser sessions if you select "Remember Me" (expires after 30 days)
CSRF Token Cookie: Protects against cross-site request forgery attacks

8.2 Analytics Cookies (Future)

Currently not implemented. If we implement analytics in the future, we will:

Update this policy to reflect the change
Provide opt-out options
Use privacy-respecting analytics tools

8.3 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features of WealthWise. To disable cookies:

Chrome: Settings > Privacy and Security > Cookies
Firefox: Preferences > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Cookies and Website Data

9. Third-Party Links

WealthWise may contain links to third-party websites or services (e.g., SimpleFIN, Plaid, financial institutions). This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

WealthWise is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child under 18, please contact us at support@imwealthwise.com.

11. International Data Transfers

WealthWise is based in the United States. If you access our services from outside the United States, your information will be transferred to, stored, and processed in the United States. The United States may not have the same data protection laws as your country.

By using WealthWise, you consent to the transfer of your information to the United States. We implement appropriate safeguards to protect your information in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

We will update the "Last Updated" date at the top of this policy
For material changes, we will notify you via email or prominent notice within the application
Material changes may require your consent (e.g., re-acceptance of updated terms)
Your continued use of WealthWise after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Gramm-Leach-Bliley Act (GLBA) Privacy Notice

As a financial services provider, WealthWise is subject to the Gramm-Leach-Bliley Act (GLBA). This section provides the privacy notice required under GLBA.

13.1 Information We Collect

We collect nonpublic personal information about you from:

Information you provide on applications and forms (e.g., name, address, email, financial information)
Information about your transactions with us or others (e.g., account balances, transaction history)
Information we receive from third parties (e.g., financial institutions via SimpleFIN/Plaid)

13.2 Information We Disclose

We may disclose nonpublic personal information to:

Service providers who perform services on our behalf (as described in Section 4.1)
Companies as permitted by law (e.g., credit bureaus, regulatory authorities)

13.3 Confidentiality and Security

We maintain physical, electronic, and procedural safeguards to protect your nonpublic personal information, as described in Section 5 of this Privacy Policy.

14. Contact Us

Privacy Questions or Concerns?

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

WealthWise Privacy Team
Email: support@imwealthwise.com

We will respond to your inquiry within 30 days.

15. Definitions

Personal Information: Information that identifies, relates to, or could reasonably be linked to you, including name, email, financial data, and device identifiers.

Nonpublic Personal Information: Personally identifiable financial information that is not publicly available (GLBA definition).

Processing: Any operation performed on personal data, including collection, storage, use, disclosure, and deletion.

Controller: The entity that determines the purposes and means of processing personal data (WealthWise is the controller).

Processor: An entity that processes personal data on behalf of the controller (e.g., our service providers).

Acknowledgment: By using WealthWise, you acknowledge that you have read, understood, and agree to this Privacy Policy.