Version: v1.0 Last updated: 2025-08-26
Privacy Officer: [email protected] Security contact: [email protected]
Primary hosting: US (current project region); Canada data-residency option is on the roadmap. Some processing may occur in US/EU via vetted sub-processors.
What we process in beta, where it lives, which providers we use, retention/deletion, incident response, and how to reach us.
Advisor accounts – name, work email (authentication via Supabase Auth; no plaintext passwords).
Client planning data – household and account attributes (e.g., assets, liabilities, cash-flow/income & expenses, goals, planning notes, and related documents). We do not require or intentionally collect SIN or health/PHI.
Uploads – PDFs/CSVs/Docs provided by advisors (e.g., statements); server-side text extraction.
Advisor ↔ AI – chat prompts/responses and tool traces for transparency.
Audit trail – append-only record of who/when/what changed (before/after).
Technical/usage – IP, device/browser, error and usage telemetry.
Integrations – none in beta (no Gmail/Outlook/calendar ingestion).
We use vetted cloud providers with contractual safeguards (DPAs), encryption, and access controls: