Back to Home

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information when you use Wealth.

Effective Date: October 12, 2025

Last Updated: October 12, 2025

Table of Contents

Introduction

Welcome to Wealth by AlgoRhythmz ("Service," "we," "us," or "our"). We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, share, and protect your information when you use our wealth management platform.

Important: This policy is legally binding and your use of our Service constitutes acceptance of these terms.

Information We Collect

Personal Information

We collect information that identifies, relates to, or could reasonably be linked with you:

  • Account Information: Name, email address, phone number, date of birth
  • Identity Verification: Government-issued ID information, address verification documents
  • Authentication Data: Username, password, multi-factor authentication credentials

Financial Information

Through our integration with Plaid:

  • Bank Account Data: Account numbers, routing numbers, account balances, transaction history
  • Transaction History: Spending patterns and transaction details

Usage Information

  • Device Information: IP address, browser type, operating system, device identifiers
  • Activity Data: Pages visited, features used, time spent, interaction patterns
  • Location Data: General geographic location (city/state level only)
  • Technical Data: Log files, error reports, performance metrics

Communications

  • Support Interactions: Chat logs, email correspondence, support tickets
  • Marketing Communications: Email engagement, subscription preferences
  • Survey Responses: Feedback, ratings, testimonials

How We Use Your Information

Primary Purposes

  • Service Delivery: Provide wealth management tools, financial tracking, and analytics
  • Security: Detect fraud, prevent unauthorized access, ensure platform security
  • Compliance: Meet legal and regulatory requirements, including financial regulations

Secondary Purposes

  • Improvement: Enhance Service functionality, develop new features
  • Communication: Send service updates, security alerts, marketing materials (with consent)
  • Analytics: Understand usage patterns, measure Service performance
  • Support: Provide customer service and technical assistance

Legal Basis for Processing (GDPR/CCPA)

  • Contract Performance: Processing necessary to provide our Service
  • Legitimate Interest: Fraud prevention, service improvement, direct marketing
  • Legal Compliance: Regulatory requirements
  • Consent: Explicit consent for sensitive data processing

Information Sharing and Disclosure

We Do Not Sell Personal Information

We do not sell, rent, or lease your personal information to third parties for their marketing purposes.

When We Share Information

Service Providers

We share information with trusted third-party service providers:

  • Plaid Inc. - Financial data aggregation and bank connectivity
  • Cloud Infrastructure Providers - Data hosting and processing (AWS, Google Cloud)
  • Authentication Services - Identity verification and security
  • Analytics Providers - Service usage analysis (anonymized data only)
  • Support Services - Customer service tools and platforms

Legal Requirements

We may disclose information when required by law:

  • Legal Process: Court orders, subpoenas, regulatory requests
  • Safety Protection: Protect rights, property, or safety of users or the public
  • Fraud Prevention: Investigate and prevent fraudulent activities
  • Regulatory Compliance: Financial services regulations

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity (with 30 days advance notice).

Data Sharing Safeguards

  • Contractual Protections: All service providers sign data processing agreements
  • Security Requirements: Third parties must meet our security standards
  • Purpose Limitation: Data shared only for specified, legitimate purposes
  • Audit Rights: We maintain the right to audit third-party security practices

Data Security

Technical Safeguards

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, network monitoring
  • Secure Development: Security-by-design principles, regular code reviews

Administrative Safeguards

  • Employee Training: Regular security awareness training for all staff
  • Access Management: Least privilege principle, regular access reviews
  • Incident Response: Documented procedures for security incidents
  • Background Checks: Security screening for employees with data access

Physical Safeguards

  • Data Centers: SOC 2 Type II certified facilities with 24/7 monitoring
  • Device Security: Encrypted storage, secure disposal of hardware
  • Facility Access: Biometric access controls, visitor management

Monitoring and Auditing

  • Continuous Monitoring: Real-time threat detection and response
  • Regular Audits: Annual security assessments by independent third parties
  • Vulnerability Management: Regular penetration testing and vulnerability scans
  • Compliance Verification: Quarterly compliance reviews and certifications

Financial Data and Plaid Integration

Plaid Partnership

We use Plaid Technologies Inc. to securely connect to your financial accounts. Plaid's services are subject to their Privacy Policy available at plaid.com/legal/.

Data Collection Through Plaid

  • Account Information: Account types, balances, account and routing numbers
  • Transaction Data: Transaction amounts, dates, merchant information, categories
  • Identity Information: Account holder names, addresses, phone numbers
  • Asset Information: Investment holdings, values, performance data

Your Control Over Financial Data

  • Consent Required: We only access accounts you explicitly authorize
  • Granular Permissions: Choose which accounts and data types to share
  • Revoke Access: Disconnect accounts at any time through your settings
  • Data Minimization: We only collect data necessary for our Service

Financial Data Protection

  • Bank-Level Security: Same encryption and security standards as financial institutions
  • Segregated Storage: Financial data stored separately with additional protections
  • Limited Access: Only authorized personnel can access financial data
  • Audit Trails: All access to financial data is logged and monitored

Data Retention

Retention Periods

  • Account Data: Retained while your account is active plus 7 years after closure
  • Financial Data: Retained for 7 years for regulatory compliance (IRS requirements)
  • Usage Data: Retained for 2 years for service improvement purposes
  • Communication Data: Retained for 3 years for support and legal purposes

Deletion Process

  • Automated Deletion: Data automatically deleted after retention periods
  • Secure Disposal: Multi-pass overwriting of storage media
  • Third-Party Deletion: Require service providers to delete data per our schedules
  • User-Requested Deletion: Process deletion requests within 30 days

Legal Hold

Data may be retained longer when required for:

  • Active Legal Proceedings: Until resolution of legal matters
  • Regulatory Investigations: Until completion of investigations
  • Tax Audits: Until audit completion and appeal periods expire

Your Rights and Choices

Account Control

  • Access: View and download your personal information
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in standard formats

Communication Preferences

  • Marketing Emails: Opt out of promotional communications
  • Service Notifications: Receive important account and security updates
  • SMS Alerts: Control text message notifications
  • Push Notifications: Manage mobile app notifications

California Residents (CCPA)

California residents have additional rights:

  • Right to Know: Detailed information about data collection and sharing
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of sale of personal information (we don't sell data)
  • Non-Discrimination: Equal service regardless of privacy choices

European Residents (GDPR)

European residents have additional rights:

  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of personal data
  • Right to Restrict Processing: Limit how we process your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Data Portability: Receive your data in a structured format

Cookies and Tracking Technologies

Types of Cookies

  • Essential Cookies: Required for Service functionality (authentication, security)
  • Performance Cookies: Analyze Service usage and performance
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Deliver personalized content and advertisements

Cookie Management

  • Cookie Settings: Control cookie preferences in your browser
  • Opt-Out Options: Disable non-essential cookies in your account settings
  • Third-Party Cookies: Managed through respective third-party privacy settings

Do Not Track

We currently do not respond to Do Not Track browser signals, but we provide granular privacy controls in your account settings.

International Data Transfers

Cross-Border Processing

Your information may be processed in countries other than your residence, including the United States, where our servers and service providers are located.

Transfer Safeguards

  • Adequacy Decisions: Transfers to countries with adequate privacy protections
  • Standard Contractual Clauses: EU-approved data transfer mechanisms
  • Binding Corporate Rules: Internal policies ensuring consistent protection
  • Explicit Consent: Your consent for transfers where other safeguards aren't available

Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will delete it promptly.

Changes to This Policy

Notification Process

  • Material Changes: 30 days advance notice via email and Service notifications
  • Minor Updates: Notice posted on our website
  • Version Control: Previous versions available upon request

Your Options

If you disagree with changes to this policy, you may close your account before the changes take effect.

Contact Information

Privacy Officer

Email: security@algorhythmz.com

Data Protection Officer

Email: security@algorhythmz.com

Customer Support

Email: support@algorhythmz.com

This Privacy Policy was last updated on October 12, 2025.

Please review it periodically for changes.

© 2025 AlgoRhythmz, LLC. All rights reserved.