Privacy Policy

1. What We Collect

• Account data: name, email, phone number, password hash.
• Financial data: account balances, transactions, holdings, valuations — fetched via Plaid when you link an institution.
• Documents: insurance policies, estate plans, beneficiary forms you upload.
• Usage data: device type, IP address, page views (for security and product improvement).
• Billing data: handled by Stripe — we never see your full card number.

2. How We Use It

We use your data to operate the Service, present your dashboard, generate AI summaries you request, send transactional emails, prevent fraud, and comply with law. We do not sell your personal data. We do not use your financial data to train third-party AI models.

3. Sharing

We share data only with:

• Plaid — to fetch your linked accounts.
• Stripe — to process subscriptions.
• Supabase / Lovable Cloud — our hosting & database provider.
• AI providers (Google Gemini, OpenAI) — only redacted prompts you initiate (e.g. property valuations, document parsing).
• Law enforcement — only when legally compelled.

4. Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Plaid access tokens are stored server-side only and are never exposed to your browser. Authentication uses bcrypt-hashed passwords and HIBP leak checking. We perform regular security audits.

5. Your Rights

You may request a copy, correction, or deletion of your data at any time from Settings or by emailing team@aetherwealth.co. EU/UK residents have GDPR rights; California residents have CCPA rights. Account deletions are honoured within 30 days; you may cancel the deletion during the grace period.

6. Data Retention

We retain your data for as long as your account is active. After deletion, financial data, documents and AI history are purged within 30 days. We may retain minimal records (e.g. invoices) for up to 7 years to satisfy tax and accounting law.

7. Cookies

We use only essential cookies (session, CSRF). We do not use third-party advertising or cross-site tracking cookies.

8. International Transfers

Our infrastructure is hosted in the United States. By using the Service you consent to your data being processed in the US under standard contractual clauses where applicable.

9. Children

The Service is not directed at anyone under 18. We do not knowingly collect data from minors.

10. Changes

We will notify you by email and in-app banner of any material changes at least 14 days before they take effect.

11. Data Services — Plaid

Æther Wealth uses Plaid Technologies, Inc. ("Plaid") to connect your financial accounts. Before you launch Plaid Link for the first time we present an in-app disclosure naming Plaid and listing the data categories accessed; clicking "Agree & continue to Plaid" records your affirmative consent. The data categories Plaid shares with us on your behalf include: account name, type, balances, last-four mask; transactions (date, amount, merchant, category); investment holdings and securities; loan and liability terms; and account/routing numbers when needed for a feature you initiate. Plaid processes this data in the United States. Plaid's own collection, use, and sharing of your data is governed by Plaid's End User Privacy Policy at plaid.com/legal. You may disconnect any institution at any time from the Connections screen; we will then call Plaid's /item/remove endpoint to revoke access and purge the related stored data within 30 days.

12. Contact

Privacy requests: team@aetherwealth.co