Privacy Policy

WealthSight ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered variance analysis platform and related services (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

We use the information we collect for the following purposes:

• **Providing the Service** — Processing your financial data, generating variance analyses, and delivering insights. • **Account Management** — Creating and managing your account, processing payments, and communicating about your subscription. • **Service Improvement** — Analyzing usage patterns to improve features, fix bugs, and develop new functionality. • **Security** — Detecting, preventing, and responding to fraud, abuse, security incidents, and technical issues. • **Communications** — Sending service-related notifications, updates, and marketing communications (with your consent). • **Legal Compliance** — Meeting our legal obligations, resolving disputes, and enforcing our agreements.

Our AI-powered analysis uses AWS Bedrock for natural language processing. When you submit data for analysis:

• Your financial data is transmitted securely to AWS Bedrock for processing. • **Your data is never used to train, improve, or fine-tune any AI models** — not ours or any third party's. • Data sent to the AI service is processed in real-time and not retained by the AI provider after the response is generated. • AI processing occurs within your designated AWS region to comply with data residency requirements. • We do not share your prompts, analysis results, or financial data with other customers or third parties.

We do not sell your personal information. We may share your information only in the following circumstances:

• **Service Providers** — With trusted third-party vendors who assist in operating our Service (e.g., AWS for hosting, Stripe for payments, Clerk for authentication). These providers are contractually bound to protect your data. • **Legal Requirements** — When required by law, regulation, legal process, or governmental request. • **Business Transfers** — In connection with a merger, acquisition, or sale of assets, with notice to affected users. • **With Your Consent** — When you explicitly authorize us to share specific information.

We never share your financial data with advertisers or data brokers.

We retain your information only for as long as necessary to fulfill the purposes described in this policy:

• **Account Data** — Retained for the duration of your active account, plus 30 days after deletion. • **Financial Files** — Uploaded files are retained during your active session and deleted within 24 hours of analysis completion, unless you choose to save them. • **Analysis Results** — Session history and reports are retained for the duration of your subscription and deleted within 90 days of account closure. • **Usage Data** — Aggregated and anonymized usage data may be retained indefinitely for analytics purposes. • **Payment Records** — Retained for 7 years to comply with financial and tax regulations.

You may request deletion of your data at any time by contacting us at privacy@wealthsight.ai.

We implement industry-leading security measures to protect your data:

• **Encryption** — All data is encrypted in transit (TLS 1.3) and at rest (AES-256). • **Access Controls** — Strict role-based access with multi-factor authentication for all production systems. • **Infrastructure** — Hosted on AWS with enterprise-grade data centers, multi-region redundancy, and automated failover. • **Monitoring** — 24/7 security monitoring, intrusion detection, and automated alerting. • **Auditing** — Regular third-party penetration testing. SOC 2 Type II certification is in progress.

For more details, please visit our [Security page](/security).

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• **Access** — Request a copy of the personal data we hold about you. • **Correction** — Request correction of inaccurate or incomplete data. • **Deletion** — Request deletion of your personal data (subject to legal retention requirements). • **Portability** — Request your data in a structured, machine-readable format. • **Objection** — Object to processing of your data for certain purposes. • **Restriction** — Request restriction of processing in certain circumstances. • **Withdraw Consent** — Withdraw previously given consent at any time.

To exercise any of these rights, contact us at privacy@wealthsight.ai. We will respond within 30 days.

We use essential cookies required for the Service to function properly (authentication, session management). We also use analytics cookies (via Vercel Analytics) to understand usage patterns.

We do not use third-party advertising cookies or cross-site tracking. You can manage cookie preferences through your browser settings.

Our primary infrastructure is located in the United States (AWS US-East and US-West regions). If you access the Service from outside the United States, your data may be transferred to and processed in the US.

We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) and compliance with applicable data transfer frameworks. EU/EEA users can refer to our GDPR page for additional information.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will promptly delete that information.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date and, for significant changes, by sending an email notification.

Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• **Email:** privacy@wealthsight.ai • **Address:** WealthSight, Inc. • **Data Protection Officer:** dpo@wealthsight.ai

For GDPR-specific inquiries, please visit our [GDPR Compliance page](/gdpr).