Wealthfolio logo Wealthfolio
Download

Privacy Policy

Last Updated: December 23, 2025

Wealthfolio Connect is a cloud service operated by Teymz Inc. (“we,” “us,” or “our”) that provides brokerage account connections and device synchronization for the Wealthfolio app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Wealthfolio Connect service (“Service”).

This policy supplements the Wealthfolio Privacy Policy, which covers the desktop application. By using our Service, you agree to the collection and use of information in accordance with this policy.

Our Local-First Philosophy

Wealthfolio Connect is built on a local-first architecture. This means:

  • Your data stays on your device. Your financial data, portfolio holdings, and transaction history are stored in a local SQLite database on your machine—not on our servers.
  • We only sync what’s necessary. Wealthfolio Connect synchronizes connection credentials and device metadata, not your full financial dataset.
  • If our servers go down, your data is still yours. You retain full access to your locally-stored data regardless of cloud availability.

This approach minimizes our data footprint while maximizing your control and privacy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address - for authentication and communication
  • Full name - for personalization and display
  • Avatar URL - if provided via social login
  • Password - securely hashed and stored (for email/password authentication)

1.2 Profile and Preferences

We collect user preferences including:

  • Locale and language settings
  • Timezone (with optional auto-sync)
  • Date and time format preferences

1.3 Team and Household Data

For household collaboration features:

  • Team name and logo
  • Team email and billing email
  • Country and base currency
  • Member roles and invitation status

1.4 Brokerage Connection Data

When you connect brokerage accounts via our integration partner (SnapTrade):

  • Authorization tokens - encrypted with AES-256-GCM encryption
  • Brokerage provider name and identifier
  • Connection status (connected/disconnected)
  • Last synchronization timestamp

Important: We deliberately minimize the financial data we store. Account metadata, holdings, and transaction details are retrieved on-demand from your brokerage provider and synced to your Wealthfolio app. This data is not persistently stored on our servers. Only connection identifiers and user preferences are retained.

1.5 Device Information

For multi-device synchronization:

  • Device ID, name, and platform (iOS, Android, Mac, Windows, Linux)
  • App version and operating system version
  • Device trust status
  • Last activity timestamp

1.6 Payment Information

Payment processing is handled by Stripe. We store:

  • Stripe customer ID and subscription ID
  • Subscription plan and billing period
  • Payment status

We do not store credit card numbers, bank account details, or other sensitive payment credentials. This information is processed and stored exclusively by Stripe.

1.7 BYOK (Bring Your Own Key) Data

On Connect Essentials and Connect Duo plans, you may provide your own API keys for third-party services:

  • AI Provider Keys (e.g., OpenAI, Anthropic) - for AI-powered insights
  • Market Data Provider Keys (e.g., data feed providers) - for real-time market data

Important: BYOK API keys are stored locally on your device, not on our servers. We do not have access to your third-party API keys or the data you retrieve using them. Your interactions with these third-party services are governed by their respective privacy policies.

1.8 AI and Market Data (Connect Plus)

On Connect Plus plans, we provide integrated AI insights and licensed market data:

  • AI Queries: When you use our built-in AI features, we process your queries through privacy-guarded AI models. Query content is not persistently stored after processing.
  • Market Data: We provide access to licensed market data feeds. This data is retrieved on-demand and cached temporarily for performance.

1.9 Usage and Log Data

We automatically collect:

  • IP address (from request headers)
  • User agent (browser/device information)
  • Actions performed within the Service (audit logs)
  • Timestamps of activities
  • Success/failure status of operations

2. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service - authenticate users, connect brokerage accounts, sync data across devices
  • Process payments - manage subscriptions and billing
  • Deliver AI insights (Connect Plus) - process your queries to provide portfolio analysis and financial insights
  • Provide market data (Connect Plus) - deliver licensed market data feeds for your portfolio
  • Communicate with you - send transactional emails, service updates, and security alerts
  • Improve our Service - analyze usage patterns, fix bugs, develop new features
  • Ensure security - detect fraud, prevent abuse, maintain audit trails
  • Comply with legal obligations - respond to legal requests, enforce our terms

Note on BYOK plans: On Connect Essentials and Connect Duo, AI insights and market data are processed locally using your own API keys. We do not collect or process this data.

3. Data Sharing and Third-Party Services

We share data with the following third-party service providers who assist in operating our Service:

3.1 Supabase (Authentication & Database)

  • Purpose: User authentication, database hosting
  • Data shared: User credentials (hashed), profile information
  • Location: United States
  • Privacy Policy: supabase.com/privacy

3.2 Stripe (Payment Processing)

  • Purpose: Subscription billing, payment processing
  • Data shared: Email, team ID, billing information
  • Location: United States
  • Privacy Policy: stripe.com/privacy

3.3 SnapTrade (Brokerage Connection)

  • Purpose: Connect to brokerage accounts and retrieve financial data
  • Data shared: User ID, authorization tokens (encrypted)
  • Location: Canada
  • Privacy Policy: snaptrade.com/privacy

3.4 Resend (Email Delivery)

3.5 Cloudflare (Hosting & Security)

  • Purpose: API hosting, CDN, DDoS protection
  • Data shared: Request data, IP addresses
  • Location: Global edge network
  • Privacy Policy: cloudflare.com/privacypolicy

3.6 AI Providers (Connect Plus Only)

  • Purpose: Process AI-powered insights and queries
  • Data shared: Query content (not persistently stored)
  • Privacy measures: Queries are processed through privacy-guarded models
  • Note: On BYOK plans (Essentials/Duo), you interact directly with your chosen AI provider

3.7 Market Data Providers (Connect Plus Only)

  • Purpose: Provide licensed market data feeds
  • Data shared: Data requests, subscription tier
  • Note: On BYOK plans (Essentials/Duo), you interact directly with your chosen data provider

We do not sell your personal information to third parties.

4. Data Security

We implement industry-standard security measures to protect your data:

4.1 Encryption

  • In Transit: All data transmitted between your device and our servers is encrypted using TLS/HTTPS
  • At Rest: Sensitive credentials (brokerage API tokens) are encrypted using AES-256-GCM with envelope encryption
  • Key Management: Encryption keys are stored in Cloudflare Secrets Store, separate from data
  • End-to-End Encryption: Device synchronization uses E2EE with X25519 key exchange

4.2 Authentication Security

  • JWT-based authentication with secure token verification
  • Constant-time comparison for webhook signature validation
  • Bearer token validation for API requests

4.3 Access Controls

  • Role-based access control (team owner/member)
  • Per-user data isolation
  • Audit logging for security-relevant actions

4.4 Infrastructure Security

  • Cloudflare Workers secure runtime environment
  • Database connection pooling via Cloudflare Hyperdrive
  • HTTP security headers enabled

5. Data Retention

We retain your data as follows:

  • Account data: Retained while your account is active and for a reasonable period after deletion for legal compliance
  • Audit logs: Retained for 12 months for security and compliance purposes
  • Encrypted credentials: Deleted immediately upon disconnecting a brokerage account
  • Payment records: Retained as required by tax and financial regulations
  • AI query data (Connect Plus): Not persistently stored; processed in real-time and discarded after response generation
  • Market data cache: Temporary caching for performance; automatically purged

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

6.1 Access and Portability

  • View your personal data through the Wealthfolio app
  • Request a copy of your data in a portable format
  • Access your activity history and audit logs

6.2 Correction

  • Update your profile information at any time
  • Modify your preferences and settings

6.3 Deletion

  • Delete your account and all associated data
  • Account deletion cascades to all related data (teams, connections, audit logs)
  • We also delete your data from third-party integrations (SnapTrade user deletion)

6.4 Objection and Restriction

  • Object to processing of your data for certain purposes
  • Request restriction of processing in certain circumstances

To exercise these rights, please contact us at the email provided below.

7. Cookies and Tracking

Our Service uses minimal cookies and tracking:

  • Essential cookies: For authentication session management
  • No advertising cookies: We do not use third-party advertising trackers
  • No cross-site tracking: We do not track your activity across other websites

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and Canada, where our service providers are located. We ensure appropriate safeguards are in place for such transfers.

9. Children’s Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the “Last Updated” date
  • Sending an email notification for material changes

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: contact@wealthfolio.app

12. Jurisdiction-Specific Disclosures

12.1 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to say no to the sale of personal information (we do not sell data)
  • Right to equal service and price

12.2 European Economic Area Residents (GDPR)

If you are in the EEA, our legal bases for processing your data include:

  • Contract: To provide you with our Service
  • Consent: Where you have given explicit consent
  • Legitimate interests: For security, fraud prevention, and service improvement

You have the right to lodge a complaint with your local data protection authority.