InsuraWealth, Inc. ("InsuraWealth," "we," "us," or "our") operates Folio, an AI-powered financial workspace that connects you with your financial advisor. This Privacy Policy describes how we collect, use, store, and protect your information when you use the Folio platform, including our website, applications, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and profile information provided through your sign-in method (such as Google OAuth or email-based authentication).

1.2 Financial Data

Through the Service, you and your advisor may input or upload financial data, including but not limited to: investment portfolios, account balances, financial plans, risk assessments, tax documents, estate planning documents, insurance policies, and retirement projections. If you link financial accounts through Plaid, we receive account balances, transaction histories, and holdings information with your explicit consent.

1.3 Documents and Files

We collect and store documents uploaded to the Service, including financial statements, personal documents, and any other files you or your advisor upload to your shared workspace.

1.4 Communications

We collect the content of messages, notes, and communications exchanged through the Service between you and your advisor, including interactions with AI-powered features.

1.5 Usage and Technical Data

We automatically collect information about how you interact with the Service, including IP addresses, browser type, device information, pages visited, features used, timestamps, and referring URLs.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service, including your financial workspace and collaboration tools with your advisor.
• Process and analyze your financial data using AI to generate insights, summaries, and information for you and your advisor to review.
• Facilitate communications between you and your advisor.
• Authenticate your identity and protect account security.
• Send service-related notifications and updates.
• Maintain records as required by applicable law, including regulatory requirements applicable to your advisor's practice.
• Detect, investigate, and prevent fraudulent, unauthorized, or illegal activity.
• Comply with legal obligations.

3. AI and Data Processing

Folio uses artificial intelligence to help you and your advisor manage and understand your financial information. This section explains how AI works within the Service.

3.1 How AI Is Used

When you or your advisor use AI-powered features, your data is processed by AI models provided by third-party services, including Anthropic (Claude) and OpenAI. These models help analyze financial documents, generate summaries, answer questions about your financial data, and produce insights to support your financial planning.

3.2 Model Routing

Folio may route requests to different AI models depending on the type of task being performed. This routing is automatic and designed to provide you with the best possible experience.

3.3 AI Data Protections

Data sent to AI model providers is transmitted via encrypted connections and is processed in accordance with our data processing agreements with those providers. We use API-based access to AI models, which means your data is not used to train or improve third-party AI models.

3.4 Important Disclosure

AI-generated content within Folio is provided for informational purposes only and does not constitute investment advice, tax advice, legal advice, or any other form of professional advice. Always consult with your financial advisor before making any financial decisions. AI outputs may contain errors, omissions, or inaccuracies.

4. Data Storage and Security

4.1 Infrastructure

The Service is hosted on industry-standard cloud infrastructure, including Railway (application hosting), Vercel (frontend delivery), and Cloudflare R2 (document and file storage). All infrastructure providers maintain SOC 2 compliance and employ enterprise-grade security measures.

4.2 Encryption

All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption. Database connections are encrypted and access is restricted to authorized services only.

4.3 Access Controls

Your data is only accessible to you and the advisor(s) who manage your account. We implement role-based access controls to ensure that your financial information remains private and is only shared within your advisory relationship.

4.4 Security Practices

We maintain security practices including regular security assessments, vulnerability monitoring, secure coding practices, and incident response procedures. While we take reasonable measures to protect your data, no method of electronic transmission or storage is completely secure.

5. Compliance and Recordkeeping

Your advisor is required by law to maintain certain records related to your advisory relationship. The following recordkeeping practices apply:

5.1 Regulatory Retention

In accordance with SEC and FINRA regulations, certain records — including communications between you and your advisor, financial analyses, and recommendations — are retained for a minimum of seven (7) years. This retention period applies regardless of account deletion requests and is required by law.

5.2 Audit Logs

The Service maintains records of material activities to support your advisor's regulatory compliance obligations. These records are retained in accordance with applicable regulatory requirements.

6. Third-Party Services

The Service integrates with the following third-party services, each governed by their own privacy policies:

• Google OAuth — Authentication and sign-in. Google receives your authentication request and provides identity verification.
• Plaid — Financial account linking. When you choose to connect your financial accounts, Plaid accesses your account information with your explicit consent.
• Stripe — Payment processing. Stripe processes payment information directly; we do not store your full payment card details.
• Anthropic (Claude) and OpenAI — AI model providers for financial analysis, document processing, and natural language interactions.

7. Data Sharing

We do not sell, rent, or trade your personal information or financial data to third parties for their marketing purposes. We share your information only in the following circumstances:

• Service Providers: We share data with the third-party service providers described in Section 6, solely to the extent necessary to provide the Service.
• Your Advisor: Your financial data, documents, and communications are shared with the advisor(s) who manage your account. This is fundamental to the advisory relationship facilitated by the Service.
• Legal Requirements: We may disclose information when required by law, subpoena, regulatory examination, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections described in this policy.

8. Your Rights

Subject to applicable law and regulatory retention requirements, you have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete personal information.
• Deletion: You may request deletion of your personal information. Please note that certain data must be retained for regulatory compliance purposes (see Section 5) and cannot be deleted upon request.
• Data Portability: You may request an export of your data in a structured, commonly used format.
• Objection: You may object to certain types of processing where we rely on legitimate interests as the legal basis.

To exercise any of these rights, please contact us at support@insurawealth.com. We will respond to your request within 30 days.

9. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR). We process your data based on the following legal bases: performance of a contract (providing the Service), compliance with legal obligations (regulatory recordkeeping), legitimate interests (improving and securing the Service), and consent (where specifically requested).

You have the right to lodge a complaint with your local data protection authority if you believe your data has been processed in violation of applicable law. Our data protection contact can be reached at support@insurawealth.com.

10. CCPA Compliance (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights regarding your personal information. You have the right to know what personal information we collect, the purposes for which it is used, and whether it is sold or disclosed. You have the right to request deletion of your personal information, subject to regulatory retention requirements. You have the right to opt out of the sale of your personal information — however, we do not sell personal information. We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at support@insurawealth.com.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

13. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: