Wealthos

    Privacy Policy

    Last updated: March 15, 2026

    1. Introduction

    Welcome to Wealthos. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how Wealthos ("we", "us", or "our") collects, uses, stores, and protects your information when you use our wealth tracking and financial planning service ("Service").

    This policy applies to all users of the Wealthos platform, including our website and related services. By using our Service, you agree to the collection and use of information in accordance with this policy.

    2. Data Controller

    The data controller responsible for your personal data is:

    Wealthos

    Email: support@wealthos.xyz

    3. Information We Collect

    3.1 Account Information

    When you create an account, we collect:

    • Email address
    • Name (if provided)
    • Password (stored in encrypted form)
    • Profile preferences

    3.2 Financial Data

    To provide our wealth tracking service, we collect:

    • Bank account balances (via Open Banking connections)
    • Account names and types
    • Currency information
    • Manually entered account balances (if you choose not to connect banks)
    • Financial goals you create
    • Simulation parameters and scenarios

    Important: When you connect your bank accounts via Open Banking, we never have access to your bank login credentials. Authentication happens directly with your bank. We only receive read-only access to account balance information.

    3.3 AI Assistant Conversations

    Our AI assistant is powered by third-party large language model (LLM) providers, including but not limited to Mistral AI and Anthropic. When you use the AI assistant:

    • Your conversation messages (inputs) are sent to third-party AI servers to generate responses
    • We store your conversation history on our servers to provide context-aware responses and improve your experience
    • Third-party AI providers may process your inputs and outputs according to their respective privacy policies

    Important: We use commercial API services from our AI providers, which means your conversation data is not used to train their AI models. For more details about how each provider handles data, please refer to their respective privacy policies: Mistral AI, Anthropic.

    3.4 Usage Data

    We automatically collect certain information when you use our Service using PostHog, a privacy-focused analytics platform. This includes:

    • Device type and browser information
    • IP address
    • Pages visited and features used
    • Date and time of access

    Our analytics implementation is cookieless — we do not use cookies or persistent browser storage for analytics purposes. Usage data is collected using in-memory identifiers that do not persist across sessions.

    3.5 Payment Information

    Payment processing is handled by Stripe. We do not store your credit card details. Please refer to Stripe's Privacy Policy for information on how they handle your payment data.

    4. How We Use Your Information

    We use your personal data for the following purposes:

    • Provide the Service: Display your total wealth, track account balances, and calculate financial projections
    • Account Management: Create and maintain your user account
    • AI Assistant: Provide personalized financial insights and assistance
    • Communication: Send important service updates and respond to your inquiries
    • Subscription Management: Process payments and manage your subscription
    • Service Improvement: Analyze usage patterns to improve our features
    • Security: Protect against unauthorized access and fraud

    5. Legal Basis for Processing (GDPR)

    Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

    • Contract Performance: Processing necessary to provide you with the Wealthos service you subscribed to
    • Consent: When you explicitly agree to certain data processing, such as connecting bank accounts via Open Banking
    • Legitimate Interests: For service improvement, security, and fraud prevention, where these interests don't override your rights
    • Legal Obligation: When required to comply with applicable laws

    6. Data Sharing

    We do not sell your personal data. We share your data only with the following categories of recipients:

    6.1 Service Providers

    • Open Banking Provider (GoCardless): Our Open Banking provider that facilitates secure connections to European banks. They are regulated and compliant with PSD2.
    • AI Providers (Mistral AI, Anthropic): Third-party AI service providers that power the AI assistant feature. These providers process your conversation data to generate AI responses. See Mistral AI's Privacy Policy and Anthropic's Privacy Policy.
    • Stripe: Our payment processor for subscription management
    • Supabase: Our infrastructure provider for secure data storage (EU-based)
    • PostHog: Our analytics provider for understanding usage patterns and improving the Service. PostHog processes usage data (pages visited, device type, browser) in the EU. We use cookieless, privacy-focused tracking with no persistent identifiers. See PostHog's Privacy Policy.

    6.2 Legal Requirements

    We may disclose your data if required by law, court order, or governmental authority, or when necessary to protect our rights or the safety of our users.

    7. Data Storage and Security

    7.1 Data Location

    Your data is stored on secure servers located within the European Union. We do not transfer your personal data outside the EU/EEA without appropriate safeguards.

    7.2 Security Measures

    We implement industry-standard security measures to protect your data:

    • Encryption of data in transit (TLS/SSL)
    • Encryption of sensitive data at rest
    • Secure authentication mechanisms
    • Regular security audits and monitoring
    • Access controls and employee training

    7.3 Bank Connection Security

    Bank connections are established through PSD2-compliant Open Banking APIs. Your bank credentials are never shared with or stored by Wealthos. We only receive read-only access to balance information. You can revoke access at any time through Wealthos or directly through your bank.

    8. Data Retention

    We retain your personal data only for as long as necessary to provide you with the Service and fulfill the purposes described in this policy.

    • Active Account: Data is retained while your account is active
    • Account Deletion: When you delete your account, all your personal data is permanently deleted immediately
    • Bank Connections: You can disconnect bank accounts at any time, which immediately removes the connection and associated data

    8.1 Your Right to Delete Your Account

    You have the right to delete your account and all associated data at any time. You can do this directly through the Service by navigating to your account settings and selecting the option to delete your account.

    When you delete your account:

    • All your personal data, including account information, financial data, goals, and AI conversation history, will be permanently and irreversibly deleted
    • All bank connections will be revoked and associated data removed
    • Your subscription will be cancelled (no refunds for unused portions unless required by applicable law)
    • This action cannot be undone and your data cannot be recovered

    Alternatively, you may request account deletion by contacting us at support@wealthos.xyz.

    9. Your Rights Under GDPR

    As a data subject in the EU, you have the following rights:

    • Right of Access: Request a copy of your personal data we hold
    • Right to Rectification: Request correction of inaccurate data
    • Right to Erasure: Request deletion of your data ("right to be forgotten") — you can exercise this right directly by deleting your account through your account settings, which will permanently remove all your data
    • Right to Restrict Processing: Request limitation of how we use your data
    • Right to Data Portability: Receive your data in a structured, machine-readable format
    • Right to Object: Object to processing based on legitimate interests
    • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

    To exercise any of these rights, please contact us at support@wealthos.xyz. We will respond to your request within 7 days.

    You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local data protection authority.

    10. Cookies

    We use cookies and similar technologies to:

    • Essential Cookies: Required for authentication and security (cannot be disabled)
    • Preference Cookies: Remember your settings and preferences

    We do not use cookies for advertising or tracking purposes.

    11. Children's Privacy

    Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we may also send you an email notification. We encourage you to review this policy periodically.

    13. Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us:

    Wealthos

    Email: support@wealthos.xyz