Privacy Statement

We may collect personal information from the following groups: visitors to, and users of, our software and web platform; our customers; current members of our workforce and those who apply for posted jobs; and third-party vendors and business partners.

Personal information generally means information that can be used to identify you or that can be easily linked to you (for example, your name, address, telephone number, email address, social security number and date of birth). Where applicable laws such as the California Consumer Privacy Act (“CCPA”) or the European General Data Protection Regulation (“GDPR”) apply, our use of the phrase “personal information” includes the unique elements required by such laws.

There are two types of information we obtain from you and store: (i) non-personal information collected automatically from each visitor, such as your device operating system; and (ii) personal information that you voluntarily provide to us or that is collected automatically.

By using HerWealth, you are signifying that you agree with this section of our privacy statement and that we may use and disclose your information as described.

Registering for an Account – When you register for an account, you submit personal information such as your name and email address which we then retain. We use that information to create and manage your account and, in some cases, establish a password and profile to communicate with you via email.

Becoming a Subscriber – We use any information provided from our customers to perform our contractual obligations and provide the products and services purchased to them, and to manage their accounts and communicate with them.

To deliver HerWealth’s features and services, we integrate with the following third-party software providers. By using HerWealth, you acknowledge that certain data may be transmitted to or processed by these providers as necessary to operate the platform:

Plaid – We use Plaid to enable secure connection to your financial accounts. When you link a bank account or financial institution, your credentials and transaction data are transmitted directly to and processed by Plaid. Plaid’s use of your information is governed by Plaid’s Privacy Policy at https://plaid.com/legal/. We do not store your bank login credentials.

Supabase – We use Supabase as our backend database and authentication infrastructure. Your account data, financial data, and usage data are stored and managed on Supabase’s secure servers. Supabase’s privacy practices are available at https://supabase.com/privacy.

OpenAI – We use OpenAI’s API to power certain AI-driven features within the platform, such as financial insights, analysis, and recommendations. Data submitted to these features may be processed by OpenAI. OpenAI’s privacy policy is available at https://openai.com/privacy. We do not use OpenAI’s services to train their models on your personal data.

Resend – We use Resend for transactional email delivery, including account notifications, alerts, and service communications. Your email address and the content of such communications are processed by Resend. Resend’s privacy practices are available at https://resend.com/legal/privacy-policy.

QuickChart.io – We use QuickChart.io to generate data visualizations and charts displayed within the platform. Chart data, which may include aggregated financial figures, is transmitted to QuickChart.io for rendering. QuickChart.io’s privacy practices are available at https://quickchart.io/privacy.

Vercel – Our platform is hosted and deployed via Vercel. Vercel processes certain technical data, including IP addresses and request logs, as part of serving the platform. Vercel’s privacy policy is available at https://vercel.com/legal/privacy-policy.

Twelve Data – We use Twelve Data to provide real-time and historical financial market data, such as stock prices and market indicators, within the platform. Certain usage data may be transmitted to Twelve Data as part of these API calls. Twelve Data’s privacy practices are available at https://twelvedata.com/privacy.

Anthropic – We use Anthropic’s API to power certain AI-driven features within the platform, such as personalized financial guidance and intelligent insights. Data submitted to these features may be processed by Anthropic. Anthropic’s privacy policy is available at https://www.anthropic.com/privacy. We do not use Anthropic’s services to train their models on your personal data.

We take reasonable steps to ensure that our third-party providers maintain appropriate security and privacy standards. However, HerWealth is not responsible for the privacy practices of these third parties, and we encourage you to review their privacy policies directly.

HerWealth may use the information we collect from and about you for a variety of business purposes, including to provide the services, improve user experience, and develop the platform. We are committed to protecting and maintaining the privacy of your information. Therefore, we will process your data only in accordance with applicable data protection law and this Privacy Statement.

We will have a lawful basis for processing your data if:

• we need to process your information in order to provide you with the products or services you have requested or to enter into a contract;
• you have consented to such processing;
• we have a legitimate interest for processing your data – e.g., for fraud prevention; direct marketing; network and information systems security; data analytics; enhancing or improving our services; identifying usage trends; and/or
• we are legally obliged to process it.

We may use any and all information that we collect from you for the following purposes:

• To provide the requested Services to you.
• To manage your account.
• To personalize your experience and better respond to your individual needs.
• To improve our platform based on the information and feedback we receive from you.
• To diagnose problems with our servers or our Services.
• To improve customer service and respond to your support needs.
• To process transactions, such as purchases and subscriptions.
• To use and disclose your credit, debit or payment card or other financial information only to process payments and prevent fraud.
• To develop new products or services and to enhance current products and services.
• To send periodic emails about Services updates, orders, and/or subscriptions.
• To protect the security or integrity of our Services and our business, including protecting against and preventing fraud, unauthorized transactions, claims, and other liabilities.
• To send you marketing and promotional emails (where you have consented or where permitted by applicable law).

We use voluntarily provided personal information to respond to your inquiries and provide you with the services you have requested. We do not sell or rent your personal information to third-party data vendors or marketing companies. As you might expect, we disclose your information when required by law, and to the third-party software providers identified in the “Third-Party Software Integrations and Data Sharing” section above.

Affiliates. We may share your information within our family of companies. Those companies will use such information in generally the same manner as we do under this privacy statement.

Legally Compelled Disclosures. We may disclose your information, including personal information, to government authorities, and to other third parties when compelled to do so by such government authorities, or at our discretion as required or permitted by law, including but not limited to responding to court orders and subpoenas.

To Prevent Harm. We may disclose your information when we have reason to believe that someone is causing injury to or interference with our rights or property, or other users of the platform.

Business Transfer. If we or any of our affiliates are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation, or liquidation, personal information may be one of the transferred assets.

Vendors and Business Partners. We may share your information, including personal information, with our vendors and other third parties with whom we have a contractual relationship. We do our best to disclose only the information each of those parties need.

You may have to provide personal information to enjoy most of the features of our platform. You can opt out of certain activities like newsletters and announcements. Residents of California and EU data subjects have certain additional rights described below.

If you consented to receive direct marketing from HerWealth, we provide you with the opportunity to opt out of our marketing communications or change your preferences by following a link in the footer of all non-transactional email messages from us or by emailing us at tech@herwealth.io. Some communications from us are considered transactional or service communications (for example, account notifications and billing information). To ensure you have accurate information about your account and purchases, you do not have the option to unsubscribe from these messages.

Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. Currently, we do not specifically respond to browser “do not track” signals.

We will take all reasonable security precautions to protect your personal information. We have adopted a security program that includes technical, organizational, administrative, and other security measures designed to protect, in a manner consistent with accepted industry standards and applicable law, against anticipated or actual threats to the security of personal information (the “Security Program”). We cannot, however, guarantee that your information, whether during transmission or while stored on our systems, will be free from unauthorized access or that loss, misuse, destruction, or alteration will not occur.

Nonetheless, as part of our Security Program, we have specific incident response and management procedures that are activated whenever we become aware that your personal information was likely to have been compromised.

When we collect personal information from California residents, we become subject to, and those residents have rights under, the California Consumer Privacy Act or “CCPA”. For purposes of this section, the words “you” and “your” mean only such California residents.

To exercise your rights under California law, contact us at tech@herwealth.io. The CCPA only allows us to act on your request if we can verify your identity or your authority to make the request, so you will also need to follow our instructions for identity verification.

We do collect or otherwise obtain personal information from data subjects located in the GDPR Jurisdictions. We fulfill our GDPR obligations with respect to our customers (and their own end-clients), and our vendors and business partners through a series of separate notices, contracts or other terms provided to them at the time, and in the manner and form, GDPR and local law within each GDPR Jurisdiction requires.

The lawful basis on which we rely for such collection, later use and disclosure, is what the GDPR refers to as legitimate interest. We do not sell any of your personal information to third parties nor do we use it for automated decision making.

Cross-border Data Transfers and Third-Party Processors. If we transfer personal information from the GDPR Jurisdictions to a location that has not been deemed by the European Commission to have adequate privacy protections, we do so in the manner the GDPR permits.

Rights of Data Subjects in the GDPR Jurisdictions. Under the GDPR we have a legal obligation to allow you a degree of control over your personal information. With respect to personal information collected from you while you were in a GDPR Jurisdiction, you have these rights: transparency, access, correction and deletion, portability, and restriction/objection. If you would like to exercise any of these rights, please contact tech@herwealth.io.

We, certain service providers operating on our behalf, and third parties may collect information about your activity on our platform using tracking technologies such as cookies, pixels, tags, software development kits, application program interfaces, and web beacons. We may collect information whether or not you are logged in or registered, and may associate this tracking data with your registration account (if you have one).

You or your authorized agent may choose to enable online, where available, a universal tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). We will process the GPC signal as a request to opt out.