Privacy Policy

1. Introduction

EQUO ("we," "our," or "us") is committed to protecting your privacy and safeguarding your sensitive financial information. This Privacy Policy explains how we collect, use, process, share, and protect your personal and financial data when you use our AI-powered financial technology platform. Given the sensitive nature of financial information, we employ bank-level security measures and strict data handling protocols.

2. Information We Collect

2.1 Personal Information

• Name, email address, phone number, and contact information
• Account credentials and multi-factor authentication data
• Profile preferences, financial goals, and risk tolerance settings
• Communication history with our support team and AI system
• Identity verification information for compliance purposes
• Date of birth and Social Security Number (when required for financial services)

2.2 Financial Information (Highly Sensitive)

• Bank Account Data: Account numbers, balances, transaction history, routing numbers
• Investment Portfolio Information: Holdings, performance data, allocation details, trading history
• Credit Information: Credit card balances, payment history, credit limits, loan details
• Income and Employment Data: Salary information, employment history, tax documents
• Spending Patterns: Transaction categorization, merchant information, spending habits
• Financial Goals and Preferences: Risk tolerance, investment objectives, financial priorities
• Net Worth Calculations: Asset and liability summaries

2.3 AI and Behavioral Data

• AI Interaction Data: Questions asked, responses provided, conversation history
• Personalization Memory: Learned preferences, past decisions, behavioral patterns
• Financial Decision History: Accepted/rejected recommendations, feedback provided
• User Behavior Analytics: App usage patterns, feature utilization, engagement metrics
• Automated Analysis Results: AI-generated insights, optimization suggestions, risk assessments

2.4 Technical Information

• Device information, browser type, operating system
• IP address and approximate location data
• Session information and authentication tokens
• Security logs and access records
• Cookies and similar tracking technologies
• Error logs and performance data

3. How We Collect Your Information

3.1 Direct Collection

• Information you provide during account registration and setup
• Data entered through our application interface
• Communications with customer support
• Feedback and survey responses
• Manual input of financial goals and preferences

3.2 Automated Collection via Third-Party Integrations

• Plaid Technology: Secure connection to bank and credit card accounts
• Investment Platforms: Portfolio data from connected brokerage accounts
• Payment Processors: Transaction data from Stripe and other payment providers
• Financial News APIs: Market data and news for investment insights

3.3 AI and Machine Learning Collection

• Behavioral pattern analysis from app usage
• Financial decision preferences learned over time
• Conversation context and memory for personalization
• Automated categorization and analysis results

4. How We Use Your Information

4.1 Core Financial Services

• Financial Analysis: Automated assessment of your financial situation and opportunities
• Personalized Recommendations: AI-generated suggestions based on your specific financial profile
• Goal Tracking: Monitor progress toward your financial objectives
• Optimization Identification: Detect opportunities for improved financial outcomes
• Risk Assessment: Evaluate and communicate financial risks
• Educational Content: Provide relevant financial education materials

4.2 AI and Memory Processing

• Personalization Memory: Learn and remember your preferences for improved recommendations
• Behavioral Analysis: Understand patterns to provide more relevant suggestions
• Contextual Conversations: Maintain conversation history for coherent AI interactions
• Preference Learning: Adapt to your financial decision-making patterns over time
• Predictive Insights: Generate forward-looking financial projections and scenarios

4.3 Platform Operations

• Provide customer support and respond to inquiries
• Process payments and manage subscriptions
• Ensure platform security and prevent fraud
• Improve our AI algorithms and service quality
• Comply with legal and regulatory requirements
• Conduct internal research and analytics

5. Third-Party Integrations and Data Sharing

5.1 Plaid Financial Data Integration

• Plaid connects directly to your financial institutions using encrypted connections
• We receive only aggregated account data, never your banking credentials
• Data transmission is encrypted end-to-end
• You can disconnect accounts at any time through your EQUO dashboard
• Plaid's Privacy Policy governs their data handling practices

5.2 AI and Analytics Service Providers

• OpenAI Services: AI analysis and recommendation generation (data anonymized and encrypted)
• Memory Systems (mem0): Personalization and preference learning (encrypted storage)
• Analytics Platforms: Usage analytics and service improvement (anonymized data only)
• Security Services: Fraud detection and security monitoring

5.3 Payment and Financial Service Providers

• Stripe: Payment processing for subscriptions and premium features
• Investment Platforms: Portfolio data from connected brokerage accounts (read-only access)
• Financial Data Providers: Market data and financial news services

5.4 Data Sharing Limitations

6. Information Sharing Circumstances

We may share your information only in the following limited circumstances:

• With your explicit consent: When you specifically authorize information sharing
• Service providers: With trusted partners bound by strict confidentiality agreements
• Legal requirements: When required by law, court order, or to protect legal rights
• Business transfers: In connection with mergers, acquisitions, or asset sales (with notice)
• Security and fraud prevention: To prevent fraud or investigate suspected illegal activity
• Emergency situations: To prevent imminent harm to persons or property
• Regulatory compliance: To comply with financial services regulations and reporting requirements

7. Data Security and Protection Measures

7.1 Technical Security Measures

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Multi-Factor Authentication: Required for account access and sensitive operations
• Zero-Knowledge Architecture: Financial credentials never stored on our servers
• Regular Security Audits: Quarterly penetration testing and vulnerability assessments
• SOC 2 Type II Compliance: Independently verified security controls
• PCI DSS Compliance: For payment card data protection
• AWS Infrastructure: Enterprise-grade cloud security with AWS security services

7.2 Access Controls and Monitoring

• Principle of least privilege access for all systems
• Role-based access controls with regular access reviews
• Continuous monitoring and anomaly detection
• Employee background checks and security training
• Incident response procedures and breach notification protocols
• Regular backup and disaster recovery testing

7.3 Financial Data Specific Protections

• Tokenization of sensitive financial account numbers
• Segregated storage for different types of financial data
• Enhanced logging and audit trails for financial data access
• Regular compliance audits for financial services regulations
• Dedicated security team for financial data protection

8. Data Retention and Deletion

8.1 Retention Periods

We retain your information only as long as necessary for legitimate business purposes and legal compliance:

• Account information: Until account deletion plus 7 years for regulatory compliance
• Financial transaction data: 7 years from last transaction for tax and regulatory compliance
• AI conversation history: 3 years for service improvement, or until user deletion request
• Memory and personalization data: Until user deletion request or account closure
• Usage and analytics data: 2 years for service improvement purposes
• Security logs: 3 years for security monitoring and investigation
• Customer support records: 3 years for service quality and legal protection

8.2 Data Deletion Process

• Secure data deletion using DoD 5220.22-M standards
• Verification of complete data removal from all systems
• Third-party data deletion requests to service providers
• Certificate of data destruction provided upon request

9. Your Privacy Rights and Controls

9.1 Fundamental Privacy Rights

You have comprehensive rights regarding your personal and financial information:

• Access: Request a detailed copy of all your personal and financial data
• Correction: Update or correct any inaccurate information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Portability: Request transfer of your data to another service in a machine-readable format
• Restriction: Limit how we process your information
• Objection: Object to certain types of data processing
• Withdraw Consent: Revoke previously given consent for data processing

9.2 Financial Data Specific Rights

• Account Disconnection: Disconnect any linked financial accounts at any time
• AI Memory Control: View, edit, or delete AI memory and personalization data
• Analysis Opt-Out: Opt out of specific types of financial analysis
• Data Sharing Control: Granular control over third-party data sharing

9.3 How to Exercise Your Rights

To exercise any privacy rights, contact us at:

• Email: privacy@aurary.com
• Subject line: "Privacy Rights Request"
• Include: Your full name, email address, and specific request
• Response time: Within 30 days of verified request

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

• Essential cookies: Required for website functionality and security
• Analytics cookies: To understand usage patterns and improve our service
• Preference cookies: To remember your settings and personalization choices
• Security cookies: To protect against fraud and unauthorized access
• Performance cookies: To monitor and optimize application performance

10.2 Cookie Management

You can control cookie preferences through your browser settings or our cookie preference center. Note that disabling certain cookies may affect website functionality.

11. International Data Transfers and Compliance

11.1 Data Transfer Safeguards

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers:

• European Commission adequacy decisions where applicable
• Standard Contractual Clauses (SCCs) for EU data transfers
• Data Processing Agreements with all international partners
• Regular compliance audits of international data handling

11.2 Regulatory Compliance

• GDPR: Full compliance with European Union data protection regulations
• CCPA: California Consumer Privacy Act compliance
• GLBA: Gramm-Leach-Bliley Act financial privacy provisions
• PCI DSS: Payment Card Industry Data Security Standards
• SOX: Sarbanes-Oxley Act financial data controls

12. AI and Automated Decision Making

12.1 AI Processing Transparency

We use artificial intelligence to analyze your financial data and provide recommendations. You have the right to:

• Understand how AI decisions are made regarding your financial data
• Request human review of AI-generated recommendations
• Opt out of specific types of automated analysis
• Access and modify AI memory and learning data about your preferences

12.2 AI Data Processing Safeguards

• AI systems process anonymized and encrypted financial data
• No AI system has direct access to execute financial transactions
• Human oversight for all AI-generated financial recommendations
• Regular audits of AI decision-making processes for bias and accuracy

13. Data Breach Notification

In the unlikely event of a data security incident affecting your personal or financial information:

• We will notify affected users within 72 hours of discovery
• Notification will include details of the incident and steps taken
• We will provide guidance on protective measures you can take
• We will work with law enforcement and regulatory authorities as required
• We will provide identity monitoring services if personal information is compromised

14. Children's Privacy

EQUO is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will:

• Notify you of material changes via email at least 30 days before they take effect
• Post the updated policy on our website with the effective date
• Highlight significant changes in our notification
• Obtain your consent for material changes that affect how we use your financial data

16. Contact Information and Data Protection Officer

For questions about this Privacy Policy, to exercise your privacy rights, or to contact our Data Protection Officer: