Legal

Privacy Policy

Effective: April 20, 2026

At NSTACK AI Inc., doing business as Wealthstack AI ("Wealthstack," "we," "us," or "our"), we are committed to protecting the privacy and security of the information entrusted to us. This Privacy Policy describes how we collect, use, share, and protect personal information when you use the Wealthstack platform, website, and related services (collectively, the "Services").

We recognize that as a platform serving wealth management professionals, we handle sensitive financial data that demands the highest standards of care. This policy is designed to be transparent about our practices and to comply with applicable privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), the General Data Protection Regulation (GDPR), and SEC Regulation S-P.

1. Scope of This Policy

This Privacy Policy applies to all personal information collected through the Services, including our website at wealthstack.ai, our platform applications, APIs, and any related communications. This policy does not apply to third-party websites, services, or applications that may be linked from our Services, each of which is governed by its own privacy policy.

When we process data on behalf of our clients (for example, end-client financial data submitted by a wealth management firm), we act as a data processor. Our handling of such data is governed by the applicable service agreement with that client.

2. Information We Collect

2.1 Information You Provide

CategoryExamples
Account InformationName, email address, phone number, company name, job title, account credentials
Financial DataPortfolio data, custodial account information, CRM records, client lists, transaction histories, and other data submitted through integrations
CommunicationsSupport requests, feedback, survey responses, and correspondence with our team
Billing InformationPayment card details, billing address, and transaction records (processed by our PCI-compliant payment processor)

2.2 Information Collected Automatically

CategoryExamples
Device and Browser DataIP address, browser type and version, operating system, device identifiers, screen resolution
Usage DataPages visited, features used, click patterns, time spent on pages, search queries within the platform
Log DataAccess timestamps, referring URLs, error logs, and API call records

2.3 Information from Third Parties

We may receive information from third-party integrations that you authorize, including custodial platforms, CRM systems, market data providers, and compliance tools. We process this data solely in accordance with the permissions you grant and the terms of our service agreement.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Services, including generating AI-powered insights, analytics, and reports
  • Authenticate your identity and manage your account
  • Process transactions and send related information, including confirmations and invoices
  • Respond to your requests, comments, and questions and provide customer support
  • Monitor and analyze usage patterns to improve the Services, develop new features, and enhance user experience
  • Detect, prevent, and address fraud, security incidents, and technical issues
  • Comply with legal obligations, including regulatory reporting and audit requirements
  • Send you technical notices, updates, security alerts, and administrative communications

4. AI and Automated Processing

Our Services employ artificial intelligence and machine learning to analyze financial data and generate actionable insights. We want to be transparent about how this works:

4.1 How AI Processes Your Data

When you use the Services, your data may be processed by AI models to generate portfolio analytics, compliance summaries, client communication drafts, and other outputs. This processing occurs within our secure infrastructure and is subject to the same security controls as all other data processing.

4.2 Training and Model Improvement

We do not use your Client Data to train general-purpose AI models. We may use aggregated, de-identified usage patterns to improve the accuracy and performance of our domain-specific models. You may opt out of this usage by contacting us at [email protected].

4.3 Human Oversight

All AI-generated outputs are designed to be reviewed by qualified professionals before action is taken. We maintain human oversight of our AI systems and regularly audit their performance for accuracy, bias, and reliability.

5. Information Sharing and Disclosure

We do not sell your personal information. We share information only in the following limited circumstances:

RecipientPurpose
Service ProvidersCloud infrastructure, payment processing, analytics, and customer support providers who process data on our behalf under strict contractual obligations
Legal ComplianceWhen required by law, regulation, subpoena, court order, or governmental request
Safety and SecurityTo protect the rights, property, or safety of Wealthstack, our users, or the public
Business TransfersIn connection with a merger, acquisition, or sale of assets, with notice provided to affected users

All third-party service providers are contractually required to maintain the confidentiality and security of your information and are prohibited from using it for any purpose other than providing services to us.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls with the principle of least privilege
  • Regular security assessments, penetration testing, and vulnerability scanning
  • Audit logging of all access to sensitive data
  • Incident response procedures with defined notification timelines
  • Employee security training and background checks for personnel with data access

While we take extensive measures to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents in accordance with applicable law.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. After account termination, we retain data for a period necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account information is retained for 90 days after termination to allow for data export
  • Financial records are retained for the period required by applicable regulations (typically 5 to 7 years)
  • Usage logs are retained for up to 24 months for security and analytics purposes
  • Aggregated, de-identified data may be retained indefinitely

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request that we limit the processing of your information in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdrawal of Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond to verified requests within the timeframes required by applicable law (typically 30 to 45 days).

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions
  • Right to Opt Out: You may opt out of the "sale" or "sharing" of your personal information. We do not sell personal information. We do not share personal information for cross-context behavioral advertising
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Correct: You may request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information: You may limit the use and disclosure of sensitive personal information to purposes necessary to provide the Services

To submit a request, contact us at [email protected] or call us at the number listed in the Contact section. We may verify your identity before processing your request.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, the following additional provisions apply:

Legal Bases for Processing. We process your personal data based on one or more of the following legal bases: (a) your consent; (b) the performance of a contract with you; (c) our legitimate business interests, such as improving the Services and ensuring security; or (d) compliance with a legal obligation.

Data Protection Officer. You may contact our data protection team at [email protected].

Supervisory Authority. You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully.

11. Financial Data Privacy

As a platform that processes financial data, we adhere to the principles of SEC Regulation S-P and the Gramm-Leach-Bliley Act (GLBA) where applicable. Specifically:

  • We maintain administrative, technical, and physical safeguards to protect nonpublic personal information
  • We limit access to nonpublic personal information to authorized personnel who need it to perform their duties
  • We do not disclose nonpublic personal information to nonaffiliated third parties except as permitted by law
  • We maintain an incident response plan that includes notification procedures consistent with SEC requirements

Our clients who are registered investment advisors or broker-dealers remain responsible for their own Regulation S-P compliance obligations. We provide tools and documentation to support your compliance efforts.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Services, remember your preferences, and analyze usage patterns. The types of cookies we use include:

TypePurpose
EssentialRequired for authentication, security, and core functionality
AnalyticsHelp us understand how the Services are used and identify areas for improvement
PreferencesRemember your settings, such as theme preference and language

We do not use advertising or cross-site tracking cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Services.

13. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

14. International Data Transfers

Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. When we transfer data outside your jurisdiction, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure your data receives an adequate level of protection.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website and update the "Effective" date. For material changes, we will provide notice through the Services or via email at least 30 days before the changes take effect.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

NSTACK AI Inc.

Privacy inquiries: [email protected]

Data protection: [email protected]

Website: wealthstack.ai

This Privacy Policy was last updated on April 20, 2026. Prior versions are available upon request.