Privacy terms written for diligence, not filler.

We collect information submitted through the onboarding product, business contact information for advisors and buyers, operational events needed to secure the product, and limited device or request data used to prevent abuse and troubleshoot issues.

Sensitive onboarding fields may include identity, contact, financial profile, suitability inputs, and limited compliance-review data. Demo flows are designed to avoid full SSNs and raw document uploads.

We use information to provide the onboarding service, provision advisor workspaces, support compliance review workflows, secure accounts and sessions, respond to support requests, and meet legal or contractual obligations.

We also use limited lifecycle and audit data to understand product usage, investigate incidents, and maintain records required for operations and customer oversight.

The product is designed to avoid retaining more sensitive information than is operationally necessary. Sensitive fields such as SSN last four and date of birth are encrypted for storage when collected, and the system stores a minimized submission snapshot instead of duplicating the full raw intake payload.

Where a downstream identity or compliance provider is configured, the workflow is intended to hand off document review to that provider rather than accepting raw file URLs inside the onboarding form.

We share information only with service providers and subprocessors needed to operate the service, such as hosting, database, email, CRM, and identity or compliance-review integrations that the customer enables.

We may also disclose information when required by law, regulation, court order, or to protect the security and integrity of the service, our customers, or affected individuals.

We use HTTPS in transit, encrypted storage for selected sensitive fields, scoped portal sessions, audit logging, and review-state controls to reduce unnecessary access to customer information.

No internet-connected system is perfectly secure. Formal compliance with a customer’s regulatory obligations also depends on contracts, policies, training, incident response, vendor oversight, and legal review outside the codebase itself.

We retain information for as long as needed to provide the service, satisfy customer instructions, support security and audit needs, and comply with legal, regulatory, and contractual obligations.

When retention is no longer required, we aim to delete or de-identify data using our normal operational processes, subject to backup, legal hold, and recordkeeping constraints.

Requests to access, correct, export, or delete information should be sent to the customer organization that collected the information first. If you need to contact us directly, use the addresses below and include enough detail for us to route the request.