Privacy Policy

Privacy Policy

Version 1.1 — Effective February 24, 2026

What Data We Collect

When you use Point1, we collect the following information:

  • ·Account information: name, email, age, state, filing status
  • ·Financial data: portfolio holdings, account balances, income streams, expenses, goals, budgets
  • ·Transaction history: buy/sell records, dividends, contributions
  • ·Conversations: messages exchanged with Alex and specialist agents
  • ·Usage data: pages viewed, features used, session duration, interaction patterns
  • ·Device information: browser type, operating system (for service optimization)

How We Use Your Data

Your data is used exclusively to provide personalized financial insights through our AI-powered virtual family office. Specifically:

  • ·Generate your daily briefing and financial analysis
  • ·Power conversations with Alex (CFO) and specialist agents
  • ·Calculate your Financial Health Score, activation metrics, and goal progress
  • ·Deliver alerts and recommendations tailored to your situation
  • ·Improve our service through anonymized, aggregated usage analytics

AI Processing

Your financial data is processed by Claude, an AI model built by Anthropic, to generate personalized insights. Important details:

  • ·Your data is sent to Anthropic's API for real-time analysis when you interact with the app
  • ·Your data is NOT used to train AI models — Anthropic does not use API inputs for model training
  • ·We use context compression to minimize the data sent in each request
  • ·Conversations are stored to maintain continuity with your agents

Who Can See Your Data

Your financial data is visible only to you and Point1 administrators. Admin access is:

  • ·Limited to essential operations (support, debugging, compliance)
  • ·Logged and audited — every admin view of your financial data is recorded
  • ·Gated — admins must explicitly confirm before viewing your financial information

Aggregate Data

We may compute anonymous, aggregated patterns across users (e.g., average savings rates by age group, common portfolio allocations). These insights:

  • ·Never identify individual users
  • ·Require a minimum cohort size of 50 users before computation
  • ·Can be opted out of in Settings → Account → Privacy

Third-Party Services

We use the following services to operate Point1. Each service processes only the minimum data necessary for its function:

  • ·Anthropic (Claude AI) — Your financial data (holdings, accounts, income, goals) is sent to Anthropic's API when you interact with agents. Anthropic does not use API inputs for model training per their commercial data policy. We use context compression to send pre-computed summaries rather than raw data when possible.
  • ·Supabase — Stores your account profile, financial data, conversations, and usage analytics. Data is encrypted at rest and in transit. Row-level security ensures users can only access their own data.
  • ·Stripe — Processes subscription payments. Stores payment method details (card last 4, expiration). Point1 never sees your full card number. Stripe is PCI DSS Level 1 compliant.
  • ·Tiingo — Receives stock ticker symbols to return market prices. No personal financial data is sent.
  • ·ElevenLabs — Receives text of Alex's responses for voice synthesis. No personal financial data is included in voice requests.
  • ·OpenAI — Receives text chunks from our knowledge base for embedding generation. No personal user data is sent to OpenAI.
  • ·FRED / SEC EDGAR — Public government APIs. No user data is sent.
  • ·Plaid (future) — If bank account linking is enabled, Plaid securely processes your bank credentials. Point1 receives read-only transaction and balance data. You can revoke Plaid access at any time from Settings.

Data Retention & Deletion

You may request full deletion of your data at any time via Settings → Account. When you delete your data:

  • ·All personal information, financial data, conversations, and analytics are permanently removed
  • ·Deletion is irreversible
  • ·We retain only anonymized aggregate statistics computed before deletion
  • ·Admin audit logs referencing your account are retained for compliance (but contain no financial data)

Data Export

You can export all your data at any time via Settings → Account. The export includes your profile, accounts, holdings, transactions, goals, budgets, conversations, and event history in machine-readable JSON format.

Your Rights (CCPA / GDPR)

If you are a California resident or EU citizen, you have the right to:

  • ·Know what personal information we collect and how it is used
  • ·Request a copy of your data (data portability)
  • ·Request deletion of your personal information
  • ·Opt out of the sale of your personal information (we do not sell your data)
  • ·Non-discrimination for exercising your privacy rights

For EU residents under GDPR, you additionally have the right to rectification, restriction of processing, and to lodge a complaint with your supervisory authority.

Contact

For privacy questions or requests, email privacy@thepoint1.com.