Privacy Policy

1. About This Policy

This Privacy Policy describes how FundVision LLC, a Florida limited liability company (“FundVision,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal information when you use the FundVision website at getfundvision.com and any related applications, products, and services (collectively, the “Service”). This Policy applies to individuals who access or use the Service (“you” or “users”).

By using the Service, you agree to the practices described in this Policy. If you do not agree, do not use the Service.

This Policy is part of the FundVision Terms of Service.

2. Information We Collect

We collect the following categories of personal information:

a. Information you provide directly

• Identifiers: full name, email address, password (stored hashed).
• Profile information: account role, display preferences.
• Family and household information: names and relationships of family members you choose to add, allowance amounts you record. You are responsible for the personal information of any family member you add to the Service.
• Investment information: names, values, asset classes, managers, dates, notes, and other details you enter or import about investments and holdings.
• Communications: messages you send to us, support requests, and feedback.

b. Information from financial institutions (via Plaid)

• Sensitive financial information: account and routing numbers, account balances, transaction history, account names, types, and masks — accessed through Plaid Inc. (“Plaid”). Plaid acts as our service provider to connect your financial accounts to FundVision. We store an encrypted access token and the institution name; transaction data is fetched on demand and is not retained in our database by default.

c. Information collected automatically

• Device and log data: IP address, browser type, operating system, device identifiers, referring URLs, pages viewed, timestamps.
• Cookies and similar technologies: strictly necessary cookies for authentication and security (set by our auth provider, Supabase). We do not currently use advertising, analytics, or cross-context tracking cookies.

d. Information generated by the Service

• AI-generated insights: portfolio summaries, analyses, and chat responses generated by large language models (currently OpenAI's GPT-4o) using the investment information you provide. We send investment-level data (e.g., investment names, values, asset classes) to OpenAI; we do not send your name, email, or other direct identifiers.

We do not knowingly collect personal information from anyone under 18. The Service is intended for adults. See Section 11.

3. Sensitive Personal Information

For California residents, the following categories qualify as Sensitive Personal Information (“SPI”) under the CCPA:

• Financial account information: account numbers and credentials accessed via Plaid.
• Account login credentials: your password and authentication tokens.

We use SPI only for the purposes necessary to provide the Service (account access, portfolio aggregation, security, and the core insights you've asked for). We do not use SPI to infer characteristics about you, and we do not sell or share SPI. Under California law, you may have the right to limit our use of SPI in certain cases; however, our use falls within the “necessary to perform the service requested” exception. See Section 9.

4. How We Use Information

We use personal information to:

• Create and manage your account.
• Connect to your financial institutions through Plaid and aggregate the data you authorize.
• Generate the portfolio summaries, analyses, and chat responses that are core to the Service.
• Process subscription payments and provide billing support.
• Communicate with you about your account, security alerts, product updates, and support requests.
• Maintain the security, integrity, and performance of the Service, including fraud prevention, abuse detection, and rate limiting.
• Comply with legal obligations, respond to lawful requests, and enforce our Terms of Service.

We rely on the following legal bases (where applicable): performance of a contract with you, our legitimate interests in operating and securing the Service, your consent (where required), and compliance with legal obligations.

5. How We Share Information

We do not sell or share personal information, and we do not use it for cross-context behavioral advertising. We disclose personal information only as follows:

a. Service providers (subprocessors)

Each service provider is contractually obligated to use personal information only to perform services for FundVision and to protect it consistent with this Policy. A current list of subprocessors is available at getfundvision.com/legal/subprocessors.

b. Plaid acknowledgment

When you connect a financial account, your information will also be processed by Plaid in accordance with Plaid's End User Privacy Policy at https://plaid.com/legal/#end-user-privacy-policy. By using the Service, you grant Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution in accordance with Plaid's privacy policy.

c. Legal and safety

We may disclose personal information when we believe in good faith that disclosure is required to comply with applicable law, legal process, or government requests; to enforce our Terms; to protect the rights, property, or safety of FundVision, our users, or others; or in connection with a merger, acquisition, financing, or sale of assets (subject to confidentiality and continuing protection of your information).

d. With your direction

We may share information at your direction or with your consent.

6. AI Processing Disclosure

We use third-party large language models — currently OpenAI's GPT-4o — to generate portfolio summaries, analyses, and chat responses. Our practices:

• We send only the investment-level data needed to produce the requested output. We do not send your name, email address, account identifiers, or financial-institution credentials in AI prompts.
• OpenAI processes data on our behalf as a service provider and, per our agreement with OpenAI, does not use API inputs or outputs to train its foundation models.
• AI-generated content is informational only and may be inaccurate, incomplete, or out of date. It is not investment, tax, legal, or financial advice. See the Terms of Service for the full disclaimer.

We do not use AI to make decisions that produce legal or similarly significant effects about you.

7. Data Retention

We retain personal information for as long as we have an ongoing relationship with you and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

• Account and profile data: retained for the life of your account.
• Plaid access tokens and connection metadata: retained while the connection is active; deleted within a reasonable period after you disconnect.
• Investment records and AI chat history: retained while your account is active and for a reasonable tail thereafter for backup, audit, and dispute-resolution purposes.
• Billing records: retained as required by tax and accounting laws (typically 7 years).
• Logs and security data: retained for up to 24 months.
• Backups: cycled and overwritten on a routine schedule.

You may request deletion at any time (see Section 9). Deletion may take effect across active systems before completing in backups during the next backup cycle.

8. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption of credentials and tokens at rest and in transit, access controls, MFA where supported, rate limiting, and routine review of our security posture. No security measure is perfect, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for the activity on your account.

If we experience a security incident affecting your personal information, we will notify you and applicable regulators as required by law (including Florida's Information Protection Act, Fla. Stat. § 501.171).

9. Your Rights

Depending on where you live, you may have the following rights:

• Right to know / access the personal information we hold about you.
• Right to correct inaccurate personal information.
• Right to delete personal information, subject to exceptions.
• Right to portability — receive a copy of your personal information in a portable format.
• Right to opt out of the sale or sharing of personal information, and of targeted advertising and certain profiling. We do not sell, share, or use your information for targeted advertising or significant profiling.
• Right to limit use of SPI, where applicable.
• Right to appeal a denial of a rights request (Virginia, Colorado, Connecticut, Minnesota, and other states).
• Right to non-discrimination — we will not deny service, charge different prices, or provide a different quality of service because you exercised your rights.

To exercise your rights, email privacy@getfundvision.com with the request and enough information for us to verify your identity. We respond within 45 days; we may extend by an additional 45 days when reasonably necessary, with notice to you.

Authorized agents may submit requests on your behalf with written authorization. We may require verification.

California “Shine the Light” (Cal. Civ. Code § 1798.83): We do not share personal information with third parties for their own direct marketing purposes.

Your Privacy Choices: We do not sell or share personal information for cross-context behavioral advertising, and we honor the Global Privacy Control (GPC) browser signal where applicable. Visit getfundvision.com/legal/privacy-choices for our opt-out confirmation.

Notice at Collection (California): At or before account creation, we provide a short-form notice describing the categories of personal information collected and the purposes of collection. This Policy is the long-form notice.

10. GLBA Privacy Notice

FundVision aggregates information from financial institutions on your behalf and is considered a “financial institution” under the Gramm-Leach-Bliley Act (“GLBA”) for purposes of certain consumer financial-information rules. This section is our GLBA privacy notice.

• Nonpublic personal information (“NPI”) we collect: identifiers, financial account information, transaction history, and investment information described in Section 2.
• NPI we disclose: only to the service providers identified in Section 5, only as needed to provide the Service.
• NPI we share with non-affiliated third parties for their own purposes: none. We do not share NPI with non-affiliates for their own marketing or other purposes. There is no opt-out to exercise because we do not engage in such sharing.
• Protection of NPI: described in Section 8.

You may request a copy of this notice at any time by emailing privacy@getfundvision.com.

11. Children

The Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact privacy@getfundvision.com and we will delete it.

12. International Users

The Service is operated from the United States and intended for U.S. residents. If you access the Service from outside the United States, your information will be processed in the United States, which may have different data-protection laws than your country.

13. Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date at the top reflects the most recent version. For material changes, we will provide additional notice (such as an in-app notice or email).

14. Contact Us

FundVision LLC
1100 Biscayne Blvd, Unit 4803
Miami, FL 33132
Privacy questions: privacy@getfundvision.com
Legal notices: legal@getfundvision.com
Security reports: security@getfundvision.com