Invest Wise Way
Subscribe (free)

Compliance · Privacy policy

How we handle your data, plainly stated.

  1. 1. What we collect

    Account: email, password hash, optional name + partner name. Financial: transactions you import (CSV / PDF), holdings, account balances you enter, planning inputs (age, income, goals). Usage: AI dispatch audit log (which agent, character counts, tool calls, model used). Technical: IP address + user-agent at sign-in for fraud detection.

  2. 2. Why we collect it

    To operate the dashboard, run the AI Bureau, produce planning outputs, and meet PIPEDA + CRA-related record-keeping obligations. We do not collect data for advertising, behavioural retargeting, or aggregate-data sale — we have no such products.

  3. 3. Where it lives

    Postgres + Auth + Storage at Supabase, Canadian region. AI dispatches routed to Anthropic Claude (US-hosted model API; prompts + responses transit but are not used for model training under our Zero Data Retention agreement). No data shipped to advertising networks or analytics aggregators.

  4. 4. Who can see it

    You. Row-level security on every user-scoped table scopes reads to auth.uid() = user_id. Your household ledger is not readable by any other member or by Invest Wise Way staff in normal operations. Engineering staff can access aggregate metrics (no PII) and tightly-scoped support requests where you have explicitly opted in to share.

  5. 5. How long we keep it

    Active account: indefinitely, until you ask us to delete. Transaction imports default to 7 years retention to support your CRA record-keeping (you can shorten this in Settings). Audit log retained 24 months. Closed account: rows purged from primary storage immediately; rotated out of encrypted backups within 35 days.

  6. 6. Export & delete on request

    Member Settings includes a one-click export (JSON + CSV of every row tied to your account) and a one-click account-deletion path. Deletion is irreversible and immediate; backups holding the data age out within 35 days. Email security@investwiseway.ca to request the same via support.

  7. 7. Children + minors

    Invest Wise Way is intended for users aged 18+. We do not knowingly collect data from anyone under 18. Parents using RESP planning features describe their child as a beneficiary; the child does not have an account on the platform.

  8. 8. Cookies + local storage

    Essential: session token (Supabase Auth) + theme preference (localStorage). No third-party tracking pixels. No advertising cookies. No analytics SDKs that ship data outside Canada.

  9. 9. Cross-border transfer

    AI dispatches transit to Anthropic's US infrastructure under a Zero Data Retention agreement (your prompts are not stored or used for training). All other data stays in Canada. You consent to this single cross-border data path at signup.

  10. 10. Your rights under PIPEDA

    Right of access: see what we hold. Right of correction: fix what is wrong. Right of withdrawal: revoke AI consent at any time (planning still works without tool access). Right of complaint: contact the Office of the Privacy Commissioner of Canada (priv.gc.ca) if you believe we have not handled your data properly.

  11. 11. Changes to this policy

    Material changes get a notice on this page + an email to every member at least 30 days before the change takes effect. Non-material changes (typo fixes, link updates) we publish quietly. This document is versioned in our source repository; the "Last reviewed" date below reflects the most recent edit.

  12. 12. How to reach us

    General + access requests: hello@investwiseway.ca. Security or privacy concerns: security@investwiseway.ca. Mail: address available on request. We respond within five business days on access requests and 72 hours on suspected breaches.

Questions about your data?

Email security@investwiseway.ca or open the books to see exactly what we hold under your account.

Open the books Read the security posture