Invest Wise Way
Subscribe (free)

The Posture · Security & privacy

What we will, and will not, do with your household data.

The covenant

Six commitments we hold ourselves to.

  1. 01

    No bank-login scraping

    No third-party bank-aggregation APIs. No read-write integration into your accounts. You upload statements you already receive (CSV, PDF, screenshot); the parser runs in the browser when the layout allows and on a server worker only when it must.

  2. 02

    Row-level security on every read

    Every user-scoped table has RLS enabled with policies scoped to auth.uid() = user_id. API routes apply defense-in-depth with explicit .eq() filters on top of RLS, so a misconfigured policy cannot leak another household's data.

  3. 03

    Canadian residency, by design

    Supabase Canadian region. Postgres, Auth and Storage all colocated. We do not ship data outside the Canadian boundary for hosting, backups or analytics.

  4. 04

    Encryption end-to-end

    TLS 1.3 in transit. AES-256 at rest. Database backups encrypted with managed keys. API keys and the Anthropic dispatch credential are encrypted environment variables, never committed to the repo.

  5. 05

    Educational guidance only

    We are not a registered investment dealer, IIROC member, or licensed CFP. AI dispatches are planning models, not advice to buy or sell a security. We will not recommend specific products by ticker; we will explain the categories and trade-offs.

  6. 06

    Data export + delete on request

    Member dashboard offers a one-click export of every row tied to your account (JSON + CSV). Account deletion permanently removes those rows; deleted data is gone from primary storage and rotated out of encrypted backups on the next cycle.

Compliance

The Canadian regulatory frame we operate inside.

  1. 01

    PIPEDA-aligned

    Federal Personal Information Protection and Electronic Documents Act. Consent at signup, purpose limitation, retention policies documented in /privacy.

  2. 02

    No data resale

    We have no advertising surface, no third-party tracker resale, no "anonymised aggregate" data product. The business model is paid subscription only.

  3. 03

    AI dispatch audit log

    Every AI dispatch (Anthropic Claude call) writes an audit row: which agent, character counts in + out, tool calls, linter flags. You can review your own log in /dashboard/settings.

  4. 04

    Consent-gated tools

    Agents only see your transaction or net-worth data after you grant explicit consent. Until then they answer general questions only — no tool access.

Disclosure

If we find a breach, we will tell you within 72 hours.

PIPEDA requires notification of any breach that poses a “real risk of significant harm.” We commit publicly to a 72-hour ceiling from confirmation, regardless of risk threshold — by email to every affected member and a notice on this page.

Open the books Report a vulnerability