Privacy Policy

Privacy isn't an afterthought at Tablewealth - it's a design constraint. Here's what that means in practice:

Account information: Name, email address, password (hashed), and billing details when you subscribe.

Financial data: Account balances, transaction history, investment holdings, and asset values retrieved from connected financial institutions via our data aggregation partners.

Usage data: How you interact with the platform, features used, session durations, and error logs - used to improve the product.

Device and technical data: IP address, browser type, operating system, and device identifiers collected automatically when you use our Services.

Communications: Emails and support messages you send us.

We use the data we collect to:

• Provide, operate, and improve the Tablewealth platform
• Sync and display your financial accounts accurately
• Process payments and manage your subscription
• Send product updates, security alerts, and support communications
• Protect account security and investigate fraud, abuse, or reliability issues
• Comply with legal obligations

We do not use your financial data to train AI models, build user profiles for advertising, or infer personal attributes beyond what is required to operate the Services.

Your financial data is the most sensitive information we hold. We treat it accordingly:

• Sensitive financial fields are encrypted at rest using field-level encryption
• Financial records are scoped to your organization and protected by authenticated access controls
• Financial data is accessed to provide requested product features, including dashboards, account sync, exports, webhooks, and support troubleshooting
• We limit internal access to production data to operational needs
• We use financial data aggregation partners to connect to supported institutions

Tablewealth uses AI to help you build custom dashboards and interfaces. Our AI system is strictly limited:

• AI receives the prompts and messages you submit, plus limited workspace context needed to respond
• We do not automatically attach your account balances, transactions, or holdings to AI requests
• When you ask AI to help build an interface, it works from your instructions rather than directly querying your financial records
• You should not include sensitive financial data in prompts unless you intentionally choose to provide it

This is different from tools that automatically send raw account data to an AI model for analysis. Our product is designed so interface generation can happen without attaching financial records to the prompt.

We do not sell your personal data. We may share limited data with:

• Data aggregation partners - to connect to your financial institutions on your behalf
• Payment processors - to handle subscription billing securely (we never store full card details)
• Infrastructure providers - to host, secure, monitor, and operate the Services
• Legal authorities - only when required by valid legal process, court order, or to protect the safety of users

We share data with service providers only as needed to provide and operate the Services, subject to applicable contracts and provider terms.

We use technical and organizational safeguards designed to protect user data, including:

• Field-level encryption for sensitive database fields such as connection tokens, account names, transaction details, and holding identifiers
• Authenticated, organization-scoped access checks around dashboard data
• Account security options such as authenticator-app MFA and passkeys where available
• Scoped API keys with account-level access controls
• Analytics masking in sensitive dashboard surfaces to reduce accidental capture of private data

No system is perfectly immune to unauthorized access. If we determine that notice is required for a security event involving your personal data, we will provide notice in accordance with applicable law.

We retain your data for as long as your account is active or as needed to provide the Services. When you delete your account:

• The account deletion flow removes your user account, sessions, connected auth accounts, and related account records when you are eligible to delete
• Connected financial provider connections are unlinked as part of the deletion flow
• Some organization data may remain if it belongs to a shared workspace or another organization owner
• Billing, security, legal, backup, and provider records may be retained where required or reasonably necessary

You can contact us to request access, deletion, or portability assistance before deleting your account.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access - Request a copy of the personal data we hold about you
• Correction - Request correction of inaccurate personal data
• Deletion - Request deletion of your personal data
• Portability - Receive your data in a structured, machine-readable format
• Objection - Object to certain types of data processing
• Withdraw consent - Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@tablewealth.com. We will respond within 30 days.

We use cookies, local storage, pixels, and similar technologies to operate the Services, keep sessions secure, remember preferences, measure site and product usage, and understand the effectiveness of our marketing, including referrals, campaigns, and page interactions.

These tools may collect technical information such as device and browser details, pages visited, referring pages, approximate location derived from IP address, campaign parameters, and interaction events. They are not used to sell your personal data or financial data.

We do not sell your personal data or financial data to advertisers, data brokers, or marketing platforms. In sensitive dashboard surfaces, analytics is configured to mask text, inputs, and element attributes.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

We may update this Privacy Policy to reflect changes in our practices or applicable law. When legally required, we will provide notice of material changes.

The "Last updated" date at the top of this page reflects the most recent revision. We encourage you to review this policy periodically.