Privacy Policy

Last updated: January 2026

At NetWorthOS, we take your privacy extremely seriously. This policy explains how we collect, use, and protect your personal and financial information.

1. Information We Collect

We collect information you provide directly to us, including:

• Account information (name, email address, phone number)
• Financial information (asset details, account balances, investment holdings)
• Documents you upload (property papers, insurance policies, wills)
• Family member information (with their consent)

2. How We Use Your Information

Your information is used solely to:

• Provide and maintain the NetWorthOS service
• Calculate and display your net worth and financial analytics
• Enable family sharing features you explicitly authorize
• Send you important service updates and security alerts
• Improve our product based on anonymized usage patterns

3. Data Security

We implement bank-grade security measures and follow industry best practices to protect your sensitive financial data:

Encryption

• Data at Rest: All stored data is encrypted using AES-256 encryption, the same standard used by leading financial institutions worldwide
• Data in Transit: All data transmitted between your device and our servers is protected using TLS 1.3 encryption with perfect forward secrecy
• End-to-End Encryption: Sensitive documents in your vault are encrypted end-to-end, meaning even we cannot access their contents

Authentication & Access Control

• Multi-Factor Authentication (MFA): Optional but strongly recommended for all accounts
• Biometric Authentication: Support for fingerprint and face recognition on mobile devices
• Session Management: Automatic session timeout and device management capabilities
• Role-Based Access: Granular permission controls for family sharing features

Infrastructure Security

• SOC 2 Type II Compliance: Our infrastructure providers maintain SOC 2 Type II certification
• Data Residency: All data is stored in secure data centers located in India
• Regular Backups: Automated encrypted backups with point-in-time recovery capabilities
• DDoS Protection: Enterprise-grade protection against distributed denial-of-service attacks
• Web Application Firewall: Advanced threat detection and prevention

Security Practices

• Security Audits: Regular penetration testing and security audits by independent third-party firms
• Vulnerability Management: Continuous monitoring and patching of security vulnerabilities
• Employee Access: Strict access controls and background checks for all employees with data access
• Incident Response: Documented incident response procedures with 24/7 monitoring
• Secure Development: Security-first development practices following OWASP guidelines

4. What We Don't Do

We will never:

• Sell your personal or financial data to third parties
• Share your data with advertisers
• Use your data to target you with ads
• Access your actual bank or brokerage accounts (we use read-only connections)
• Store your bank passwords or trading credentials

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will permanently delete all your data within 30 days, except where required by law to retain certain records.

6. Family Sharing

When you share data with family members:

• You control exactly what they can see through role-based permissions
• You can revoke access at any time
• Family members cannot export or share your data further
• All family access is logged and auditable

7. Third-Party Integrations

When you connect external accounts (brokerages, banks), we use secure, read-only API connections. We never store your login credentials for these services. Data synced from these services is encrypted and stored with the same security standards as all other data.

8. Your Rights

You have the right to:

• Access all data we hold about you
• Export your data in standard formats
• Correct inaccurate information
• Delete your account and all associated data
• Withdraw consent for optional data processing

9. Cookies

We use essential cookies only for authentication and security purposes. We do not use tracking cookies or third-party analytics that compromise your privacy.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of any material changes via email and in-app notification at least 30 days before they take effect.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: paritosh@networthos.ai