Privacy Policy
Last updated: 12 May 2026
At Wealto, your financial data is private by design. This policy explains what we collect, why, and how we protect it.
1. What we collect
- Account information: Name and email address when you sign up
- Financial profile data: Salary, investments, loans, insurance details you enter manually
- Documents you upload for analysis: Your document is transmitted directly to our AI provider (Anthropic) for analysis using their API. The raw file is deleted immediately after analysis is complete — we never store your original document. Only the analysis result (extracted figures and insights) is retained in your account.
- Usage data: How you use the app (pages visited, features used)
- Payment data: We use Razorpay for payments. We never store your card details — Razorpay handles all payment processing.
2. What we don't collect
- We never link to your bank accounts
- We never access your actual transactions
- We never sell your data to third parties
- We never use your financial data for advertising
3. How we use your data
- To provide the Wealto service — powering your AI financial advisor
- To send you product updates and your weekly financial digest
- To improve the product based on usage patterns (anonymised)
- Your financial profile is sent to our AI provider (Anthropic) to generate responses — Anthropic does not train on your data. See Anthropic's privacy policy.
4. Data storage and security
- Document security: Raw document files are deleted immediately after analysis. Your documents are never stored on our servers. Only the AI-generated analysis of your document is retained, which you can delete at any time from the Documents page. Storage: Document files are stored in encrypted private storage (Supabase) accessible only by you. Even Wealto team members cannot access your files without explicit database access.
- Your data is stored on Supabase (PostgreSQL) with row-level security — only you can access your data
- All data transmission is encrypted via HTTPS
- We are hosted on Vercel and Supabase — both SOC 2 compliant
5. Data retention
- Your data is retained as long as your account is active
- You can request deletion of your account and all data by emailing hello.wealto@gmail.com
- We will delete your data within 7 business days of request
6. Your rights
- Access: Request a copy of your data
- Correction: Update your data any time in the app
- Deletion: Email hello.wealto@gmail.com to delete your account
- Portability: Request your data in CSV format
7. Cookies
- We use minimal cookies for authentication only
- We do not use advertising or tracking cookies
8. Children
Wealto is not intended for users under 18 years of age.
9. Changes to this policy
- We will notify you by email of material changes
- Continued use after changes means acceptance
10. Contact
- For privacy questions: hello.wealto@gmail.com
- Response within 3 business days