Privacy Policy | WealthLens

This Privacy Policy describes how Agent Matthew, LLC, operating as WealthLens ("Company," "we," "us," or "our"), collects, uses, and protects information you provide when using the WealthLens financial strategy platform ("Service"). By using the Service, you agree to the practices described in this Policy. If you do not agree, please discontinue use of the Service.

We take a Defense-in-Depth approach to data security, which means we apply multiple independent layers of protection to your information, not just a single perimeter. The sections below explain each layer in plain language.

Section 01

Information We Collect

Account Information: When you register or are invited to the platform, we collect your name, email address, and professional information (such as company name and NMLS ID, if applicable).

Financial Strategy Data: Advisors input financial parameters to model mortgage strategies for their clients (e.g., loan amounts, interest rates, property values, closing cost estimates). This data is stored securely and associated with your account.

Client Information: Advisors may enter a client's first name and financial scenario details. We do not require, and we strongly discourage the entry of, Social Security Numbers, full government-issued names, or other high-sensitivity identification documents directly into financial strategy fields.

Usage Data: We automatically collect certain technical information when you use the Service, including IP address, browser type, device type, pages visited, and timestamps of activity. This information is used for security monitoring and product improvement.

Feedback: Any feedback, bug reports, or feature requests you voluntarily submit are collected and governed by the Beta Participant Agreement.

Section 02

How We Use Your Information

To provide, operate, and improve the WealthLens platform.
To generate financial strategy analyses and reports as requested by the Advisor.
To send transactional communications (e.g., rate alert notifications, beta updates).
To ensure compliance with our Beta Participant Agreement and this Privacy Policy.
To maintain security, prevent fraud, and diagnose technical problems.
To fulfill any legal obligations.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Section 03

The Privacy Guardrail: PII Sanitization

Key Protection Before any financial data is processed by our AI analysis engine, it passes through a mandatory sanitization layer that automatically identifies and removes sensitive personal identifiers.

WealthLens employs a proprietary Privacy Guardrail, a mandatory middleware layer that intercepts all data before it reaches any AI processing engine. This guardrail automatically detects and permanently replaces sensitive Personally Identifiable Information (PII), including but not limited to Social Security Numbers, with anonymized placeholders.

This means that even if an Advisor inadvertently includes sensitive identifiers in a data field, that information is stripped before any analysis occurs. Your clients' identities are protected by design, not just by policy.

What the AI sees: Financial parameters (rates, amounts, loan types, timeline data) and anonymized client references, never sensitive identity documents.

Section 04

Zero-Retention AI Policy

Our Commitment Your client data is never used to train, fine-tune, or improve external AI models. It is used solely to generate the analysis you requested, then discarded from the AI processing environment.

WealthLens uses cloud-based AI models strictly as processing tools, not as learning systems. Our partnership agreements with AI processing providers include explicit zero-retention and zero-training terms, meaning:

No financial strategy data submitted to WealthLens is used to train any external AI model.
AI processing environments do not retain your data after a request is completed.
The AI generates its analysis, returns the result, and the processing context is discarded.

The only retained record of an AI interaction is our own internal integrity audit log (described in Section 5), which we control and maintain separately from the AI provider.

Section 05

The Integrity Audit Log

Transparency Note Every AI-powered interaction within WealthLens is logged in a secure, immutable audit record. This is described here in the interest of full transparency.

To protect the integrity of financial analyses and provide accountability for all parties, WealthLens maintains a secure, immutable Integrity Audit Log: an internal record we call the "Black Box."

Every AI-powered interaction (strategy analysis, guideline research, rate monitoring) generates a log entry containing:

A timestamp of the interaction.
The type of analysis performed.
The sanitized (PII-scrubbed) input data, after the Privacy Guardrail has been applied.
A summary of the AI-generated output.
Token usage and processing metadata for billing and quality assurance.

Additionally, any manual override to a system-calculated financial field is recorded in this immutable audit log at the time of modification. This protects Advisors by demonstrating exactly which values were system-generated and which were human-adjusted.

Audit log data is retained for a minimum of 24 months for compliance and dispute resolution purposes. Access to raw audit logs is restricted to authorized Company personnel only.

Section 06

Data Security & Encryption

WealthLens applies banking-grade security standards across all data at rest and in transit:

In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3, the current industry gold standard for transport security.
At Rest: All stored data (including client files, account information, and audit logs) is encrypted at rest using AES-256 encryption.
Document Uploads: When financial documents are uploaded for analysis, they are transmitted directly to a private, access-controlled storage vault via short-lived, single-use secure URLs. Documents never pass through our application servers' disk or memory.
Least-Privilege Access: Internal systems are granted only the minimum permissions required to perform their function. No single component has unrestricted access to all data.

Section 07

Third-Party Service Providers

WealthLens relies on a small number of carefully vetted third-party service providers to operate the platform. These providers act as data processors under our direction and are contractually bound by data protection and confidentiality requirements consistent with this Policy.

Cloud Infrastructure & Database: Our application data and databases are hosted on a leading enterprise cloud platform with SOC 2 Type II compliance.
AI Processing Partners: We use one or more enterprise-grade AI processing services to power strategy analysis and guideline research. These partners operate under zero-retention terms as described in Section 4.
Secure Document Storage: Financial documents are stored in a private, encrypted cloud storage vault accessible only by authorized service roles.
Email Delivery: Transactional email communications (alerts, invites) are delivered via a third-party email delivery service.
Secure Payment Processing: If you subscribe to a paid tier, payment information is handled exclusively by a PCI-DSS compliant payment processor. WealthLens never stores your full credit card number.

We do not share your data with any third party for advertising, marketing profiling, or data brokerage purposes.

Section 08

Data Retention & Deletion

Account Data: Retained for the duration of your account plus 90 days following account closure.

Client Files & Strategy Data: Retained for the duration of your account. Advisors may delete individual client files at any time from within the platform.

Audit Logs: Retained for a minimum of 24 months for compliance purposes. Audit logs cannot be manually deleted by users, as they serve as the immutable record of platform integrity.

Beta Program: During the Beta period, we reserve the right to delete or reset data as part of testing procedures. We will provide reasonable advance notice before any such reset.

To request account or data deletion, please contact us at the address listed in Section 10.

Section 09

Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

Right of Access: You may request a copy of the personal information we hold about you.
Right of Correction: You may request correction of inaccurate or incomplete information.
Right of Deletion: You may request deletion of your personal information, subject to our legal retention obligations.
Right to Opt-Out: You may opt out of non-essential communications at any time via your account settings or by contacting us.
Right to Portability: You may request an export of your data in a portable format.

To exercise any of these rights, please contact us at privacy@wealthlensapp.com. We will respond to verifiable requests within 30 days.

WealthLens does not knowingly collect information from individuals under the age of 18. If you believe we have inadvertently collected such information, please contact us immediately.

Section 10

Contact Us

For questions, concerns, or requests related to this Privacy Policy, please contact us:

Email: privacy@wealthlensapp.com
Legal inquiries: legal@wealthlensapp.com
Company: Agent Matthew, LLC, operating as WealthLens

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated to registered users via email or an in-platform notification. Your continued use of the Service following such notification constitutes acceptance of the updated Policy.