Legal
Privacy Notice
Last updated June 7, 2026
Plain-English summary: WealthScan is the data controller for the information you give us. We use it to run the platform, support you, keep things secure, and meet legal obligations. We share data only with the vendors who help us run the service (including Paddle, which processes all payments as Merchant of Record). We never sell personal data.
1. Who we are
This notice is issued by WealthScan LLC ("WealthScan", "we", "us"), the legal entity operating the WealthScan platform at wealthscan.ai. WealthScan acts as the data controller for personal data described below. Contact: privacy@wealthscan.ai.
2. Categories of personal data we collect
- Account data: name, email, hashed password, role (Client, Pro, Admin), professional credentials.
- Profile & financial inputs: household, income, assets, liabilities, tax, estate, business, and insurance data you enter into fact-finders and the planning hub.
- Collaboration data: connection requests, sharing permissions, messages, files, and audit logs of who accessed what.
- Billing metadata: Paddle customer ID, subscription status, plan, renewal date. Card details, billing address, and tax IDs are collected and stored by Paddle — not by WealthScan.
- Technical data: IP address, browser/device identifiers, pages viewed, timestamps, error logs, session tokens.
- Support data: messages you send us and our responses.
3. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Create and operate your account, deliver the platform | Performance of contract |
| Process payments, subscriptions, invoicing, tax compliance (via Paddle) | Performance of contract / legal obligation |
| Security, fraud prevention, abuse detection, access logging | Legitimate interests |
| Customer support and service communications | Performance of contract / legitimate interests |
| Product improvement, aggregated analytics | Legitimate interests |
| Marketing emails (only if you opt in) | Consent |
| Compliance with legal requests, recordkeeping | Legal obligation |
4. Who we share data with
- Paddle.com Market Ltd — Merchant of Record. Paddle processes all sales, payments, refunds, billing, sales tax, and invoicing on our behalf, and is the data controller for payment information you enter at checkout. See Paddle Privacy Policy.
- Hosting & infrastructure providers — cloud hosting, database, file storage, email delivery, error monitoring, and analytics subprocessors that operate the service under contract.
- Licensed professionals you connect with — Pros only see the sections of your hub that you have explicitly shared via the Privacy & Sharing controls.
- Professional advisers — legal, accounting, insurance.
- Authorities — when required by law, court order, or to protect rights, safety, or property.
We do not sell personal data and do not share it for cross-context behavioral advertising.
5. International transfers
Some of our subprocessors (including Paddle) are located outside the EEA/UK. Where personal data is transferred internationally, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) with appropriate supplementary safeguards.
6. Retention
We keep account and hub data for as long as your account is active. After you delete your account, we erase or anonymize personal data within 30 days, except where longer retention is required for legal, tax, accounting, or fraud-prevention purposes (typically up to 7 years for billing records held by Paddle).
7. Your rights
Subject to your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data ("right to be forgotten")
- Restrict or object to processing
- Receive your data in a portable format
- Withdraw consent at any time (for consent-based processing)
- Lodge a complaint with a supervisory authority (EEA/UK)
Exercise any of these by emailing privacy@wealthscan.ai. We respond within one month.
8. Security
We apply industry-standard technical and organizational measures: AES-256 encryption at rest, TLS in transit, Row-Level Security at the database layer, principle-of-least-privilege access controls, audit logging of access to client data, and regular review of our subprocessors.
9. Cookies
We use essential cookies to keep you signed in and to remember preferences. We may use limited first-party analytics cookies to understand aggregate usage. We do not use third-party advertising cookies.
10. Children
The service is not directed at children under 16, and we do not knowingly collect their data.
11. Changes
We may update this notice. Material changes will be announced in-app or by email before they take effect.
Questions? privacy@wealthscan.ai