Privacy Policy
Last updated: 7 May 2026
1. Who We Are
WealthLenseAI("we", "us", "our") operates this website and provides AI-powered portfolio analysis and financial education tools for informational purposes only. Privacy questions: rohitvm2002@gmail.com.
2. Data Architecture — What We Actually Store
What we do store (only for signed-in users): the AI-generated result — your health score, allocation summary, and recommendations — under your Google account so you can revisit it from any device. You can delete any saved report at any time from theMy Reportspage.
| Data Type | Stored Where | How Long |
|---|---|---|
| Uploaded portfolio files (PDF/CSV/Excel/image) | Not stored — in-memory only | Deleted as soon as the request completes |
| Manually entered holdings | Not stored — in-memory only | Deleted as soon as the request completes |
| Planner questionnaire answers | Not stored — in-memory only | Deleted as soon as the request completes |
| AI-generated analysis result (signed-in users) | Firestore (Google Cloud), scoped to your Google UID | Until you delete it from My Reports, or your account |
| AI-generated result (anonymous / local-dev users) | Browser sessionStorage only | Cleared when you close the tab |
| In-flight analysis job state (incl. parsed portfolio text or image during processing) | Firestore /analysisJobs collection (transient) | Parsed input is cleared as soon as the AI finishes (within seconds). The job doc itself is auto-deleted ~5 minutes after completion via TTL. |
| Email address you provide for "email me when ready" | Same Firestore job document, used to send a single email | Removed with the job at the 5-min TTL |
| Country preference | Your browser's localStorage | Until you clear browser data |
| Google profile (display name, email, photo) | Firebase Authentication | Until you delete your account |
| Contact form messages | Our operator email inbox (delivered via Resend) | Up to 2 years |
3. How We Process Your Data
- Portfolio analysis: Your uploaded file or manually entered holdings are parsed in server memory, converted to text, and sent to an AI provider (Google Gemini by default, with OpenRouter as a fallback if our Gemini quota is exhausted) to generate your health score and insights. The raw file is never saved.
- Financial plan: Your completed questionnaire Excel file is parsed in memory, question answers are extracted, and sent to the AI provider to generate your plan. The file is never saved.
- Saved reports (signed-in users only): Once the AI returns, the structured result is written to Firestore under your Google UID so you can re-open it from My Reports. You may delete any saved report from My Reports at any time.
- Async job tracking (signed-in users only): For long analyses, a transient job document is created in Firestore so the client can poll progress. These documents self-delete approximately 5 minutes after completion via a Firestore TTL policy.
- Email-when-ready (optional, signed-in users only): If you opt in via the in-page popup that appears after ~50 seconds, we send a single notification email containing your report summary and a link to view the full report on the site. We use the email address associated with your Google sign-in. Delivery is handled by Resend (https://resend.com).
- Contact form: Submissions are sent to our operator inbox via Resend with your supplied email set as Reply-To. We retain these for up to 2 years for support purposes.
- Country auto-detection: Your browser directly contacts ipapi.co to estimate your country from your IP address. This request never passes through our servers.
- Google Sign-In: If you sign in, Firebase Authentication receives your Google profile (display name, email, photo). This is used to identify your session and scope your saved reports to your account.
- We do not sell your data and do not use your portfolio data for advertising targeting.
4. Third-Party Services
| Service | Purpose | Data Received |
|---|---|---|
| Google Gemini AI | Primary AI provider — generates portfolio analysis and financial plan | Portfolio text / questionnaire answers |
| OpenRouter | Fallback AI provider when Gemini quota is exhausted | Portfolio text / questionnaire answers (only on fallback) |
| Firebase Authentication / Firestore (Google Cloud) | Google Sign-In, saved reports, transient job tracking | Display name, email, photo, AI-generated reports under your UID |
| Vercel | Hosting / serverless function execution | Standard request metadata (IP, user-agent, route) for routing & logging |
| Inngest | Durable workflow runner — executes the long-running AI analysis step outside Vercel's function timeout | Job ID + user ID for routing. Reads parsed portfolio text from Firestore directly; never stores it long-term. |
| Resend | Email delivery (report email, contact-form delivery) | Recipient email address, message content, sender metadata |
| Google Analytics | Aggregate usage analytics | Anonymised page views, session data |
| Google AdSense | Advertising | Cookies for ad personalisation |
| ipapi.co | Country auto-detection (browser-direct) | Your IP address (browser contacts them directly; we never see it) |
Each service is governed by its own privacy policy (Google: policies.google.com/privacy; Vercel: vercel.com/legal/privacy-policy; Resend: resend.com/legal/privacy-policy; OpenRouter: openrouter.ai/privacy). We are not responsible for the data practices of these third parties.
5. Cookies
- Analytics cookies (_ga, _gid) — Set by Google Analytics. Tracks aggregate usage.
- Advertising cookies — Set by Google AdSense. Can be opted out via Google Ad Settings.
- No functional session cookies — We do not set server-side session cookies. Analysis results live only in your browser's session storage.
Disabling cookies will not affect core portfolio analysis functionality.
6. Your Rights by Jurisdiction
- UK / EU (GDPR) — Access, correct, delete, restrict, or port your data; withdraw consent at any time; right to object to processing
- India (DPDP Act 2023) — Access, correct, and erase personal data; grievance redressal
- Singapore (PDPA) — Access and correct personal data we hold
- Australia (Privacy Act 1988) — Access and correct personal information
- California, USA (CCPA) — Know what data is collected; request deletion; opt out of data sales (we do not sell personal data)
Self-service controls (regardless of jurisdiction): Privacy Settings lets you (a) view + revoke cookie and AI-processing consent, (b) download all data we hold about you (right of access), and (c) permanently delete your account and all associated data (right to erasure). Individual saved reports can also be deleted from My Reports.
Because we do not retain raw portfolio uploads, the underlying file is already gone. The only persistent data we hold per user is the Google profile (display name, email, photo) and the AI-generated report results — both of which you control directly.
For all other requests, contact: rohitvm2002@gmail.com
7. International Transfers
The following sub-processors operate primarily on US-based infrastructure: Google (Gemini AI, Firebase Auth, Firestore, Analytics, AdSense), Vercel (hosting), Resend (email delivery), and OpenRouter (fallback AI). By using our service, you consent to your data being transferred to and processed in the USA. For UK/EU users, Google, Vercel, and Resend operate under Standard Contractual Clauses approved by the European Commission.
8. Children's Privacy
Our services are not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe a child has used our service, please contact us immediately.
9. Changes to This Policy
We may update this policy periodically. The "Last updated" date at the top reflects the most recent revision. Continued use after changes constitutes acceptance of the revised policy.