Legal
Privacy Policy
Document Details
- Version
- 1.0
- Updated
- June 3, 2026
- Effective
- June 3, 2026
- Sections
- 14
Effective Date: June 3, 2026
Version: 1.0
Company: ArthIQ, Inc. ("The ArthIQ Daily", "we", "us", or "our")
Notice at Collection
Pursuant to the California Privacy Rights Act (CPRA) and other applicable state laws, we provide this Notice at Collection.
- We do not sell your personal data.
- We do not "share" your personal data for cross-context behavioral advertising.
Sensitive Personal Information: We collect sensitive personal information only as reasonably necessary to provide the Service, secure accounts, process user-authorized financial data, operate the Referral and Affiliate Programs, and comply with legal obligations. We do not use or disclose sensitive personal information to infer characteristics about you except as necessary to provide the Service you request.
| Categories of Personal Information Collected | Primary Business Purposes | Sold / Shared? | Retention |
|---|---|---|---|
| Identifiers: Name, email, phone number, IP address. | Account creation, authentication, security, and communication. | No / No | While account active; up to 12 months thereafter for security, fraud-prevention, dispute, and compliance, unless a longer period is required by law. |
| Financial Data: Masked account numbers, balances, transactions, holdings, cost basis, loan terms, statements. | Providing core portfolio tracking, net-worth calculation, and analytics. | No / No | While account active; deleted upon verified request unless legally retained. |
| User Preferences & Metadata: Country/currency settings, financial goals, notes, custom account names, tax-related context. | Personalizing the application experience and organizational tools. | No / No | While account active; deleted upon request. |
| Internet / Network Activity: Device data, referral sources, cookies, interaction telemetry. | Application performance monitoring, debugging, and product improvement. | No / No | 90 days for logs, or as otherwise needed for security. |
| Derived / AI Outputs: Insights, categorizations, and summaries generated by AI. | Delivering educational insights and intelligent statement ingestion. | No / No | While account active; deleted with account unless legally retained. |
| Payment / Tax Records: Billing address, subscription tier. | Billing, accounting, tax compliance. | No / No | 7 years. |
| Referral Program Data: Referral codes, attribution data (first-party cookies, server-to-server postbacks, deep-link parameters), Subscription Credit ledger (accrual, application, expiration, clawback), Complimentary Grant redemption history. | Operating the Referral Program and Complimentary Grant feature; fraud detection. | No / No | While account active; ledger retained for audit and accounting purposes for the longer of account life or 3 years; deleted with account unless legally retained. |
| Affiliate Program Data (Affiliates only): W-9 / W-8-BEN tax form data, Stripe Connect account identifiers, payout history, KYC verification records, FTC disclosure attestations, promotional content audit records. | Operating the Affiliate Program; tax reporting; legal compliance; FTC monitoring. | No / No | 7 years after last payout (tax law). Promotional content audit records retained for the period required to demonstrate FTC compliance. |
| Marketing Communication Data: Email open/click/conversion telemetry; push notification consent state and delivery telemetry; in-app promotional surface display/dismissal/action events. | Operating program-driven email triggers, push notifications, and in-app promotional surfaces; measuring program performance. | No / No | While account active; aggregated logs may be retained for product analytics for up to 24 months. |
1. Regulatory Posture
ArthIQ operates within the modern U.S. financial regulatory framework:
- GLBA / Regulation P & FTC Safeguards: We collect Non-Public Personal Information (NPI) from your financial institutions through our account-linking providers. We maintain administrative, technical, and physical safeguards designed to protect this NPI.
- CFPB Section 1033 (Personal Financial Data Rights Rule): The Personal Financial Data Rights Rule implementing Section 1033 of the Dodd-Frank Act is currently subject to CFPB reconsideration, and its compliance dates were stayed by court order on October 29, 2025 (Eastern District of Kentucky). Where and to the extent the rule's compliance obligations become effective and applicable to The ArthIQ Daily, our design is intended to support its authorized-third-party controls — including explicit consumer authorization, purpose-limited use, simple revocation, and reasonable accuracy maintenance.
2. Subprocessors and Data Sharing
We share minimum data necessary with vetted infrastructure partners. Please review our complete, standalone Subprocessors List. If our processors transfer data internationally, we utilize standard contractual clauses or equivalent frameworks. Affiliate payout processing through Stripe Connect involves transfer of W-9/W-8-BEN tax form data, identity verification data, and payout history to Stripe, Inc. as a separate controller for purposes of payment processing, KYC, and tax reporting.
3. Artificial Intelligence Data Protections
We utilize Anthropic's commercial APIs. Our platform attempts to strip direct system identifiers, but unstructured statement text is processed by AI.
- No Model Training: Anthropic is strictly prohibited from using your data to train their foundational models.
- Retention Limits: Data retention is subject to our enterprise agreement with Anthropic and Anthropic's then-current API and Zero Data Retention (ZDR) terms (generally limited to temporary Trust & Safety monitoring before absolute deletion).
5. Referral Program Data Handling
When you participate in the Referral Program, we collect and process referral codes, attribution events, Subscription Credit ledger entries, and qualifying-referral-event data. This data is used solely to operate the Referral Program, detect fraud, and report program performance. It is not shared with advertising networks or used for ad targeting.
6. Affiliate Program Data Handling (Affiliates only)
If you enroll as an Affiliate, additional data is processed through our payout provider (Stripe Connect), including tax form information (W-9 or W-8-BEN), payout cadence and history, identity verification (KYC), and 1099 reporting data. Stripe Connect processes this data as a separate controller under its own terms and policies. We retain Affiliate payout records for at least seven (7) years as required by tax law.
We additionally maintain audit records of Affiliate promotional content reviewed for FTC Endorsement Guide compliance for the period required to demonstrate compliance.
For non-U.S. Affiliates, personal information processed in connection with the Affiliate Program may be subject to additional local data-protection laws (for example, UK GDPR, EU GDPR, Canadian PIPEDA, Australian Privacy Act). Affiliates are responsible for compliance with local marketing, anti-spam, and data-protection law in any jurisdiction where they conduct promotional activity, including obtaining any consents required for the audiences they market to. ArthIQ's processing of Affiliate data is limited to operating the Affiliate Program; we do not market to audiences collected or built by Affiliates.
7. Behavioral Email Triggers and Marketing Communications
Our Service uses behavioral events (such as completing a Qualifying Referral, earning Subscription Credit, reaching a leaderboard rank, completing a qualified financial-account connection, or receiving a Complimentary Grant) to trigger relevant emails through our email service provider. These emails are part of operating the Service and the Referral / Affiliate / Grant Programs. You may opt out of program-related marketing emails through your account preferences; transactional emails (billing, security alerts, legal notices) and required Service notifications continue regardless.
Program-related emails that constitute commercial communications under the CAN-SPAM Act include a clear unsubscribe link, our valid postal address, truthful subject and header information, and accurate "from" attribution. We honor unsubscribe requests within ten (10) business days as required by applicable law.
Push notifications are sent only with your explicit operating-system-level consent and are limited to high-signal events as described in Section 8 of the Terms of Service.
In-app promotional surface display, dismissal, and action events are logged for measurement and frequency-cap enforcement. These logs are not used for advertising and are not shared with advertising networks.
8. Data Security and Breach Notification
We implement encryption in transit (TLS) and at rest. In the event of a verified data breach compromising your sensitive unencrypted personal information, we will provide legally required notices without unreasonable delay and within the timeframes required by applicable law. Where the FTC Safeguards Rule applies, we will notify the FTC of qualifying notification events within the required period (typically 30 days of discovery for events involving 500 or more consumers).
9. Children's Privacy
The Service is restricted to adults 18 and older. We do not knowingly collect personal information from children under 13 in accordance with the Children's Online Privacy Protection Act (COPPA). If we become aware that we have collected personal information from a child under 13, we will delete it promptly. Parents or guardians may contact legal@thearthiqdaily.com.
10. U.S. State Privacy Rights
Residents of states with comprehensive consumer privacy laws (including but not limited to California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have specific rights regarding their personal information.
Where applicable, you have the right to:
- Access, Correct, and Delete your personal information.
- Export / Port your data in a usable format.
- Opt-out of targeted advertising, sale, or profiling.
- Limit the use of sensitive personal data.
- Profiling Carve-out: We do not engage in profiling in furtherance of decisions producing legal or similarly significant effects concerning consumers.
To Exercise Rights: Email legal@thearthiqdaily.com or use the in-app deletion tool.
- Appeals Process: If we decline to take action regarding your request, you may appeal our decision by emailing legal@thearthiqdaily.com with the subject line "Privacy Request Appeal."
- Authorized Agents: You may designate an authorized agent to make a request on your behalf. We will require verifiable proof of the agent's authorization.
11. Information About Others
Some features may allow you to enter information about another person, such as a spouse, dependent, beneficiary, executor, trustee, advisor, household member, or emergency contact. When you submit such information, you represent that you have a lawful basis or appropriate permission to provide it. We use this information only to provide, secure, and support the requested feature. The person whose information was submitted may request deletion by emailing legal@thearthiqdaily.com.
12. Referral-Specific Considerations for Referees
When you sign up via a referral link, ArthIQ records the referral code in the attribution mechanisms described in Section 4 for the purpose of attributing your subscription to the Referrer. The fact of a referral, the Referrer's identifier, your subscription tier, and your subscription payments are processed for Referral Program operation; the Referrer does not see your personal information beyond their own attribution dashboard (which may show aggregate counts and qualifying status but not Referee identity or financial data).
13. Contact Us
- Email: legal@thearthiqdaily.com
- Mailing Address: ArthIQ, Inc., 1465 Saint Francis Dr, San Jose, CA 95125