Privacy Policy

1. Who we are

AdvisorLens ("we", "us", "our") provides a web-based financial-planning dashboard. For the purpose of data-protection law, we act as a data controller for your advisor account information and as a data processor for the client financial information you enter and store in the service on your clients' behalf. Contact details are in section 14.

2. Information we collect

Account information. When you register we collect your email address and a securely hashed version of your password. We never store your password in plain text.

Subscription information. When you start a subscription we store identifiers issued by our payment processor (a Stripe customer ID and subscription ID) and your current subscription status and renewal/trial dates. We do not collect or store your full card number — see section 7.

Client financial records. The planning data you enter, which may include each client's name, date of birth, income, savings, expenses, CPF balances, employment status and financial goals (including planned property purchases). This may also include retirement planning inputs (target retirement age, target amount and assumed growth rates), credit card spend and miles data, and insurance or investment policy details entered in the Policy Summary.

Technical & usage data. Standard server logs such as IP address, browser type, the pages requested and timestamps, retained for security, debugging and abuse-prevention. We also use rate-limiting that records request counts per IP address.

Email communications. Account emails (verification and password-reset links) are sent through our email provider, which processes your email address to deliver them.

3. Your clients' data & your responsibilities

The financial information you enter about your clients belongs to you and your clients, not to us. We store and process it solely so that you can use the planning features.

As the advisor entering this data, you are responsible for having a lawful basis (such as your client's consent) to collect and input their personal data, for telling your clients how their information is used, and for only entering data you are authorised to process. We recommend entering the minimum detail needed and avoiding national identification numbers, full addresses or other data not required for a projection.

Each advisor account's data is logically isolated; one advisor cannot access another advisor's clients.

4. How we use information

• To create and operate your account and authenticate you.
• To generate the financial projections, charts and goal summaries you request.
• To manage your subscription, free trial and billing through our payment processor.
• To send essential account emails (email verification, password resets).
• To secure the service, prevent fraud and abuse, and diagnose technical problems.
• To comply with our legal obligations.

We do not sell your data or your clients' data, and we do not use it for advertising.

5. Legal basis for processing

Where the GDPR applies, we rely on: performance of a contract (to provide the service you signed up for); legitimate interests (to secure and improve the service, and prevent abuse); consent (where required, e.g. non-essential cookies — we currently use none); and legal obligation (e.g. tax and accounting records relating to payments). Under Singapore's PDPA, we collect, use and disclose personal data for the purposes notified in this policy and to which consent has been given.

6. Who we share data with

We share data only with the service providers (sub-processors) needed to run AdvisorLens:

• Stripe — payment processing and subscription management.
• Resend — delivery of transactional account emails.
• Our hosting and database provider — to run the application and store your data.

Each provider processes data only on our instructions and under its own security and data-protection commitments. We may also disclose data if required by law, or to protect our rights, users or the public. If we are ever involved in a merger or acquisition, data may be transferred as part of that transaction, subject to this policy.

7. Payments

All card payments are handled directly by Stripe, a PCI-DSS Level 1 certified payment processor. Your card details are entered on Stripe's hosted checkout and are sent to Stripe, not to us. We only ever receive non-sensitive identifiers (such as your Stripe customer ID and the last status of your subscription). Stripe's handling of your payment data is governed by Stripe's Privacy Policy.

8. How long we keep data

We keep your account and client data for as long as your account is active. If you delete a client record, it is removed from our active database. If you close your account, we delete or anonymise your account and client data within a reasonable period, except where we must retain certain records (for example, payment and tax records) to meet legal obligations.

Server and security logs are kept for a limited period and then deleted or anonymised.

9. How we protect data

• Passwords are stored only as salted bcrypt hashes, never in plain text.
• Traffic between your browser and our servers is encrypted with HTTPS/TLS, with HTTP Strict Transport Security enforced.
• Session cookies are HttpOnly, Secure and SameSite-restricted to reduce hijacking and cross-site risks.
• Each advisor's data is access-controlled so it can only be reached by that authenticated account.
• Security headers and request rate-limiting help defend against common web attacks and brute-force attempts.

No method of transmission or storage is perfectly secure, but we work to protect your data using industry-standard measures. If a breach affecting your personal data occurs, we will notify affected users and the relevant authorities as required by law.

10. Your rights

Depending on where you live, you may have the right to access, correct, delete, export or restrict the processing of your personal data, and to withdraw consent. You can update or delete client records directly in the app, and you can request account deletion by contacting us. To exercise any other right, email us at the address in section 14 and we will respond within the timeframe required by applicable law.

If your clients wish to exercise rights over their data, they should in the first instance contact you, the advisor who entered it; we will support you in responding to such requests.

11. Cookies

We use a single strictly necessary session cookie to keep you logged in. We do not use advertising or third-party tracking cookies, so no cookie-consent banner is required. Disabling the session cookie will prevent you from logging in.

12. Children

AdvisorLens is a professional tool intended for licensed or practising financial advisors. It is not directed at children, and we do not knowingly collect personal data directly from anyone under 18 as an account holder.

13. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the "Last updated" date above and, where appropriate, notify you by email or in the app. Continued use of AdvisorLens after a change takes effect means you accept the revised policy.

14. Contact us

If you have questions about this policy or how we handle data, or to exercise your rights, contact us at [email protected].