Privacy Policy

riskDNA, Inc. (“riskDNA,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform at riskdna.ai (the “Service”). By accessing or using the Service, you consent to the practices described herein.

Personal Information

• Name, email address, phone number, and firm/company name provided during account registration
• Billing and payment information processed through our payment provider
• Professional credentials (CRD number, firm affiliation) when voluntarily provided

Usage Data

• Device information (browser type, operating system, screen resolution)
• IP address and approximate geographic location
• Pages visited, features used, time spent on the platform
• Clickstream data and interaction patterns

Cookies & Tracking Technologies

• Essential cookies required for authentication and session management
• Analytics cookies (Google Analytics / GA4) to understand usage patterns
• Marketing cookies (HubSpot) to deliver relevant communications

• Service Delivery: To operate, maintain, and provide the features of the platform
• Analytics: To understand how users interact with the Service and improve functionality
• Communications: To send transactional emails, product updates, and (with consent) marketing materials
• Security: To detect, prevent, and address fraud, abuse, and technical issues
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

We use the following third-party service providers who may process your data:

• Google Firebase / Google Cloud: Authentication, database, and hosting infrastructure
• Google Analytics (GA4): Website and product analytics
• HubSpot: CRM, email marketing, and customer communications
• Mercury: ACH payment processing and invoicing
• Render: Application hosting and backend infrastructure

Each provider operates under its own privacy policy. We encourage you to review their respective policies.

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: retained while your account is active and for 90 days after deletion request
• Usage and analytics data: retained in aggregated/anonymized form for up to 26 months
• Billing records: retained for 7 years as required by tax and accounting regulations
• Support correspondence: retained for 3 years after last interaction

You may request deletion of your data at any time (see Your Rights below).

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: We do not sell your personal information. If this changes, we will provide a clear opt-out mechanism
• Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA rights

To exercise these rights, contact us at privacy@riskdna.ai.

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain a copy of your personal data we process
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure:Request deletion of your personal data (“right to be forgotten”)
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Restrict Processing: Request limitation of processing in certain circumstances

Our legal bases for processing include consent, contractual necessity, and legitimate interests. To exercise these rights, contact privacy@riskdna.ai.

We use the following categories of cookies:

• Essential Cookies: Required for authentication, security, and basic functionality. These cannot be disabled.
• Analytics Cookies (GA4): Help us understand how visitors interact with the platform. You may opt out via the cookie consent banner or your browser settings.
• Marketing Cookies (HubSpot): Used to deliver relevant communications and measure campaign effectiveness. You may opt out via the cookie consent banner.

You can manage your cookie preferences at any time through our cookie consent banner or by adjusting your browser settings. Note that disabling certain cookies may impact your experience.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected data from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at privacy@riskdna.ai.

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS/HTTPS) and at rest (AES-256)
• Firebase Authentication with multi-provider SSO support
• Role-based access controls and scoped permissions
• Regular security reviews and monitoring
• US-based cloud infrastructure with Google Cloud

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

We will never sell, rent, or trade your personal information or client data to third parties. Advisor data shared through our marketplace features is anonymized and aggregated. Asset managers cannot identify individual advisors or their clients without explicit consent.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the “Last updated” date. For significant changes, we will provide additional notice via email or an in-app notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: