Introduction

AryaWealth ("we", "our", or "the App") is committed to protecting your privacy. This Privacy Policy explains how data is handled when you use our application, available on iPad, iPhone, and Mac (Mac Catalyst). The App is published by Mindil Advisory Services Limited (NZ company no. 9392892).

AryaWealth is a local-first application. Most of the data you work with in the App lives on your device and never reaches AryaWealth or Mindil. Three distinct categories of data exist, each handled differently. They are described below.

Data You Enter Into the App

When you use the App, you enter information including portfolio holdings, transaction data, brokerage credentials, bank account details, banking transactions imported from connected accounts, watchlist selections, goal parameters, property and mortgage details, handwritten annotations, third-party API keys, and any text typed into the AI chat assistant or in-app support chat.

This data is stored locally on your device in a local-only store, protected at rest by iOS Data Protection — hardware-backed encryption derived from your device passcode. Cache and non-relational data is additionally encrypted with AES-256-GCM under Keychain-managed keys. Credentials and API keys are stored exclusively in the Apple Keychain. There is no cloud database holding your data.

You may create an encrypted backup to iCloud Drive, or transfer data directly to another of your devices over the local network. Backups are encrypted under a passphrase you set before they leave the device; nearby transfers run over an authenticated, encrypted connection directly between your devices with no server in between.

AryaWealth does not receive, log, or retain copies of any of this data. We operate no servers or databases that hold it, and we have no ability to access it on your device.

Data That Transits AryaWealth Infrastructure

Two narrow flows route through stateless edge proxies operated by AryaWealth. In both cases, the proxy forwards data without inspection, logging, or storage.

Open banking handshake and webhooks. When you connect a bank account through Akahu (NZ) or Finverse (HK/SG), OAuth authorisation responses and subsequent webhook payloads — including balance and transaction data — pass through the proxy en route to your device. The proxy holds these payloads only long enough to forward them and does not store, log, or otherwise retain their contents.

Managed API access and market data. Where AryaWealth supplies shared API keys on your behalf — for AI providers, and for the provider-blind market data, FX, and news surface — requests pass through a stateless key-holding proxy that injects the shared key and forwards the request. The proxy holds shared keys but does not inspect, log, or retain portfolio data. Market-data requests carry no portfolio information, and the news pool is public metadata only. Users who provide their own AI keys connect directly to the provider and do not transit this proxy.

Data You Send to AryaWealth Directly

If you contact us — for example by emailing contact@aryawealth.ai — the contents of that correspondence are received and stored by our email provider. Emails are retained for the period reasonably necessary to respond to your enquiry and to maintain records of professional correspondence. Email contents are not shared with third parties except where required by law.

This is the only category of data of which AryaWealth is the controller in any meaningful sense.

How the App Uses Your Data

The App uses the data you enter to provide its core functionality on your device: portfolio tracking, performance analysis, AI-powered insights, banking and spending insights, net worth tracking with What-If projections, deterministic projection modelling, research tools (including FX), tax analysis, real estate analysis, mortgage detection, annotation interpretation, in-app support, report generation, and encrypted peer-to-peer sharing.

The App does not use your data for advertising, profiling, or any purpose unrelated to delivering its features. Where you have configured a third-party AI or market-data provider, the App may transmit relevant context directly from your device to that provider, scoped according to your in-app consent settings. Such transmission is governed by the provider's own privacy policy.

Third-Party Services

The App may connect to third-party services you explicitly configure, including brokerage integrations (Sharesight, SnapTrade, Saxo Bank), open banking providers (Akahu, Finverse), AI model providers (Anthropic, OpenAI, on-device Apple Foundation Models, or a self-hosted model on your own network), and a provider-blind managed market-data and news surface. Data transmitted to these services is governed by their respective privacy policies. External connections use TLS certificate pinning to prevent interception.

Data Sharing

We do not sell, rent, or share your personal data with third parties. Your portfolio data is not stored on AryaWealth-operated servers. The only external data transmission occurs when you initiate a connection to a third-party service you have configured, or when you generate an encrypted .wealthpackage to share with a recipient of your choosing — in which case the package is end-to-end encrypted under a passphrase you set, with optional time-limited expiry.

Data Security

We employ layered security including a local-only data store protected at rest by iOS Data Protection, AES-256-GCM encryption for cache and backup data under Keychain-managed keys, Apple Keychain for credential storage, TLS certificate pinning on external API connections, biometric authentication (Face ID / Touch ID / Optic ID) with app-switcher blur, prompt-injection sanitisation on all AI inputs, and consent-tier governance over what data reaches the AI layer.

Data Retention & Deletion

All data is stored on your device. You can delete all App data at any time by removing the App from your device, or by using the in-app data management features. Shared .wealthpackage imports are subject to expiry enforcement at launch. We retain no copies of your data on any server.

Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect personal information from children.

Beta Programme

AryaWealth is currently in public beta. While security architecture and data handling are designed to production standards, beta software may contain defects affecting data integrity. Users should maintain independent backups of financial data and exercise additional caution when relying on outputs during the beta period.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date above and made available within the App and on this page.

Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at contact@aryawealth.ai.