Introduction
AryaWealth ("we", "our", or "the App") is committed to protecting your privacy. This Privacy Policy explains how data is handled when you use our application, available on iPad, iPhone, and Mac (Mac Catalyst). The App is published by Mindil Advisory Services Limited (NZ company no. 9392892).
AryaWealth is a local-first application. Most of the data you work with in the App lives on your device and never reaches AryaWealth or Mindil. Three distinct categories of data exist, each handled differently. They are described below.
Data You Enter Into the App
When you use the App, you enter information including portfolio holdings, transaction data, brokerage credentials, bank account details, banking transactions imported from connected accounts, watchlist selections, goal parameters, property and mortgage details, handwritten annotations, third-party API keys, and any text typed into the AI chat assistant or in-app support chat.
This data is stored locally on your device using AES-256-GCM encryption. Sensitive bank account fields, annotations, and real estate fields are individually field-encrypted. Credentials and API keys are stored exclusively in the Apple Keychain.
If you enable iCloud sync, this data may be replicated to your private iCloud container, with field-level encryption applied before data leaves the device. CloudKit sees opaque encrypted strings rather than addresses, balances, or annotation contents.
AryaWealth does not receive, log, or retain copies of any of this data. We operate no servers or databases that hold it, and we have no ability to access it on your device.
Data That Transits AryaWealth Infrastructure
Two narrow flows route through stateless edge proxies operated by AryaWealth. In both cases, the proxy forwards data without inspection, logging, or storage.
Akahu (NZ open banking) handshake and webhooks. When you connect a bank account through Akahu, OAuth authorisation responses and subsequent webhook payloads — including balance and transaction data — pass through the proxy en route to your device. The proxy holds these payloads only long enough to forward them and does not store, log, or otherwise retain their contents.
Subscriber-tier API key proxying. Where AryaWealth supplies shared API keys to certain providers on behalf of subscribers, requests pass through a stateless key-holding proxy that injects the shared key and forwards the request. The proxy holds shared keys but does not inspect, log, or retain request or response bodies. Users who provide their own API keys connect directly to the provider and do not transit this proxy.
Data You Send to AryaWealth Directly
If you contact us — for example by emailing contact@aryawealth.ai — the contents of that correspondence are received and stored by our email provider. Emails are retained for the period reasonably necessary to respond to your enquiry and to maintain records of professional correspondence. Email contents are not shared with third parties except where required by law.
This is the only category of data of which AryaWealth is the controller in any meaningful sense.
How the App Uses Your Data
The App uses the data you enter to provide its core functionality on your device: portfolio tracking, performance analysis, AI-powered insights, banking and spending insights, net worth tracking with What-If projections, Monte Carlo simulations, research tools (including FX), tax analysis, real estate analysis, mortgage detection, annotation interpretation, in-app support, report generation, and encrypted peer-to-peer sharing.
The App does not use your data for advertising, profiling, or any purpose unrelated to delivering its features. Where you have configured a third-party AI or market-data provider, the App may transmit relevant context directly from your device to that provider, scoped according to your in-app consent settings. Such transmission is governed by the provider's own privacy policy.
Third-Party Services
The App may connect to third-party services you explicitly configure, including brokerage integrations (Sharesight, SnapTrade), open banking providers (Akahu), AI model providers (Anthropic, OpenAI, and on-device Apple Foundation Models), and market data and news APIs. Data transmitted to these services is governed by their respective privacy policies. All cloud connections use certificate pinning across 11 domains to prevent interception.
Data Sharing
We do not sell, rent, or share your personal data with third parties. Your portfolio data is not stored on AryaWealth-operated servers. The only external data transmission occurs when you initiate a connection to a third-party service you have configured, or when you generate an encrypted .wealthpackage to share with a recipient of your choosing — in which case the package is end-to-end encrypted under a passphrase you set, with optional time-limited expiry.
Data Security
We employ layered security including AES-256-GCM encryption for all stored data, field-level AES-256-GCM encryption for sensitive fields synced via CloudKit, Apple Keychain for credential storage, certificate pinning on all API connections (11 domains), biometric authentication (Face ID / Touch ID / Optic ID) with app-switcher blur, prompt-injection sanitisation on all AI inputs, and consent-tier governance over what data reaches the AI layer.
Data Retention & Deletion
All data is stored on your device. You can delete all App data at any time by removing the App from your device, or by using the in-app data management features. Shared .wealthpackage imports are subject to expiry enforcement at launch. We retain no copies of your data on any server.
Children's Privacy
The App is not directed at children under the age of 13. We do not knowingly collect personal information from children.
Beta Programme
AryaWealth is currently in public beta. While security architecture and data handling are designed to production standards, beta software may contain defects affecting data integrity. Users should maintain independent backups of financial data and exercise additional caution when relying on outputs during the beta period.
Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date above and made available within the App and on this page.
Contact Us
If you have questions or concerns about this Privacy Policy, please contact us at contact@aryawealth.ai.