How Axfolio collects, uses, protects, and shares personal information — and the privacy choices and rights available to you.
Axfolio is a portfolio-intelligence tool built for investment advisors. We collect the information needed to operate the product, support our customers, and keep the Services secure. We do not sell your personal information and we do not use it for advertising. Client portfolio data is handled on behalf of the advisory firm that uploaded or connected it. You have rights over your information — see Section 11. Questions? Email colincapital0@gmail.com.
Axfolio, Inc. ("Axfolio," "we," "us," or "our") operates the Axfolio platform — a portfolio-intelligence service for Registered Investment Advisors ("RIAs" or "advisors") — together with the website at axfolio.io (the "Site"). The platform and the Site are referred to collectively as the "Services."
This Privacy Policy explains what personal information we collect, how we use and protect it, when and with whom we share it, and the rights and choices available to you. It applies to:
This Policy does not apply to the practices of third parties we do not own or control, or to an advisory firm's own privacy practices toward its clients. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Services.
Axfolio handles personal information in two distinct capacities. Which one applies determines our obligations and how you should exercise your rights.
For information about Site visitors, waitlist signups, and the advisors and personnel who hold Axfolio accounts, Axfolio determines the purposes and means of processing. We are responsible for that information, and this Privacy Policy governs how we handle it.
When an advisor uploads, imports, or connects client portfolio and account information to the Services, Axfolio processes that information on behalf of, and under the instructions of, the advisory firm. In that case the RIA — not Axfolio — is the controller of the client information and is responsible for providing privacy notices to, and obtaining any necessary consent from, its own clients. Axfolio uses that information only to provide the Services and as permitted by its agreement with the firm.
If you are a client of an RIA and have questions about how your information is used, please contact your advisor or advisory firm in the first instance.
When advisors use the Services, they upload or connect information about their clients and those clients' accounts, which may include:
We process this information solely as a service provider, on the advisory firm's behalf (see Section 2).
If an advisor or end user links a financial account through Plaid or a custodial integration (such as Altruist), we receive account and investment information from that provider — for example, account identifiers, balances, holdings, and transactions — along with the authorization tokens needed to retrieve it. See Section 8.
When you use the Services, we and our infrastructure providers automatically collect:
We do not collect precise geolocation, and we do not use the Services to track you across other websites or apps.
We use personal information for the following purposes:
We do not use client portfolio information for advertising, and we do not use it to train third-party AI models. Numeric analysis is computed by Axfolio; only the derived figures and context needed to generate written commentary are sent to our AI provider, under terms that prohibit the provider from using that data to train its models.
Where data-protection law requires a legal basis, we rely on: performance of a contract; your consent; our legitimate interests in operating, securing, and improving the Services; and compliance with our legal obligations.
We rely on a small set of vendors to deliver the Services. Each is bound by contract to protect the information it processes and to use it only on our instructions. Our principal sub-processors are:
| Provider | Function | Information processed |
|---|---|---|
| Supabase | Managed database, authentication, and storage | Account data, client and portfolio data, audit records |
| Vercel | Application hosting and content delivery | Requests, log and diagnostic data |
| Plaid | Financial-account aggregation | Account connection data, balances, holdings, transactions |
| Altruist | Custodial data integration | Account, position, and transaction data for connected custodial accounts |
| Anthropic | AI-generated written commentary | Portfolio analytics and context used to generate commentary |
| Email provider | Transactional and service email | Name, email address |
| Market-data provider | Securities pricing and metadata | Public security identifiers only — no client personal information |
This list may change as the Services evolve. We evaluate the security posture of new sub-processors before integrating them, preferring vendors that maintain industry-recognized security attestations (such as SOC 2). An up-to-date list is available on request.
Axfolio uses Plaid Inc. ("Plaid") to let users connect financial accounts to the Services. When you connect an account through Plaid, you may provide credentials or authorize access directly through Plaid's interface. Plaid collects and processes your information in accordance with Plaid's own end user privacy policy, which we encourage you to review at plaid.com/legal.
By connecting an account through Plaid, you authorize Axfolio to access and use the account information Plaid provides in order to deliver the features you request, such as portfolio analysis and reporting. We store integration tokens securely and use the connected data only for the purposes described in this Policy. You can disconnect a linked account at any time; once disconnected, we stop retrieving further data and delete the associated access tokens.
The same principles apply to custodial integrations (such as Altruist): we access account and portfolio data only with authorization, and only to provide the Services.
We retain personal information for as long as needed to provide the Services and for legitimate business and legal purposes:
When information is no longer needed, we delete or de-identify it. Upon account termination or a verified deletion request, we delete or irreversibly anonymize personal information within a commercially reasonable time (generally within 30 days), except where retention is required by law or to support an advisory firm's regulatory recordkeeping obligations.
We maintain administrative, technical, and physical safeguards designed to protect personal information. These include encryption in transit (TLS) and at rest; strict access controls and tenant isolation enforced at the database layer; authentication verified on every request; careful secrets management; rate limiting and abuse prevention; logging and monitoring; and the use of reputable, security-attested infrastructure providers. Further detail is set out in our Information Security Policy, which is available on request.
No method of transmission over the internet or method of electronic storage is completely secure. While we work hard to protect your information, we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information, we will notify you and the applicable authorities as required by law.
Depending on where you live and the law that applies, you may have some or all of the following rights regarding personal information for which Axfolio acts as the controller:
To exercise these rights, email us at colincapital0@gmail.com. We will verify your request, which may require confirming your identity, and respond within the timeframe required by applicable law. You may use an authorized agent where the law permits. We will not discriminate against you for exercising your privacy rights.
If your request concerns client or portfolio information that an advisor uploaded or connected, Axfolio acts only as a service provider. Please direct the request to the advisory firm, which is the controller of that information. If you contact us, we will refer the request to the relevant firm or assist that firm in responding.
Marketing choices. You can opt out of marketing email at any time using the unsubscribe link in any marketing message, or by contacting us. We will still send necessary service and transactional messages related to your account.
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the "CCPA"), provides additional rights.
To submit a request, email colincapital0@gmail.com. We will verify and respond as required by law.
Residents of other U.S. states that have enacted comprehensive consumer-privacy laws — including, among others, Virginia, Colorado, Connecticut, Utah, Texas, and Oregon — may have rights to confirm, access, correct, and delete their personal information, to obtain a copy of it, and to opt out of targeted advertising, the sale of personal information, and certain profiling.
Axfolio does not sell personal information, does not engage in targeted advertising, and does not conduct profiling that produces legal or similarly significant effects about individuals. To exercise any right available to you, email colincapital0@gmail.com. Where the applicable law provides a right to appeal a denied request, we will inform you how to appeal.
Axfolio is based in the United States and operates the Services primarily in the United States. If you access the Services from outside the United States, you understand that your information will be processed in the United States and in other countries where we or our service providers operate. Those countries may have data-protection laws that differ from the laws of your country. Where required, we use appropriate safeguards for cross-border transfers. The Services are intended for advisory firms and users in the United States, and we do not market the Services to individuals in the European Economic Area or the United Kingdom.
The Services are intended for use by investment-advisory professionals and are not directed to children. We do not knowingly collect personal information directly from children under 13 years of age (or under 16 where applicable) in our capacity as a controller. Advisors may, in the course of using the Services, include information about minor beneficiaries or family members within household records; that information is processed on the advisory firm's behalf as service-provider data. If you believe we have inadvertently collected a child's personal information as a controller, please contact us and we will delete it.
The Services and Site may contain links to third-party websites and services — for example, Plaid, a custodian, or reference materials — that we do not operate or control. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice — for example, by email or through a notice within the Services. Your continued use of the Services after an update takes effect means you accept the revised Policy.
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:
Axfolio, Inc.
Email: colincapital0@gmail.com
We will respond as promptly as we can and within any timeframe required by applicable law.