ParticipationProBack to Home

Legal

Privacy Policy

Last updated: April 12, 2026 — DRAFT — Pending legal review by Ed Lyon

This document is a structural draft pending review by legal counsel. Final privacy policy will be published before public launch.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Name, email address, phone number
  • Business name, practice type, license information (advisors)
  • Company name, website, contact information (vendors)
  • Shipping address (for physical binder delivery)

Compliance Data

When using the Platform, we collect:

  • Material participation activity logs (dates, durations, categories, descriptions)
  • Evidence files (photos, receipts, PDFs uploaded as supporting documentation)
  • Training module completion records
  • Attestation acknowledgments with digital signatures
  • Print confirmation records
  • Calendar data (if calendar sync is enabled)

Communication Records

All reminders, notifications, and advisor-client communications sent through the Platform are logged in the immutable audit trail. This includes delivery timestamps, open/click tracking, and client acknowledgment responses.

Usage Data

We collect standard usage analytics: pages visited, features used, session duration, device type, and IP address.

2. How We Use Your Information

  • Compliance tracking — Recording and organizing material participation hours
  • Audit documentation — Generating compliance reports, protection reports, and audit packages
  • Reminders — Sending compliance reminders via email, SMS, and push notifications
  • Gamification — Calculating Compliance Scores, XP, levels, streaks, and badges
  • Analytics — Providing advisors and vendors with portfolio compliance insights
  • Blockchain anchoring — Creating cryptographic proofs of audit log integrity
  • Platform improvement — Analyzing aggregated, de-identified usage patterns

3. Data Ownership

Your data belongs to you.Clients own their participation data. Advisors have authorized access to their clients' data. Strategy vendors see aggregated compliance metrics across their advisor network — never individual client data unless explicitly authorized.

You may export all your data at any time in standard formats (CSV, PDF). Upon account termination, you have 90 days to export before data is permanently deleted.

4. Data Sharing

We share data only in these circumstances:

  • With your advisor — Clients' compliance data is visible to their linked advisor(s)
  • With your vendor — Aggregated compliance metrics are visible to strategy vendors
  • Service providers — Stripe (payments), Supabase (database hosting), Sentry (error monitoring), Vercel (hosting)
  • Legal compliance — When required by law, subpoena, or valid legal process
  • Blockchain — Cryptographic hashes (not raw data) are anchored to Bitcoin. No personal information is stored on-chain.

We never sell personal data to third parties.

5. Data Security

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Row-level security policies enforce tenant data isolation
  • SOC 2 Type I certification in progress
  • Immutable audit log prevents retroactive modification of compliance records
  • Regular security assessments and penetration testing

6. Audit Log Retention

Audit log entries are retained for 7 yearsafter account termination, consistent with IRS record retention requirements (IRC §6501 statute of limitations). This retention applies even if the user deletes their account, as the audit trail may be needed for tax proceedings initiated within the lookback period.

7. Cookies and Tracking

We use:

  • Essential cookies — Authentication, tenant switching, session management
  • Analytics — Aggregated usage patterns (no individual tracking sold to advertisers)

We do not use third-party advertising cookies or retargeting pixels.

8. Children's Privacy

The Platform is not intended for use by individuals under 18. We do not knowingly collect personal information from minors.

9. Your Rights

You have the right to:

  • Access and export all your personal data
  • Correct inaccurate information
  • Delete your account (subject to audit log retention requirements)
  • Opt out of non-essential communications
  • Restrict processing of your data

10. Changes to This Policy

We may update this Privacy Policy with 30 days' notice via email. Continued use of the Platform after changes constitutes acceptance.

11. Contact

Privacy questions should be directed to:
Elite Advisor Tools
806 NW 16th Ave, Unit 221
Gainesville, FL 32601