Privacy Policy
Last Updated: May 24, 2026 • Version 1.1
At WelathStead, we believe that personal ledger data is sacred. Financial sovereignty is impossible without absolute privacy. This policy outlines our uncompromising operational standards for securing your balance sheets, isolating transactions, and maintaining complete, mathematically proven privacy safeguards.
1. Personal Ledger Data Ownership
You retain absolute, sovereign ownership of all transaction data, statement files, account connections, and strategic financial targets that you register inside WelathStead. We will never sell, lease, share, or monetize your ledger history with third-party advertisers, brokers, or data harvesters.
2. Secure Data Collection Boundaries
WelathStead strictly minimizes data aggregation to what is mathematically necessary to run cash velocity calculations:
- Account Credentials: Basic usernames are cryptographically stored. We protect client passwords using advanced custom scrypt hashing algorithms.
- Imported Statements: Statement PDF/image documents uploaded to our queue are processed dynamically inside secure, temporary sandboxed execution environments.
- Extracted Ledger Records: Transaction details (amount, date, description, category, and type) are saved directly in secure cloud databases under strict tenant separation.
3. Encryption & Vault Protection
Double-Lock Storage Standard
All ledger entries, financial goals, and commitments are encrypted both in transit (using TLS 1.3 protocols) and at rest (using AES-256 standard encryption keys inside our isolated Firestore document clusters).
4. Transaction Integrity & Filtering
Unlike standard budget trackers, our transaction parsing strictly isolates internal transfers (transfers between checking, savings, and investment accounts) to protect your true uncommitted spending velocity. These calculations occur locally or inside secure cloud functions under atomic constraints.
5. Dynamic Sensitive Mode Protection
To prevent shoulder-surfing and protect your privacy in public spaces, WelathStead includes a client-controlled Sensitive Mode toggle. When activated, all cash figures, salary values, and net surplus outputs are instantly masked across all active screens. This toggle works instantly in the browser without network latency or server logs.
6. Third-Party AI Integrations
If you choose to generate personal API access tokens inside your settings page to connect external AI agents (like ChatGPT or Claude), those calls are executed under strict bearer token validation. The external agents only receive the narrow data fields that you authorize, and those connections can be instantly revoked inside your dashboard with one click.