This policy explains what we collect, why, who we share it with, and how long we keep it. The short version: we collect what we need to run the product, we never sell your data, and you can leave with everything anytime.
Account data. Name, email, organization, billing address, and the metadata our identity provider gives us about your sign-in method.
Financial data. When you link an account through our aggregation partners, we receive balances, holdings, and transactions. We never receive or store your bank/brokerage credentials.
Manual data. Anything you enter yourself — entities, beneficiaries, manual holdings, documents.
Usage data. Page-views, feature-use, performance metrics, and error logs — collected to operate and improve the product.
Device data. Browser, OS, IP address (collected for security and fraud prevention; not used for ad targeting).
A short list of vendors necessary to run the product:
Each vendor has a current Data Processing Agreement with DomusOS, available on request.
A current list of named sub-processors is provided under NDA on request.
You can request earlier deletion at any time (see §7).
TLS 1.3 in transit. AES-256 at rest. Per-tenant KMS keys. End-to-end encryption for team messages is built on the Signal protocol and being rolled out: today, per-device keys are generated in your browser, and full encrypted message delivery is in active development. Annual penetration testing. See our Trust Center for the full posture.
Depending on where you live, you have the right to:
Email privacy@domusos.iofor anything we don't let you do in-app, and we'll respond within 30 days.
We use a small number of cookies:
We do not use third-party advertising cookies or cross-site tracking pixels on any DomusOS-controlled surface.
If we make a material change to this policy, we'll email the address on file at least 30 days before it takes effect. Non-material clarifications are dated at the top of this page.
privacy@domusos.io · DomusOS, Inc., Attn: Privacy, Chicago, IL.
See also: Terms of Service