Back to WealthDOS

Privacy Policy

Last updated: April 24, 2026

Overview

WealthDOS is a personal finance tool that runs primarily in your browser. Your financial data stays on your device by default. We do not collect, store, or have access to your personal or financial information. Optional features like the AI Finance Companion may transmit specific data to third-party services with your explicit consent, as described below.

Data Storage

All data you enter into WealthDOS, including expenses, income, portfolio holdings, goals, and settings, is stored exclusively in your browser's local storage. This data exists only on your device and is not sent to any server unless you explicitly use a feature that requires external processing (see AI Finance Companion section below).

If you clear your browser data, switch browsers, or use a different device, your WealthDOS data will not be available. You can use the export feature in Settings to create a backup file at any time.

No Accounts or Authentication

WealthDOS does not require you to create an account, sign in, or provide any personal information such as your name, email address, or phone number.

External Services

WealthDOS makes requests to third-party APIs solely to display live market data:

  • Exchange rate data for currency conversion
  • Stock, ETF, and cryptocurrency price quotes

These requests do not include any of your personal or financial data. Only the asset symbols you've added (e.g. "AAPL", "BTC-USD") are sent to retrieve price information. No identifying information is transmitted. For data shared with the AI companion, see the AI Finance Companion section.

App Lock (PIN)

WealthDOS offers an optional PIN lock to protect access to your financial data. If you choose to set a PIN, it is never stored as plain text. Your PIN is derived using PBKDF2 (Password-Based Key Derivation Function 2) with 100,000 iterations and a cryptographically random salt unique to your device, before being saved to your browser's local storage.

The derivation process is one-way. Your original PIN cannot be recovered from the stored value. The derived key is never transmitted to any server. After 5 incorrect attempts, the app locks for 30 seconds, doubling with each subsequent lockout to prevent brute force attacks. If you forget your PIN, the only option is to clear your browser's local storage, which will also remove all your app data.

Biometric Unlock (Face ID / Touch ID)

WealthDOS offers an optional biometric unlock feature as a convenient alternative to entering your PIN. This feature uses the Web Authentication API (WebAuthn) built into your browser and operating system.

When you enable biometric unlock, a cryptographic key pair is generated and stored securely by your device's platform authenticator (e.g. Secure Enclave on Apple devices, TPM on Windows). WealthDOS only stores a non-sensitive credential identifier in your browser's local storage. Your biometric data (fingerprint, face scan) is never accessed, read, or stored by WealthDOS.

No biometric data is ever transmitted to any server. If you disable biometric unlock, the credential reference is removed from local storage.

AI Finance Companion

WealthDOS includes an optional AI-powered finance companion. When you use this feature, specific financial data is sent to Anthropic (the company behind Claude AI) to generate personalized responses.

  • Only the data needed to answer your specific question is sent. The companion uses a tool-based architecture where the AI model requests only the relevant data slices (e.g., your portfolio summary, your expenses for a given period).
  • Your entire financial history is never sent in bulk. General questions (e.g., 'What is a Roth IRA?') send no personal data at all.
  • Anthropic does not use API data to train their models, per their API terms of service.
  • Anthropic may retain API inputs and outputs for up to 30 days for trust and safety purposes (abuse detection), after which the data is deleted.

You must explicitly consent before using the AI companion. You can revoke consent at any time by clearing companion data in Settings.

Cookies, Analytics and Tracking

WealthDOS does not use cookies, tracking pixels, or any form of cross-site tracking. We do not use Google Analytics, Facebook Pixel, or any similar service. We use Vercel Web Analytics to measure anonymous page views and feature usage across the app. This service uses no cookies, collects no personal data, and stores no identifying information. We track anonymous counters such as which features are used (e.g., 'expense added', 'simulation run') but never who performed the action.

Offline Access

WealthDOS is a Progressive Web App (PWA) that can work offline. A service worker caches the application files on your device to enable offline access. This caching is purely functional and does not involve any data collection.

Data Deletion

Since all data is stored locally on your device, you have full control over it at all times. You can delete all your data from Settings > Delete All Data, or by clearing your browser's local storage.

Children's Privacy

WealthDOS does not knowingly collect any information from anyone, including children under 13. Since no personal data is collected, there is no data to protect under COPPA or similar regulations.

Changes to This Policy

If we make changes to this privacy policy, we will update the date at the top of this page. Since we do not collect email addresses, we cannot notify you directly. We recommend reviewing this page periodically.