Privacy Policy

1. Overview

AdvisorAssist LLC ("AdvisorAssist," "we," "us," or "our"), a Utah limited liability company based in Salt Lake City, operates the AdvisorAssist platform, including the desktop application, website at advisorassist.app, APIs, and related services (collectively, the "Service").

This Privacy Policy describes what information we collect, how we use it, and your choices regarding your data. AdvisorAssist is designed with a privacy-first architecture: the majority of your data is stored locally on your device and never leaves your machine.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name and email address through Google or GitHub OAuth. We do not collect or store passwords.

2.2 License & Device Information

When you activate the desktop application, we collect device identifiers to bind your license to your machine:

Machine ID (hardware-derived identifier)
Hardware fingerprint (a composite hash of hardware components)
MAC addresses
Disk serial number
CPU identifier
Motherboard serial number
OS installation identifier
Application version

This information is used solely for license validation and anti-piracy purposes.

2.3 Payment Information

Payment processing is handled by Stripe. We do not directly collect, store, or process credit card numbers or bank account details. Stripe may collect billing information in accordance with their privacy policy. We receive a Stripe customer ID and subscription status from Stripe.

2.4 Data Stored Locally on Your Device

The following data is created and stored exclusively on your local machine in an encrypted database. This data is never transmitted to our servers:

Chat conversations and AI interaction history
Customer account information (names, contacts, revenue data, renewal dates)
Email drafts and outreach records
Tech stack investigation results
Health scores and analytics
Support ticket submissions and follow-up tracking
User profile preferences and tech wheel familiarity
AppDirect and Google authentication tokens (encrypted via your operating system's keychain)

2.5 Website Usage

When you visit our website, we may collect standard web server logs (IP address, browser type, pages visited). We use this information to maintain and improve the website.

3. How We Use Information

We use the information we collect to:

Provide, maintain, and improve the Service
Validate license keys and manage subscriptions
Process payments through Stripe
Provision and manage cloud infrastructure for Subscription tier customers
Communicate with you about your account, billing, or support requests
Enforce our Terms of Service and protect against misuse

We do not use your data to train AI models. We do not sell your data to third parties. We do not collect usage analytics or telemetry from the desktop application.

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We share information only in these circumstances:

Payment processing: Subscription and billing data is shared with Stripe to process payments.
Cloud infrastructure: For Subscription tier customers, we provision Google Cloud Platform resources on your behalf (see Section 6).
Legal requirements: We may disclose information if required by law, regulation, or legal process.

5. Local Data Storage & Encryption

The AdvisorAssist desktop application stores the majority of your data locally on your machine using an encrypted SQLite database. Encryption keys are generated and stored in your operating system's secure keychain:

Windows: Data Protection API (DPAPI)
macOS: Keychain Services

Authentication credentials (AppDirect session tokens, Google OAuth tokens) are additionally encrypted using Electron's safeStorage API before being written to disk. This data never leaves your machine.

6. Cloud AI Processing (Subscription Tier)

Important: Subscription Tier Data Flow

If you are on the Subscription tier, AI prompts are sent to a dedicated Cloud Run instance provisioned exclusively for your organization. These prompts may include account context such as customer names, revenue figures, renewal dates, and tech stack information that you have loaded into the application.

Each Subscription tier organization receives its own isolated Google Cloud Platform project. Your AI processing data is not shared with other customers or used for any purpose other than generating responses to your prompts.

Edge tier customers: If you use the Edge tier with a local AI model (Ollama), no data is sent to any external server for AI processing. All inference happens locally on your machine.

Google Gemini (optional): If you choose Google Gemini as your AI provider, prompts are sent to Google's Generative AI API. Google's use of this data is governed by their API terms of service.

7. Third-Party Services

The Service integrates with the following third-party services, each with their own privacy practices:

Service	Purpose	Data Shared
Stripe	Payment processing	Billing info (handled by Stripe, not stored by us)
Google Cloud Platform	Cloud AI hosting (Subscription tier)	AI prompts with account context
Google Generative AI	AI processing (optional)	AI prompts with account context
AppDirect	Account data sync (user-initiated)	User's own session credentials (not shared by us)
Google / GitHub OAuth	Authentication	Name, email address

8. Security

We implement appropriate technical and organizational measures to protect your information:

Local database encryption (AES via OS keychain)
Credential encryption via Electron safeStorage (DPAPI / Keychain)
HTTPS for all API communications
Machine-locked licensing to prevent unauthorized access
Per-organization cloud project isolation (Subscription tier)
Rate limiting and constant-time comparison on API endpoints

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Retention

Local data: Data stored on your device persists until you delete it or uninstall the application. You have full control over your local data.

Server-side data: Account information, license records, and organization data are retained while your account is active. After account termination, we retain this data for up to 90 days for operational and legal purposes, after which it is permanently deleted.

Payment records: Transaction records are retained by Stripe in accordance with their data retention policies and applicable financial regulations.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate information.
Deletion: Request deletion of your personal information from our servers.
Portability: Request your data in a structured, machine-readable format.
Objection: Object to certain processing of your information.

To exercise any of these rights, contact us at support@advisorassist.app. We will respond within 30 days.

For locally stored data, you have direct control. You can delete your local database at any time by removing the application data directory.

11. Children's Privacy

The Service is designed for business professionals and is not directed at children under 13 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website at least 30 days before the changes take effect. The "Last Updated" date at the top of this page indicates when the policy was last revised.

13. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

AdvisorAssist LLC
Salt Lake City, Utah
support@advisorassist.app