Privacy Policy

1. Who We Are

OmniNexus Wealth ("we," "us," or "our") is an educational financial platform operated by Keith Puopolo. Our website is omninexuswealth.com. You can contact us at keith@omninexuswealth.com.

2. Information We Collect

We collect the following types of information when you use the Platform:

• Account information: Your email address and password (encrypted) when you create an account.
• Financial information you provide: Monthly income, fixed bills, side income, debt payments, and credit score range — entered voluntarily by you during the budgeting process.
• Investor profile information: Age range, risk tolerance, investment goals, time horizon, and investing experience — entered voluntarily during the Nexus investment profile process.
• Chat messages: Conversations with Omni and Nexus are stored to provide continuity across sessions.
• Usage data: Basic information about how you use the Platform, such as which features you interact with.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Platform
• Personalize your educational experience with Omni and Nexus
• Save your progress so you don't have to start over each session
• Communicate with you about the Platform (including launch updates if you joined our waitlist)
• Ensure the security and integrity of the Platform

4. How We Store Your Data

Your data is stored securely using Supabase, a trusted database platform with row-level security — meaning your data can only be accessed by you when you are logged in. Passwords are encrypted and never stored in plain text.

5. Third-Party Services We Use

We use the following third-party services to operate the Platform. Each service may receive certain data as described below:

• Supabase — database and authentication. Your account data, financial inputs, and chat history are stored here using row-level security and encryption at rest. Supabase Privacy Policy
• xAI (Grok) — powers the Omni and Nexus AI chat responses. Your chat messages are sent to xAI's servers to generate responses. xAI Privacy Policy
• Groq (Llama 3) — powers the Bill Killer feature. When you request bill cancellation advice, the bill name and amount are sent to Groq's servers to generate step-by-step guidance. No other personal data is shared with Groq. Groq Privacy Policy
• Google Gemini — powers the Pay Stub Scanner feature. If you use the 📸 scan feature, the image or PDF you upload is sent to Google's Gemini AI to extract income data. The image is processed in real time and is not stored by OmniNexus Wealth or retained by Google beyond the processing request. Google Privacy Policy
• Plaid — provides bank account linking infrastructure. If you choose to connect a bank account, your banking credentials are entered directly into Plaid's secure interface and are never seen or stored by OmniNexus Wealth. Plaid provides us only with read-only account balance information. Plaid Privacy Policy
• Polygon.io — provides real-time and historical market data for ETF and stock prices. No personal data is shared with Polygon. Polygon Privacy Policy
• Finnhub — provides financial news, analyst ratings, and market calendar data. No personal data is shared with Finnhub. Finnhub Privacy Policy
• Alpaca Markets — provides simulated paper trading infrastructure. When you create an account, a sandboxed paper trading account is automatically created on your behalf using your email address and placeholder identity data. No real SSN or financial information is collected or transmitted. No real money is ever involved. Alpaca Privacy Policy
• Stripe — payment processing for paid subscriptions (when applicable). OmniNexus Wealth does not store your full credit card number. All payment data is handled directly by Stripe. Stripe Privacy Policy
• Resend — email delivery service used to send transactional emails (account welcome, notifications). Your email address is shared with Resend solely to deliver emails from OmniNexus Wealth. Resend Privacy Policy
• PostHog — analytics and session recording. PostHog collects anonymized usage data including which features you interact with, session recordings, and heatmaps to help us improve the Platform. Input fields marked as sensitive (passwords) are masked and never recorded. PostHog Privacy Policy
• Sentry — error monitoring. If the Platform encounters a technical error, Sentry captures diagnostic information (error type, browser, and device type) to help us identify and fix bugs. Sentry does not capture your financial data. Sentry Privacy Policy
• Netlify — hosts the Platform and serves web content. Netlify Privacy Policy

6. Cookies and Tracking Technologies

OmniNexus Wealth uses cookies and similar technologies (including browser localStorage) to operate the Platform and improve your experience. Specifically:

• Session cookies: Used by Supabase to keep you logged in securely.
• Preference cookies: Used to remember your language setting (English or Spanish) between visits.
• Analytics cookies (PostHog): Used to understand how users interact with the Platform, including session recordings and heatmap data. These help us identify usability issues and improve the product. You can opt out by contacting us at keith@omninexuswealth.com.
• Error tracking (Sentry): Uses a small identifier to group related error reports from the same session. No personal financial data is included.

Do Not Track: Some browsers send a "Do Not Track" signal. OmniNexus Wealth does not currently alter its data collection practices in response to DNT signals, but we honor opt-out requests submitted directly to us.

7. We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes. Period.

8. Data Security

We take reasonable technical and organizational measures to protect your data, including:

• Encryption in transit (HTTPS/TLS) for all data sent between your device and our servers
• Encryption at rest for data stored in Supabase
• Row-level security in our database — your data can only be accessed when you are authenticated as you
• API keys and sensitive credentials stored as server-side environment variables, never exposed to the browser

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security.

9. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you by email at the address associated with your account within 72 hours of becoming aware of the breach, or as soon as reasonably practicable. Our notification will describe the nature of the breach, the data affected, and the steps we are taking to address it.

10. Data Retention

We retain different types of data for different periods:

• Account and financial data: Retained for as long as your account is active.
• Chat history: Retained for as long as your account is active to provide conversation continuity.
• Error and diagnostic logs (Sentry): Retained for 90 days.
• Analytics data (PostHog): Retained for up to 12 months.

You may request deletion of your account and all associated data at any time through the account menu in the app, or by emailing keith@omninexuswealth.com. We will complete the deletion within 30 days of your request.

11. Your Rights

You have the following rights with respect to your personal data:

• Right to access: Request a copy of the personal data we hold about you.
• Right to correction: Request that we correct inaccurate data.
• Right to deletion: Request that we delete your account and all associated data.
• Right to opt out: Opt out of analytics tracking or marketing communications at any time.
• Right to portability: Request your financial data in a portable format.

To exercise any of these rights, contact us at keith@omninexuswealth.com. We will respond within 30 days.

12. California Residents — Your CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

• Right to Know: You have the right to request disclosure of the categories of personal information we collect, the purposes for which we use it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Opt Out of Sale: We do not sell your personal information. You therefore have no need to opt out of a sale, but you have this right should our practices change.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, contact us at keith@omninexuswealth.com with the subject line "CCPA Rights Request." We will verify your identity and respond within 45 days.

13. Children's Privacy

OmniNexus Wealth is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at keith@omninexuswealth.com and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes — such as new data collection practices, new third-party services, or changes to how we use your data — we will notify you by email at the address associated with your account at least 14 days before the change takes effect. For minor updates, we will update the date at the top of this page. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at: keith@omninexuswealth.com

Política de Privacidad

1. Quiénes Somos

OmniNexus Wealth ("nosotros" o "nuestro") es una plataforma financiera educativa operada por Keith Puopolo. Nuestro sitio web es omninexuswealth.com. Puedes contactarnos en keith@omninexuswealth.com.

2. Información que Recopilamos

Recopilamos los siguientes tipos de información cuando usas la Plataforma:

• Información de cuenta: Tu dirección de correo electrónico y contraseña (cifrada) cuando creas una cuenta.
• Información financiera que proporcionas: Ingresos mensuales, gastos fijos, ingresos adicionales, pagos de deudas y rango de puntaje de crédito — ingresados voluntariamente por ti durante el proceso de presupuesto.
• Información del perfil de inversor: Rango de edad, tolerancia al riesgo, metas de inversión, horizonte de tiempo y experiencia en inversiones — ingresados voluntariamente durante el proceso de perfil de inversión de Nexus.
• Mensajes de chat: Las conversaciones con Omni y Nexus se almacenan para proporcionar continuidad entre sesiones.
• Datos de uso: Información básica sobre cómo usas la Plataforma, como las funciones con las que interactúas.

3. Cómo Usamos tu Información

Usamos la información que recopilamos para:

• Proporcionar, operar y mejorar la Plataforma
• Personalizar tu experiencia educativa con Omni y Nexus
• Guardar tu progreso para que no tengas que empezar desde cero cada sesión
• Comunicarnos contigo sobre la Plataforma (incluyendo actualizaciones de lanzamiento si te uniste a nuestra lista de espera)
• Garantizar la seguridad e integridad de la Plataforma

4. Cómo Almacenamos tus Datos

Tus datos se almacenan de forma segura usando Supabase, una plataforma de base de datos de confianza con seguridad a nivel de fila — lo que significa que tus datos solo pueden ser accedidos por ti cuando estás conectado. Las contraseñas están cifradas y nunca se almacenan en texto plano.

5. Servicios de Terceros que Usamos

Utilizamos los siguientes servicios de terceros para operar la Plataforma:

• Supabase — base de datos y autenticación con seguridad a nivel de fila y cifrado en reposo. Política de Privacidad de Supabase
• xAI (Grok) — impulsa las respuestas de Omni y Nexus. Tus mensajes de chat son enviados a xAI para generar respuestas. Política de Privacidad de xAI
• Groq (Llama 3) — impulsa la función Bill Killer. El nombre y monto de la factura se envían a Groq para generar consejos de cancelación. No se comparten otros datos personales. Política de Privacidad de Groq
• Google Gemini — impulsa el Escáner de Talones de Pago. Si usas la función 📸, la imagen o PDF que subes se envía a Gemini de Google para extraer datos de ingresos. La imagen se procesa en tiempo real y no es almacenada por OmniNexus Wealth. Política de Privacidad de Google
• Plaid — vinculación de cuentas bancarias. Tus credenciales bancarias se ingresan directamente en la interfaz segura de Plaid y nunca son vistas ni almacenadas por OmniNexus Wealth. Política de Privacidad de Plaid
• Polygon.io — datos de mercado en tiempo real. No se comparten datos personales. Política de Privacidad de Polygon
• Alpaca Markets — infraestructura de operaciones de papel simuladas. No se involucra dinero real. Política de Privacidad de Alpaca
• Stripe — procesamiento de pagos. OmniNexus Wealth no almacena tu número completo de tarjeta de crédito. Política de Privacidad de Stripe
• PostHog — análisis y grabación de sesiones para mejorar la Plataforma. Los campos sensibles como contraseñas están enmascarados. Política de Privacidad de PostHog
• Sentry — monitoreo de errores técnicos. No captura datos financieros. Política de Privacidad de Sentry
• Netlify — alojamiento de la Plataforma. Política de Privacidad de Netlify

6. Cookies y Tecnologías de Seguimiento

OmniNexus Wealth usa cookies y tecnologías similares para operar la Plataforma. Usamos cookies de sesión para mantener tu inicio de sesión, cookies de preferencia para recordar tu idioma, cookies de análisis (PostHog) para mejorar la experiencia del usuario, y seguimiento de errores (Sentry). Puedes optar por no participar en el análisis contactándonos en keith@omninexuswealth.com.

7. No Vendemos tus Datos

No vendemos, alquilamos ni intercambiamos tu información personal a terceros con fines de marketing o publicidad. Punto.

8. Seguridad de los Datos

Implementamos medidas técnicas y organizativas razonables para proteger tus datos, incluyendo cifrado en tránsito (HTTPS/TLS), cifrado en reposo, seguridad a nivel de fila en nuestra base de datos, y claves de API almacenadas en el servidor, nunca expuestas al navegador.

9. Notificación de Violaciones de Datos

En caso de una violación de datos que afecte tu información personal, te notificaremos por correo electrónico dentro de las 72 horas de haber tomado conocimiento de la violación, describiendo la naturaleza del incidente, los datos afectados y los pasos que estamos tomando.

10. Retención de Datos

Conservamos los datos de cuenta y financieros mientras tu cuenta esté activa. El historial de chat se conserva mientras tu cuenta esté activa. Los registros de errores (Sentry) se conservan 90 días. Los datos de análisis (PostHog) se conservan hasta 12 meses. Puedes solicitar la eliminación de tu cuenta y todos los datos asociados en cualquier momento.

11. Tus Derechos

Tienes derecho a acceder, corregir, eliminar y portar tus datos personales, así como a optar por no participar en el seguimiento de análisis o comunicaciones de marketing. Para ejercer cualquiera de estos derechos, contáctanos en keith@omninexuswealth.com. Responderemos dentro de 30 días.

12. Residentes de California — Derechos CCPA

Si eres residente de California, la Ley de Privacidad del Consumidor de California (CCPA) te otorga derechos adicionales: derecho a saber qué datos recopilamos, derecho a eliminarlos, derecho a optar por no venderlos (no vendemos tus datos), y derecho a no ser discriminado por ejercer estos derechos. Para ejercer tus derechos CCPA, envía un correo a keith@omninexuswealth.com con el asunto "Solicitud de Derechos CCPA".

13. Privacidad de los Menores

OmniNexus Wealth no está destinado al uso de personas menores de 18 años. No recopilamos conscientemente información personal de menores. Si crees que un menor nos ha proporcionado información personal, contáctanos de inmediato en keith@omninexuswealth.com.

14. Cambios en Esta Política

Para cambios materiales en esta Política — como nuevas prácticas de recopilación de datos o nuevos servicios de terceros — te notificaremos por correo electrónico al menos 14 días antes de que el cambio entre en vigor. Para actualizaciones menores, actualizaremos la fecha en la parte superior de esta página. El uso continuado de la Plataforma después de los cambios constituye la aceptación de la política actualizada.

15. Contáctanos

Si tienes alguna pregunta sobre esta Política de Privacidad o cómo manejamos tus datos, contáctanos en: keith@omninexuswealth.com