CaprafiWealth Management
Sign In

Privacy Policy

Last updated: January 12, 2026

1. Introduction

Caprafi ("we," "our," or "us") is committed to protecting your privacy and the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our wealth management platform.

As a financial services platform handling sensitive wealth and investment data, we adhere to the highest standards of data protection, including compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly to us, including:

  • Account Information: Name, email address, phone number, and password when you create an account
  • Identity Verification: Government-issued identification documents, date of birth, and tax identification numbers as required for regulatory compliance
  • Profile Information: Professional title, organization name, and business contact details
  • Communication Data: Records of correspondence when you contact our support team

2.2 Financial Information

To provide our wealth management services, we collect:

  • Asset Data: Information about your investments, holdings, loans, and other financial assets you choose to track
  • Valuation Data: Historical and current values of your assets
  • Entity Information: Details about companies, funds, and other entities related to your investments
  • Documents: Contracts, agreements, and other financial documents you upload to our platform

2.3 Technical Information

We automatically collect certain information when you use our platform:

  • Device Information: IP address, browser type, operating system, and device identifiers
  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns
  • Log Data: Access times, error logs, and system activity
  • Cookies: Small data files stored on your device for authentication and preferences

3. How We Use Your Information

We use the information we collect to:

  • Provide Services: Deliver our wealth management platform, including portfolio tracking, document management, and AI-powered insights
  • Process Transactions: Manage your account, process payments, and maintain accurate records
  • AI Features: Power our artificial intelligence capabilities to provide personalized insights and analysis of your portfolio and documents
  • Security: Protect against unauthorized access, fraud, and other security threats
  • Compliance: Meet legal and regulatory obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements
  • Communication: Send service updates, security alerts, and support messages
  • Improvement: Analyze usage patterns to enhance our platform and develop new features

4. Data Sharing and Disclosure

We do not sell your personal or financial information. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information with third parties
  • Service Providers: With trusted vendors who assist in operating our platform (e.g., cloud hosting, payment processing), bound by strict confidentiality agreements
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with continued protection of your data
  • Tenant Members: With other members of your tenant organization based on role-based access controls you configure

5. Data Security

We implement comprehensive security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication, and audit logging
  • Infrastructure: Hosted on SOC 2 Type II certified cloud infrastructure
  • Tenant Isolation: Complete data isolation between tenants using row-level security
  • Regular Audits: Periodic security assessments and penetration testing
  • Incident Response: Documented procedures for detecting and responding to security incidents

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal and regulatory obligations (typically 7 years for financial records)
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at support@caprafi.com.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with all service providers
  • Compliance with applicable data transfer frameworks

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and security
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how you use our platform

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: