FACTS: What Does Protocol Wealth, LLC Do With Your Personal Information?
Why?
Protocol Wealth collects and develops personal information about clients, and some of that information is non-public personal information (Customer Information). The essential purpose for collecting Customer Information is to provide and service the appropriate financial products and services clients obtain from Protocol Wealth.
What?
The categories of Customer Information collected by Protocol Wealth depend upon the scope of the engagement and are generally described below. As an investment adviser, Protocol Wealth collects and develops Customer Information about clients in order to provide investment advisory services. Customer Information collected includes:
- Information received from clients on financial inventories and questionnaires through consultation with Advisory Representatives, including personal and household information such as income, spending habits, investment objectives, financial goals, statements of account, and other records concerning clients' financial condition and assets.
- Information needed to open an account including social security numbers, investment experience, assets, income, and account balances.
- Information developed as part of financial plans, analyses, or investment advisory services.
- Information concerning investment advisory account transactions.
- Information about clients' financial products and services transactions with Protocol Wealth.
When you are no longer our customer, we continue to share your information as described in this notice.
How?
All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Protocol Wealth chooses to share; and whether you can limit this sharing.
| Reasons we can share your personal information | Does Protocol Wealth share? | Can you limit this sharing? |
|---|---|---|
| For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations | Yes | No |
| For our compliance with rules and regulations — information about your transactions and communications provided to non-affiliated firms when required | Yes | No |
| For our marketing purposes — to offer our products and services to you | Yes | No |
| For joint marketing with other financial companies | Yes | No |
| For our affiliates' everyday business purposes — information about your transactions and experiences | Yes | No |
| For our affiliates' everyday business purposes — information about your creditworthiness | No | We don't share |
| For our affiliates to market to you | No | We don't share |
| For nonaffiliates to market to you | No | We don't share |
Who We Are
Who is providing this notice? Protocol Wealth, LLC — an SEC-registered investment adviser (CRD #335298).
What We Do
Use of AI Tools and Data Privacy
Protocol Wealth uses certain AI-powered tools for research, administrative tasks, and workflow optimization. We take precautions to protect client information when using these tools:
- Client nonpublic personal information is anonymized or removed before being entered into AI tools
- We configure AI tool settings to opt-out of model training where available
- We review AI tool terms of use, privacy policies, and data sharing practices
- Sensitive information such as account numbers or Social Security Numbers is never entered into AI tools
PW Nexus API and MCP Server
Protocol Wealth operates PW Nexus (nexusmcp.site), a research API and Model Context Protocol (MCP) server that provides investment analysis tools, market data, and portfolio analytics. This section describes data practices specific to API and MCP server usage.
Data collected from API and MCP users:
- Authentication data: Email address, OAuth tokens, and session identifiers used to authenticate your access. OAuth tokens issued by our authorization server (pwdashboard.com) are encrypted in transit and stored with standard security controls.
- Usage logs: Tool invocations, API endpoint requests, timestamps, IP addresses, and request metadata. These logs are used for rate limiting, abuse prevention, service reliability, and debugging.
- Query data: Ticker symbols, wallet addresses, and other parameters you submit when using API endpoints or MCP tools. Query data is processed to return results and may be cached temporarily to improve performance.
How API and MCP data is used:
- To provide and improve the API and MCP services
- To enforce rate limits and prevent abuse
- To diagnose technical issues and maintain service reliability
- To generate aggregate, non-identifying usage statistics
How API and MCP data is NOT used:
- API and MCP usage data is never sold to third parties
- Query parameters and tool invocations are not used to build individual user profiles for marketing purposes
- Non-client API usage data is not shared with third parties except as required by law
Data retention for API and MCP usage:
- Non-advisory access logs (IP addresses, request timestamps, rate-limiting metadata for non-client, non-advisory interactions): retained for 90 days, then automatically purged.
- Advisory-related interactions (tool invocations by Clients that constitute or relate to investment advisory communications): retained for a minimum of five (5) years in accordance with SEC Rule 204-2.
- Authentication tokens: retained for the duration of the session or until revoked.
- Cached query results: retained according to cache TTL policies (ranging from 30 seconds to 24 hours depending on data type).
Accessing PW Nexus through third-party AI platforms:
When you connect to PW Nexus via an MCP connector in a third-party AI assistant (such as Claude, Cursor, or similar MCP-compatible platforms), your queries and our responses are transmitted through that platform's infrastructure. Protocol Wealth applies automated PII filtering to API and MCP responses to prevent client nonpublic personal information from being transmitted through third-party platforms.
However, Protocol Wealth does not control how third-party platforms process, cache, or retain data transmitted through their systems. Users accessing PW Nexus through third-party platforms should review that platform's privacy policy.
Advisory clients should not submit nonpublic personal information (such as account numbers, Social Security numbers, or detailed financial data) through third-party AI platforms or MCP connectors. For communications involving sensitive account information, please use the client portal (pwdashboard.com) or contact your advisor directly.
Third-Party Financial Data Services
To provide account aggregation, cashflow analysis, and portfolio reporting to advisory clients, Protocol Wealth uses third-party financial data services to securely connect to your external financial accounts. These services are available exclusively to clients who have executed an Investment Advisory Agreement with Protocol Wealth ("Clients") and are used solely to provide advisory services. Account data retrieved through these services is not shared with, sold to, or made accessible to any third party for their independent use.
Prospective clients ("Prospects") and general users of Protocol Wealth digital properties do not have access to account linking or financial data aggregation features. Access to aggregation services requires both authentication and verified Client status.
Current third-party data service providers include:
- Quiltt, Inc. — provides a unified data aggregation platform that connects to financial institutions on our behalf. Quiltt is used exclusively for Client account aggregation within the advisory relationship. Quiltt's privacy policy: https://www.quiltt.io/privacy
- Plaid Inc. — provides financial account connectivity through Quiltt's aggregation layer. By using our account linking feature, you acknowledge and agree to the terms of Plaid's end user privacy policy: https://plaid.com/legal/#end-user-privacy-policy
- MX Technologies, Inc. — provides financial data aggregation and enrichment through Quiltt's aggregation layer. MX's privacy policy: https://www.mx.com/privacy-policy
You initiate all account connections through a secure interface provided by these services within the client portal (pwdashboard.com). Protocol Wealth does not receive or store your banking login credentials. You may disconnect any linked account at any time through the client portal or by contacting your advisor.
Financial data retrieved through these services is:
- Encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Stored only for the purpose of providing Advisory Services
- Never sold to third parties
- Never shared with or accessible to non-Client users of Protocol Wealth digital properties
- Subject to our data retention schedule (retained per SEC requirements, securely disposed when no longer required)
How We Share Information with Third Parties
To administer, manage and service customer accounts, process transactions and provide related services for client accounts, it is necessary for Protocol Wealth to provide access to Customer Information to non-affiliated companies, other investment advisers, custodians, and other financial institutions. Third-party service providers who may receive Customer Information in connection with account servicing include: custodians, financial data aggregation providers (Quiltt, Plaid, MX), document signing services (Anvil), transactional email delivery (Postmark), CRM (Wealthbox), and digital asset custody infrastructure (Fordefi). All third-party providers are subject to our vendor risk assessment process and contractual data protection requirements.
Protocol Wealth may also provide Customer Information outside of the firm as permitted by law, such as to government entities or other third parties in response to subpoenas. Protocol Wealth does not share Customer Information with affiliates or non-affiliated third parties for marketing purposes.
How Does Protocol Wealth Protect My Information?
To protect your personal information from unauthorized access and use, we maintain an information security program that complies with federal law, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Multi-factor authentication for system access
- Role-based access controls limiting data access to authorized personnel
- Immutable audit trail logging all access to client data
- Incident response program for detecting and responding to security events
- Regular security assessments of third-party service providers
- Due diligence and monitoring of third-party service providers who have access to client information
- Automated PII filtering on API and MCP responses to prevent inadvertent disclosure of client information through programmatic interfaces
In the event of a data security incident involving unauthorized access to your sensitive customer information, we will notify you as soon as practicable, but no later than 30 days after becoming aware of the incident, in accordance with SEC Regulation S-P as amended.
Your Data Rights
You have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your personal information, subject to regulatory retention requirements (certain records must be retained for 5 years per SEC Rule 204-2)
- Disconnect accounts: Remove any linked financial account connection at any time through the client portal or by contacting your advisor
- Revoke API access: Revoke any API keys or OAuth tokens associated with your account at any time through the client portal or by contacting your advisor
- Opt out: Opt out of certain information sharing as described below
To exercise any of these rights, contact us at [email protected] or [email protected]. We will respond to verified requests within 30 days. Some requests may be subject to regulatory exceptions — for example, we cannot delete records that SEC regulations require us to retain.
Why Can't I Limit All Sharing?
Federal law gives you the right to limit only:
- Sharing for affiliates' everyday business purposes — information about your creditworthiness
- Affiliates from using your information to market to you
- Sharing for nonaffiliates to market to you
State laws and individual companies may give you additional rights to limit sharing.
How Do I Limit Sharing?
If you choose to opt out now, at any time in the future, or wish to withdraw your opt out request, contact us at [email protected]. If it is your choice to opt out, there will be a 30-day period before your opt out will take effect.
Definitions
Affiliates: Companies related by common ownership or control. They can be financial and nonfinancial companies. Protocol Wealth does not share with affiliates.
Nonaffiliates: Companies not related by common ownership or control. They can be financial and nonfinancial companies. Protocol Wealth does not share with nonaffiliates so they can market to you.
Joint Marketing: A formal agreement between nonaffiliated financial companies that together market financial products or services to you. Protocol Wealth may enter into joint marketing agreements with other financial companies.
Client: An individual or entity that has executed a written Investment Advisory Agreement with Protocol Wealth, LLC.
Prospect: A registered user of a Protocol Wealth digital property who has not executed an Investment Advisory Agreement.
Questions?
If you have any questions about this privacy notice, please contact us at [email protected] or [email protected].
Protocol Wealth, LLC | SEC-Registered Investment Adviser | CRD #335298
Form ADV | ADV Part 2A | Form CRS | Disclosures
Regulatory filing links current as of March 19, 2026.