Skip to main content
Protocol Wealth
Back to Home

Privacy Policy

Protocol Wealth, LLC

Version 3.2

Effective: May 3, 2026 · Last Updated: May 3, 2026

FACTS: What Does Protocol Wealth, LLC Do With Your Personal Information?

Why?

Protocol Wealth collects and develops personal information about clients, and some of that information is non-public personal information (Customer Information). The essential purpose for collecting Customer Information is to provide and service the appropriate financial products and services clients obtain from Protocol Wealth.

What?

The categories of Customer Information collected by Protocol Wealth depend upon the scope of the engagement and are generally described below. As an investment adviser, Protocol Wealth collects and develops Customer Information about clients in order to provide investment advisory services. Customer Information collected includes:

  • Information received from clients on financial inventories and questionnaires through consultation with Advisory Representatives, including personal and household information such as income, spending habits, investment objectives, financial goals, statements of account, and other records concerning clients' financial condition and assets.
  • Information needed to open an account including social security numbers, investment experience, assets, income, and account balances.
  • Information developed as part of financial plans, analyses, or investment advisory services.
  • Information concerning investment advisory account transactions.
  • Information about clients' financial products and services transactions with Protocol Wealth.

When you are no longer our customer, we continue to share your information as described in this notice.

How?

All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Protocol Wealth chooses to share; and whether you can limit this sharing.

Reasons we can share your personal informationDoes Protocol Wealth share?Can you limit this sharing?
For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigationsYesNo
For our compliance with rules and regulations — information about your transactions and communications provided to non-affiliated firms when requiredYesNo
For our marketing purposes — to offer our products and services to youYesNo
For joint marketing with other financial companiesYesNo
For our affiliates' everyday business purposes — information about your transactions and experiencesYesNo
For our affiliates' everyday business purposes — information about your creditworthinessNoWe don't share
For our affiliates to market to youNoWe don't share
For nonaffiliates to market to youNoWe don't share

Who We Are

Who is providing this notice? Protocol Wealth, LLC — an SEC-registered investment adviser (CRD #335298).

What We Do

Use of AI Tools and Data Privacy

Protocol Wealth uses AI tools as part of a co-intelligence framework that combines human adviser expertise with artificial intelligence under human oversight. AI supports research, analysis, portfolio monitoring, document preparation, and administrative workflows. It does not replace our advisers, make autonomous investment decisions, or operate outside our supervision. Every material AI-assisted output is reviewed by a human adviser before it reaches you or influences a recommendation made on your behalf.

We use AI under a Zero Data Retention agreement with Anthropic, PBC. Inputs and outputs sent via the Claude API are not retained by Anthropic beyond request duration; our data is contractually excluded from any use in training or improving AI models; inference is restricted to US-based infrastructure. We do not currently operate self-hosted AI models; should external ZDR conditions change, we reserve the ability to deploy self-hosted alternatives and will update this policy before doing so.

The safeguards we apply when AI touches client information:

  • Client nonpublic personal information is anonymized, tokenized, or removed before being entered into external AI tools where feasible
  • Account numbers, Social Security numbers, and similarly sensitive identifiers are never submitted directly to external AI tools
  • AI tool settings are configured to opt out of model training where available, and we prefer providers who contractually commit to no-training terms
  • AI-generated content is reviewed by qualified personnel before use in client communications or investment decisions
  • AI outputs that affect your account are auditable — we maintain records of AI-assisted work to support compliance review
  • We review AI tool terms of use, privacy policies, and data sharing practices before engagement and on an ongoing basis

What AI does not do at Protocol Wealth:

  • AI does not make final investment decisions on your behalf without human adviser review
  • AI does not override the fiduciary judgment of your investment adviser representative
  • AI does not determine your fees, account access, or legal rights under your advisory agreement
  • AI-generated outputs that include client data are never sold, syndicated, or shared with third parties for purposes unrelated to serving you

Co-Intelligence Framework — How AI and Human Advisers Work Together

The core of our approach is that AI and human advisers guard each other rather than replace each other:

  • AI as a guardrail on advisers. AI provides 24/7 monitoring, flags portfolio drift, identifies concentration risk, performs consistency checks on advisory outputs, and produces double-checks on numerical work. If an adviser misses something, AI is positioned to catch it.
  • Human advisers as a guardrail on AI. Every material AI-assisted output is reviewed by a registered investment adviser representative before it reaches you or influences an action on your behalf. AI can produce plausible-looking but incorrect outputs ("hallucinations"). Human review catches these before they become problems.
  • AI excels at persistent, repetitive work. Continuous monitoring of portfolios, regime detection, document summarization, research synthesis, compliance screening. These tasks benefit from AI's tireless consistency.
  • Human advisers excel at judgment, relationship, and fiduciary obligations. Understanding your life circumstances, weighing tradeoffs that don't reduce to numbers, exercising the duty of care that is legally and ethically ours to bear. These are not delegated to AI.

This dual-guardrail approach is how we preserve the fiduciary relationship while making use of technology that genuinely improves our service quality.

PW Nexus API and MCP Server

Protocol Wealth operates PW Nexus (nexusmcp.site), a research API and Model Context Protocol (MCP) server that provides investment analysis tools, market data, and portfolio analytics. This section describes data practices specific to API and MCP server usage.

Data collected from API and MCP users:

  • Authentication data: Email address, OAuth tokens, and session identifiers used to authenticate your access. OAuth tokens issued by our authorization server (pwportal.app for clients, pwos.app for advisor personnel) are encrypted in transit and stored with standard security controls.
  • Usage logs: Tool invocations, API endpoint requests, timestamps, IP addresses, and request metadata. These logs are used for rate limiting, abuse prevention, service reliability, and debugging.
  • Query data: Ticker symbols, wallet addresses, and other parameters you submit when using API endpoints or MCP tools. Query data is processed to return results and may be cached temporarily to improve performance.

How API and MCP data is used:

  • To provide and improve the API and MCP services
  • To enforce rate limits and prevent abuse
  • To diagnose technical issues and maintain service reliability
  • To generate aggregate, non-identifying usage statistics

How API and MCP data is NOT used:

  • API and MCP usage data is never sold to third parties
  • Query parameters and tool invocations are not used to build individual user profiles for marketing purposes
  • Non-client API usage data is not shared with third parties except as required by law

Data retention for API and MCP usage:

  • Non-advisory access logs (IP addresses, request timestamps, rate-limiting metadata for non-client, non-advisory interactions): retained for 90 days, then automatically purged.
  • Advisory-related interactions (tool invocations by Clients that constitute or relate to investment advisory communications): retained for a minimum of five (5) years in accordance with SEC Rule 204-2.
  • Authentication tokens: retained for the duration of the session or until revoked.
  • Cached query results: retained according to cache TTL policies (ranging from 30 seconds to 24 hours depending on data type).

Accessing PW Nexus through third-party AI platforms:

When you connect to PW Nexus via an MCP connector in a third-party AI assistant (such as Claude, Cursor, or similar MCP-compatible platforms), your queries and our responses are transmitted through that platform's infrastructure. Protocol Wealth applies automated PII filtering to API and MCP responses to prevent client nonpublic personal information from being transmitted through third-party platforms.

However, Protocol Wealth does not control how third-party platforms process, cache, or retain data transmitted through their systems. Users accessing PW Nexus through third-party platforms should review that platform's privacy policy.

Advisory clients should not submit nonpublic personal information (such as account numbers, Social Security numbers, or detailed financial data) through third-party AI platforms or MCP connectors. For communications involving sensitive account information, please use the client portal (pwportal.app) or contact your advisor directly.

Third-Party Financial Data Services

To provide account aggregation, cashflow analysis, and portfolio reporting to advisory clients, Protocol Wealth uses third-party financial data services to securely connect to your external financial accounts. These services are available exclusively to clients who have executed an Investment Advisory Agreement with Protocol Wealth ("Clients") and are used solely to provide advisory services. Account data retrieved through these services is not shared with, sold to, or made accessible to any third party for their independent use.

Prospective clients ("Prospects") and general users of Protocol Wealth digital properties do not have access to account linking or financial data aggregation features. Access to aggregation services requires both authentication and verified Client status.

Current third-party data service providers:

  • Quiltt, Inc. — provides a unified data aggregation platform that connects to financial institutions on our behalf. Quiltt is used exclusively for Client account aggregation within the advisory relationship. Quiltt's privacy policy: https://www.quiltt.io/privacy
  • MX Technologies, Inc. — provides financial institution connectivity through Quiltt's aggregation platform. MX's privacy policy: https://www.mx.com/privacy-policy
  • FinGoal — provides data cleaning and enrichment through Quiltt's aggregation platform. FinGoal's privacy policy: https://fingoal.com/privacy

You initiate all account connections through a secure interface provided by these services within the client portal (pwportal.app). Protocol Wealth does not receive or store your banking login credentials. You may disconnect any linked account at any time through the client portal or by contacting your advisor.

Financial data retrieved through these services is:

  • Encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Stored only for the purpose of providing Advisory Services
  • Never sold to third parties
  • Never shared with or accessible to non-Client users of Protocol Wealth digital properties
  • Subject to our data retention schedule (retained per SEC requirements, securely disposed when no longer required)

How We Share Information with Third Parties

To administer, manage, and service client accounts, process transactions, and provide related services, Protocol Wealth provides access to Customer Information to non-affiliated companies, other investment advisers, custodians, and financial institutions. Third-party service providers who may receive Customer Information include:

Custody, Brokerage, and Billing

  • Altruist Financial LLC — advisory billing and custody
  • Interactive Brokers LLC — brokerage
  • Anchorage Digital Bank — qualified digital asset custodian (federally chartered)
  • BitGo Trust Company — qualified digital asset custodian
  • Fordefi — multi-party computation (MPC) wallet infrastructure for onchain holdings
  • Coincover — independent third-party backup key holder for MPC wallet recovery

Financial Data Aggregation

  • Quiltt, Inc. — financial account aggregation platform
  • MX Technologies, Inc. — connectivity through Quiltt
  • FinGoal — data cleaning and enrichment through Quiltt

AI Services

  • Anthropic, PBC — Claude API under Zero Data Retention agreement (US-only inference, no model training on our data)

Infrastructure and Platform

  • Google Cloud Platform and Google Workspace — compute, email, document storage, productivity, and identity services under Google's business and enterprise terms
  • Cloudflare — DNS, content delivery, web application firewall, and network security

Identity Verification and Compliance

  • Veriff — identity verification during onboarding (used for clients whose identity is not verified through a custodian's onboarding flow, including DeFi/crypto-only clients)
  • Chainalysis — blockchain sanctions screening (OFAC and international sanctions lists applied to onchain wallet addresses)
  • Hadrius — compliance monitoring and supervision (trade surveillance, marketing review, communication archiving)

Communications and Documents

  • Wealthbox — customer relationship management (CRM)
  • Postmark — transactional email delivery
  • Anvil — document signing services

Onchain Data

  • DeBank — multi-chain wallet and DeFi position data
  • Zapper — multi-chain wallet and DeFi position data

A current list of service providers is maintained at protocolwealthllc.com/subprocessors and available on request. All third-party providers are subject to our vendor risk assessment process and contractual data protection requirements.

Protocol Wealth may also provide Customer Information outside the firm as permitted by law — for example, to government entities or other third parties in response to subpoenas, regulatory examinations, or similar legal processes. We do not share Customer Information with affiliates or non-affiliated third parties for marketing purposes. We do not sell client information. We do not authorize our service providers to use client information for purposes other than providing services to us.

How Does Protocol Wealth Protect My Information?

To protect your personal information from unauthorized access and use, we maintain an information security program that complies with federal law, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Multi-factor authentication for system access
  • Role-based access controls limiting data access to authorized personnel
  • Immutable audit trail logging all access to client data
  • Incident response program for detecting and responding to security events
  • Regular security assessments of third-party service providers
  • Due diligence and monitoring of third-party service providers who have access to client information
  • Automated PII filtering on API and MCP responses to prevent inadvertent disclosure of client information through programmatic interfaces
  • Tenant isolation at the database level — client data is isolated from other clients' data through database-engine-level row-level security policies. This is a structural control that prevents cross-client data exposure even in the event of application-layer errors.
  • AI data handling controls — external AI services are engaged under agreements that restrict data retention, prohibit use of our data for model training, and limit inference geography to the United States. See the "Use of AI Tools and Data Privacy" section above for specifics on our agreement with Anthropic.
  • Data residency in the United States — client data storage and AI processing occur on infrastructure located within the United States. Our primary storage and processing is within Google Cloud Platform (US regions). External AI inference is contractually restricted to US regions.
  • Segregation of sensitive data from external AI — client nonpublic personal information is segregated from external AI workflows through our PII filtering pipeline. Where AI assistance is applied to client-identified data, the data passes through redaction controls that replace identifiers with placeholder tokens before external transmission.

In the event of a data security incident involving unauthorized access to your sensitive customer information, we will notify you as soon as practicable, but no later than 30 days after becoming aware of the incident, in accordance with SEC Regulation S-P as amended.

Data Retention for Advisory Services

We retain client information for the duration of the advisory relationship plus the period required by applicable law and regulation:

  • Advisory records required under Investment Advisers Act of 1940 Rule 204-2 — at least 5 years from the end of the fiscal year in which the record was created, with the first 2 years in an easily accessible location
  • Audit logs (sanitized of identifying information) — at least 7 years
  • Identity verification and sanctions screening records — per applicable vendor defaults and compliance requirements, typically 7 years
  • Transactional email and document signing records — 7 years
  • AI-assisted research outputs that become part of an advisory record — subject to Rule 204-2 retention; retained consistent with the related advisory record

When the required retention period expires, we delete or anonymize the data. Certain derivative data (anonymized analytics, system telemetry without client identifiers) may be retained longer for operational purposes.

Your Data Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information, subject to regulatory retention requirements (certain records must be retained for 5 years per SEC Rule 204-2)
  • Disconnect accounts: Remove any linked financial account connection at any time through the client portal or by contacting your advisor
  • Revoke API access: Revoke any API keys or OAuth tokens associated with your account at any time through the client portal or by contacting your advisor
  • Opt out: Opt out of certain information sharing as described below

To exercise any of these rights, contact us at [email protected] or [email protected]. We will respond to verified requests within 30 days. Some requests may be subject to regulatory exceptions — for example, we cannot delete records that SEC regulations require us to retain.

Your Rights Regarding AI-Assisted Services

You have rights regarding how AI is used in connection with your account:

  • Explanation of human review. If an AI-assisted output affects your account or advisory experience, you may ask your adviser to walk through the human review that occurred before the output was acted on. We will provide that explanation promptly.
  • Inquiry into AI involvement. You may ask what AI tools were involved in any specific analysis, report, or recommendation you received from us. We will tell you.
  • Opt-out from external AI processing. If you prefer that your data not pass through external AI services (such as Anthropic's Claude API), contact your adviser to discuss. We will describe which services remain available without external AI, any operational implications (for example, certain analyses may take longer or be structured differently), and any cost implications. We will not penalize you for choosing this option.
  • Opt-out from all AI-assisted workflows. You may request that no AI tools be used in work related to your account. This request will be accommodated to the extent feasible, and we will discuss the scope and implications with you.

These rights are in addition to the data rights described in "Your Data Rights" above.

Why Can't I Limit All Sharing?

Federal law gives you the right to limit only:

  • Sharing for affiliates' everyday business purposes — information about your creditworthiness
  • Affiliates from using your information to market to you
  • Sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing.

How Do I Limit Sharing?

If you choose to opt out now, at any time in the future, or wish to withdraw your opt out request, contact us at [email protected]. If it is your choice to opt out, there will be a 30-day period before your opt out will take effect.

Definitions

Affiliates: Companies related by common ownership or control. They can be financial and nonfinancial companies. Protocol Wealth does not share with affiliates.

Nonaffiliates: Companies not related by common ownership or control. They can be financial and nonfinancial companies. Protocol Wealth does not share with nonaffiliates so they can market to you.

Joint Marketing: A formal agreement between nonaffiliated financial companies that together market financial products or services to you. Protocol Wealth may enter into joint marketing agreements with other financial companies.

Client: An individual or entity that has executed a written Investment Advisory Agreement with Protocol Wealth, LLC.

Prospect: A registered user of a Protocol Wealth digital property who has not executed an Investment Advisory Agreement.

Version History

  • v3.2 (May 3, 2026) — Added co-intelligence framework, Anthropic ZDR disclosure with US-only inference and no-training commitments, corrected vendor list (Quiltt + MX + FinGoal; no Plaid), added Anthropic / Google Cloud / Cloudflare / Hadrius / Anchorage / BitGo / Coincover / Altruist / IBKR / Veriff / Chainalysis / DeBank / Zapper, tenant isolation disclosure, AI data handling controls, US data residency, PII segregation, advisory-level retention schedule, AI-specific client rights. Updated portal references from pwdashboard.com to pwportal.app (client) and pwos.app (advisor). Subprocessors page reference added.
  • v3 (March 19, 2026) — Prior baseline. Superseded in full by v3.2.

Questions?

If you have any questions about this privacy notice, please contact us at [email protected] or [email protected].

Protocol Wealth, LLC | SEC-Registered Investment Adviser | CRD #335298

Form ADV | ADV Part 2A | Form CRS | Terms of Service | Subprocessors | Disclosures

Regulatory filing links current as of May 1, 2026.