Who We Are

OmegaFP is a B2B SaaS platform designed specifically for financial advisors and their firms. We provide a comprehensive CRM and financial planning platform that helps advisors manage client relationships, process tax documents, and generate AI-powered insights.

Who Uses OmegaFP

OmegaFP is used by financial advisors and firm team members (firm principals, administrators, advisors, and read-only users). End clients do not directly use OmegaFP - their data is managed by their financial advisors on their behalf.

Why We Collect Personal Data

We collect personal data to:

• Provide our services: Enable financial advisors to manage client relationships, process tax documents, and access AI-powered financial planning tools
• Manage accounts: Create and manage user accounts for firm team members, assign roles and permissions
• Process billing: Calculate usage and process subscription payments for firms
• Improve our services: Analyze usage patterns (with PII protection) to enhance platform functionality
• Ensure security: Monitor for security threats and maintain compliance with financial regulations

Examples:

• When a firm principal creates an account, we collect their name and email to set up their firm's account
• When an advisor uploads a client's tax document, we process that document to extract financial information
• When you use our AI chat feature, we route queries appropriately based on whether client context is active

Categories of Data We Collect

Firm Team Member Data

We collect the following information about financial advisors and firm team members:

• Identity Information: Name, email address, phone number
• Account Information: Role (firm principal, admin, advisor, read-only), firm association, permissions
• Usage Data: Login times, feature usage, query logs (with PII protection)
• Billing Information: Payment method, billing address (processed securely through Stripe)

Client/Household Data (Managed by Advisors)

Advisors may input and manage the following information about their clients:

• Personal Information: Names, dates of birth, Social Security Numbers (SSNs), addresses
• Financial Information: Tax documents, account numbers, income information, investment details
• Meeting Notes: Notes from client meetings, action items, recommendations
• Dependents' Information: Names, SSNs, and dates of birth for tax dependents (managed by advisors)

Important: OmegaFP acts as a data processor for client/household data. The advisor or firm managing that client relationship is the data controller and is responsible for obtaining appropriate consent and managing client data rights.

Usage Data

We collect anonymized usage data to improve our services:

• Query patterns (with PII tokenized or removed)
• Document processing statistics
• Feature usage analytics
• Error logs (with PII redacted)

How We Use Personal Data

We use personal data to:

1. Provide Financial Advisor CRM Services
   • Enable advisors to manage client relationships
   • Store and organize client information
   • Generate financial planning recommendations
2. Process Tax Documents and Financial Data
   • Extract information from uploaded tax documents
   • Organize financial data for easy access
   • Generate summaries and insights
3. Generate AI-Powered Insights and Recommendations
   • Answer advisor questions using AI models (with PII protection)
   • Provide research assistance for financial planning
   • Generate meeting summaries and action items
4. Bill Firms Based on Usage
   • Track usage metrics (queries, document pages processed)
   • Generate invoices
   • Process payments securely
5. Ensure Security and Compliance
   • Monitor for security threats
   • Maintain audit logs for compliance (SEC Reg S-P, SOC 2 Type II)
   • Enforce access controls and permissions

When We Share Personal Data

We Never Sell Your Data

OmegaFP never sells firm or client data to third parties. This is a core commitment of our platform.

Service Providers

We share data with service providers necessary to deliver our services, including:

• Cloud Infrastructure Providers: For hosting, storage, and computing services
• AI/ML Service Providers: For AI-powered financial planning and research assistance
• Payment Processors: For processing firm subscription payments
• Security Service Providers: For data protection and security monitoring

All service providers are:

• Carefully vetted for security and compliance
• Required to sign Data Processing Agreements (DPAs) or Business Associate Agreements (BAAs)
• Subject to strict data protection requirements
• Prohibited from using your data for any purpose other than providing services to OmegaFP

Important: We do not share client data with AI service providers when processing client-specific queries. Research queries that do not contain client information may be processed by third-party AI services.

Government Requests

We may disclose personal data if required by law, such as in response to:

• Valid subpoenas
• Court orders
• Other legal processes

We will notify affected users when legally permitted to do so.

Client Data Sharing

Client/household data is only shared as directed by the advisor or firm managing that client relationship. OmegaFP does not independently share client data with third parties.

Your Choices & Rights (For Firm Team Members)

As a firm team member using OmegaFP, you have the following rights:

Data Access

• View Your Profile Data: You can view your account information, role, and permissions at any time
• Export Your Data: You can request a copy of your personal data
• Firm Data Export: Firm principals and administrators can export all firm data (households, documents, notes, tasks)

Data Correction

• Update Your Profile: You can correct your name, email, phone number, and other profile information
• Role Updates: Firm administrators can update team member roles and permissions

Account Deletion

• Individual Account Deletion: You can request deletion of your individual account (requires firm admin approval if you're not a firm principal)
• Firm Account Closure: Firm principals can close the entire firm account
• Processing Time: Account deletion requests are processed within 30 days

Marketing Opt-Out

• Unsubscribe: You can opt out of marketing emails at any time
• Service Emails: You will still receive essential service emails (security alerts, billing notices, etc.)

To exercise these rights, contact us at privacy@omegafp.com.

Client Data Rights

Important: For client/household data, OmegaFP acts as a data processor. The advisor or firm managing the client relationship is the data controller and is responsible for:

• Obtaining appropriate consent from clients
• Managing client data rights requests
• Ensuring compliance with applicable privacy laws

If you are a client whose data is managed by an advisor using OmegaFP, please contact your advisor directly regarding your data rights. Your advisor is responsible for managing your data in accordance with their privacy policy and applicable laws.

Data Retention

Firm Team Member Data

• Active Accounts: Retained while your account is active
• Account Closure: Deleted within 30 days after account closure
• Exception: Some data may be retained longer if required by law (e.g., audit logs)

Client/Household Data

• Retention Period: Retained per firm's requirements
• Minimum Retention: 7 years for tax records (IRS requirement)
• Deletion: Managed by the firm (OmegaFP processes deletion requests from firms)

Audit Logs

• Retention Period: 7 years (SEC Reg S-P requirement)
• Cannot Be Deleted: Audit logs are tamper-proof (WORM-enabled) and cannot be deleted for compliance purposes

Backups

• Backup Retention: 35 days
• Purpose: Point-in-time recovery and disaster recovery

Children's Privacy (COPPA)

Direct Accounts

OmegaFP does not allow children under 13 to create accounts. Our platform is designed for financial advisors and firm team members, not end clients.

Dependents' Data

Advisors may input dependents' information (names, SSNs, dates of birth) for tax preparation purposes. This data is:

• Managed by Advisors: The advisor/firm is the data controller
• Processed by OmegaFP: We process this data as directed by the advisor
• No Marketing Use: Dependents' data is never used for marketing purposes
• Same Retention Policies: Follows the same data retention policies as other client data

Note: COPPA compliance is primarily the responsibility of the advisor/firm managing the client relationship. Advisors should obtain appropriate consent from parents/guardians when collecting dependents' information.

How We Protect Your Data

Encryption

• At Rest: All data is encrypted using industry-standard encryption (AES-256) with firm-specific encryption keys
• In Transit: All data transmission uses the latest TLS encryption protocols

Multi-Tenant Isolation

• Complete Firm Isolation: Each firm's data is completely isolated at multiple levels (database, storage, encryption) to ensure no cross-firm data access
• Household Isolation: Within a firm, advisors can only access households assigned to them (unless they are firm admins)

PII Protection

• PII Detection: All text is scanned for personally identifiable information before AI processing
• Tokenization: PII is replaced with secure tokens before processing by AI services
• Privacy-by-Design Routing: When processing client-specific queries, we use secure, isolated AI processing that never sends data to external APIs
• Output Safety: AI responses are filtered to prevent unsafe or inappropriate content

Security Practices

• Access Controls: Role-based access control with granular permissions
• MFA Required: Multi-factor authentication required for all accounts
• Audit Logging: All actions are logged in tamper-proof audit logs
• Security Monitoring: Continuous security monitoring and threat detection
• Regular Audits: Regular security audits and penetration testing

Compliance

• SEC Reg S-P: Compliant with SEC Regulation S-P (2024) for financial data protection
• SOC 2 Type II: Maintains SOC 2 Type II certification
• GLBA: Complies with Gramm-Leach-Bliley Act requirements
• FTC Safeguards Rule: Implements required safeguards for financial information

Business Transfers

In the event that OmegaFP is involved in a merger, acquisition, sale of assets, or other business transfer, your personal data may be transferred as part of that transaction.

What Happens to Your Data

• Data Transfer: Your firm and client data would be transferred to the acquiring entity
• Continued Service: The acquiring entity would be required to honor this Privacy Policy or provide equivalent protections
• Notification: We will notify you via email and/or a prominent notice on our website before any such transfer occurs
• Your Rights: You may have the right to request deletion of your data before the transfer (subject to legal retention requirements)

Your Options

• Account Closure: You can close your firm account before the transfer if you do not wish to continue with the acquiring entity
• Data Export: You can export your firm data before the transfer
• Questions: Contact us at privacy@omegafp.com with any questions about business transfers

Do Not Track (DNT)

Some browsers include a "Do Not Track" (DNT) feature that sends a signal to websites indicating that you do not want to be tracked.

Our Response to DNT Signals

• We Acknowledge DNT: OmegaFP acknowledges DNT signals sent by your browser
• No Advertising Tracking: We do not use cookies or tracking technologies for advertising or cross-site tracking
• Essential Cookies: Essential and functional cookies are still used to provide core platform functionality (these are necessary for the platform to work)
• Analytics: Any analytics cookies respect DNT signals and are not used when DNT is enabled

For more information about cookies and tracking, please see our Cookie Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

• Notification: We will notify you via email (if you have an account) or by posting a notice on our website
• Effective Date: The "Last Updated" date at the top of this policy will be updated
• Material Changes: For material changes, we will provide at least 30 days' notice

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Additional Resources

• GLBA Privacy Notice - Separate notice for financial information
• Security Practices - Detailed information about our security practices
• Cookie Policy - Information about cookies and tracking