1. Introduction
This Privacy Policy (the "Policy") explains how Worthy Advice, Inc. ("Worthy", "we", "us", "our") collects, uses, and discloses personal information through its website and its online Tax Intelligence platform (the "Platform", and collectively with the website, the "Services").
2. Information Collected and How We Use It
You will have the opportunity to provide us with certain personal information. In addition, we may collect your personal information from our customers that you have a relationship with (each, a "Worthy Customer"), and automatically through your use of the Services. The rest of this section provides a more detailed explanation of the personal information we collect, and how we use that personal information.
Voluntarily Disclosed Information
The following identifies the specific purposes for which you or other parties may voluntarily disclose personal information to us.
| Purpose for Collection | Type of Personal Information | How We Collect That Information |
|---|---|---|
| Account creation for Platform users; communication with Platform users about their accounts | Name, email address | Directly from you or through a third-party authentication system (e.g., Salesforce, Microsoft, Google) |
| Provision of Services to Worthy Customers | Personal information included within your IRS tax filings, wage statements (e.g., W-2, 1099), and brokerage statements. This may include your name, mailing address, email address, social security number, and financial information. | Directly from you, Worthy Customers, or the IRS (as directed by Worthy Customers) |
| Provision of Services to Worthy Customers | Personal information included within service requests from Worthy Customers | Directly from Worthy Customers |
Automatically Collected Information
Whenever you interact with the Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, geolocation data, device identification, the type of device you're using to access the Services, and the page or feature you requested.
3. Disclosure of Personal Information
We may disclose your personal information as detailed in this section.
Personnel and Third Party Service Providers
We employ personnel and engage other companies and people to perform tasks on our behalf and need to share your personal information with them to provide products or services to you. For example, all data that we receive is stored on servers hosted by cloud storage vendors such as Amazon Web Services. As another example, the AI functionality on the Platform (including document analysis, data extraction, and natural language query) is provided using third-party AI inference services, including Google Cloud Vertex AI. Documents submitted for AI processing are not retained by our AI subprocessors or used to train any AI model. We do not use your personal information to train, fine-tune, or improve any artificial intelligence or machine learning model.
Worthy Customers
If you submit personal information to our Platform at the request of a Worthy Customer, the personal information that you submit will be shared with the Worthy Customer.
Business Transfers
If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party.
Legal Compliance
We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with governmental requests, law enforcement or court orders, or enforce or apply our agreements.
4. Security
We maintain a written Information Security Program ("ISP") that satisfies the requirements of the Gramm-Leach-Bliley Act (GLBA) and the FTC Safeguards Rule. Our technical safeguards include AES-256 encryption at rest, TLS encryption in transit, multi-factor authentication, role-based access controls, and environment segregation between production and non-production systems. All personal information processed on the Platform constitutes Nonpublic Personal Information ("NPI") under GLBA and is handled accordingly.
In the event of a confirmed or reasonably suspected data breach affecting your personal information, we will notify affected Worthy Customers within 48 hours of discovery. We cannot, however, ensure or warrant that your personal information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
5. Your Rights
Who To Exercise Your Rights With
If you create an account on the Platform, we are a "controller" of the personal information you submit to create your account (your "Account Information"), and you can exercise your rights with respect to your Account Information by following the instructions in Section 5.2 below.
All other personal information that we process is done at the request and instruction of Worthy Customers, and we are a "processor" of that personal information. Worthy Customers control our use of that personal information and determine how and for what purpose we process that personal information. If we are processing your personal information on behalf of a Worthy Customer, and you have any questions or concerns about how your personal information is handled or would like to exercise your rights as a data subject, you should contact the Worthy Customer who has contracted with us to process your personal information. We will provide assistance to the Worthy Customer to address any concerns you may have, in accordance with the terms of our contract with them and applicable law.
Your Rights
Through your account settings, you may access and edit your Account Information. If you would like to delete your account, please email us at hello@withworthy.com. Please understand, however, that our legal compliance obligations may prevent us from deleting certain content associated with your account (e.g., tax records).
6. Retention of Information
Subject to your right to request deletion of your account in accordance with Section 5, we will retain personal information only for so long as necessary to provide the Services or as required by applicable law. Uploaded documents and tax return data are retained for the duration of your or your Worthy Customer's active subscription and deleted within 30 days following termination or a deletion request. AI inference inputs are not retained beyond the real-time processing session. Account information is deleted upon account removal. Anonymized, aggregated platform analytics that cannot identify you may be retained indefinitely. Where a Worthy Customer's contract specifies shorter retention periods, those periods control.
7. How We Respond to Do Not Track Signals
We will honor your exercise of your rights with respect to your personal information in accordance with Section 5. Apart from those rights, we do not respond to "Do Not Track" signals.
8. Age of Users
We do not knowingly collect or solicit information from anyone under the age of 13. If we learn that we have collected personal information from a child under the age of 13, we will delete that information as quickly as possible.
9. Changes to Policy
We're constantly trying to improve the Services, so we may need to change this Policy from time to time as well. The date of the last modification will be posted at the beginning of this Policy. It is your responsibility to check from time to time for updates. By continuing to access or use the Services, you are indicating that you agree to be bound by the modified Policy.
10. Contact Us
If you have any questions or concerns regarding this Policy, please send us a detailed message to hello@withworthy.com, and we will try to resolve your concerns.