Privacy Policy
- Who We Are
- Information We Collect
- How We Use It
- When We Share It (Vendors & Subprocessors)
- When You Choose to Share It (Lead Network & Family Members)
- Health Information & HIPAA Posture
- AI Processing of Your Data (ThinkGrid)
- Security Measures
- Data Retention
- Your Rights (Access, Portability, Deletion)
- California (CCPA/CPRA) & Other State Rights
- European Users (GDPR Notes)
- Cookies & Tracking
- Children's Privacy
- International Transfers
- Changes to This Policy
- Contact & Data Requests
1. Who We Are
"Compendium," "we," "us," or "the Service" means The Compendium Company, LLC, a Florida limited liability company located in Naples, Florida, operating the platform at compendium.thecompendiumco.com, wealth.thecompendiumco.com, advisor.thecompendiumco.com, and related domains.
2. Information We Collect
| Category | What it includes |
|---|---|
| Account information | Workspace slug, username, password (stored as a one-way bcrypt hash — we cannot read your password), email, display name, role. |
| Family / household | Names, dates of birth, relationships, contact info, parent/spouse/role linkages, blended-family tags. All optional; you control what you enter. |
| Financial | Asset entries (homes, businesses, brokerage, cash, crypto, retirement), liabilities, ownership percentages. Manually entered or pulled via Plaid (with your explicit authorization). |
| Documents | Documents you upload (wills, trusts, POAs, healthcare directives, tax returns, business agreements, deeds), AI analyses generated from them, and notes you add. |
| Estate-plan canvas | Visual nodes you drag onto the planner, connections between them, and AI-generated structural analyses. |
| Org-chart / business | Entity records, ownership trees, positions, beneficial owners. |
| Payment information | Card / bank details for subscriptions and per-document purchases. Card data is collected and stored by Stripe — we never see or store your full card number. We retain only Stripe customer/subscription IDs and metadata. |
| Authentication | Login timestamps, IP addresses (for fraud detection + rate limiting), session cookies, device fingerprints (limited). |
| Service usage | Pages visited, features used, time spent — used to improve the Service. Aggregated and de-identified for analytics. |
| Communications | Messages you send through the Service to advisors, support, or other users in your workspace. |
3. How We Use It
- Operate the Service. Authenticate you, render the dashboard, generate documents, run analyses, sync banking, store files.
- Process AI requests. When you trigger an analysis or document generation, we send the relevant subset of your data to our AI provider (Anthropic) to fulfill that request. See Section 7 for limits on this.
- Bill you. Process subscription renewals and per-document purchases via Stripe; calculate firm-paid plans for advisor-managed clients.
- Communicate with you. Send transactional emails (receipts, security alerts, signature requests), in-app messages, and notifications for events you've opted into.
- Match you with attorneys. When you opt to "Get Attorney Planning Help," generate a qualifying packet and route it to attorneys who match your geography + needs.
- Detect fraud and abuse. Rate-limit suspicious traffic, ban abusive IPs at the firewall layer, monitor for credential-stuffing or scraping.
- Improve the platform. Identify patterns in aggregated, de-identified usage to ship better features. We do not use individual user content to train AI models without explicit opt-in (see Section 7).
- Comply with law. Respond to subpoenas, court orders, and other valid legal process. Maintain records required by tax and securities law.
4. When We Share It (Vendors & Subprocessors)
To run the Service we share specific data with these third-party processors. Each is contractually required to protect the data and use it only as needed for the purposes listed.
| Vendor | What we share | Why |
|---|---|---|
| Stripe (stripe.com) | Name, email, card details (collected directly by Stripe — we never see the full PAN), purchase metadata. | Process payments, manage subscriptions, handle disputes. PCI-DSS Level 1. |
| Anthropic (anthropic.com) | The specific document text, family data, or asset summary needed for the AI request you triggered. Limited to what's required for that single request. | Generate document drafts, analyze documents, build qualifying packets, run estate-plan analyses (ThinkGrid). |
| Plaid (plaid.com) | The credentials you provide to link your bank/brokerage. Plaid stores them; we receive only account balances, transactions, and metadata. | Bank, brokerage, and credit-card account linking and balance refresh. |
| Twilio (twilio.com) | Phone numbers (yours; recipients you authorize) and message content for SMS / 2FA codes. | Two-factor authentication, signature-request notifications. |
| SMTP / email provider | Email addresses (yours and recipients) and message content. | Transactional and notification emails. |
| AWS (aws.amazon.com) | All hosted data (encrypted at rest where applicable; encrypted in transit). | Cloud hosting infrastructure. |
| Nextcloud (off-site backup) | Encrypted database snapshots only. | Disaster-recovery off-site backups. |
| GoldAPI / Yahoo / FRED / CoinGecko | Read-only requests for market data. We do not send any of your data to these. | Live price quotes for assets you've entered. |
We do not sell your personal data to advertising networks, data brokers, or any other third party.
5. When You Choose to Share It
5.1 Lead network attorneys.
When you click "Get Attorney Planning Help," we generate a qualifying packet (assets, family, identified gaps, urgency signals) and share it with attorneys whose firm matches your state. Attorneys see your name, state, and the qualifying packet; they do not see the full content of your documents unless you specifically share those after engaging.
5.2 Advisor-managed engagements.
If you accept an attorney's proposal, that firm becomes your service provider. They are granted access to your workspace and you become a managed client of that firm. You can disconnect at any time; access is revoked when the engagement ends.
5.3 Family members and team members.
If you invite a family member, advisor, or team member to your workspace with shared permissions, they will see whatever the permissions allow. You control these permissions.
6. Health Information & HIPAA Posture
The Service stores documents that may contain protected health information ("PHI") — particularly Healthcare Directives, Living Wills, and Healthcare Powers of Attorney.
- We are not a HIPAA covered entity. We are a software platform, not a healthcare provider, health plan, or healthcare clearinghouse.
- HIPAA-equivalent controls apply to all health information stored in the Service:
- Encryption in transit (TLS 1.2+)
- Encryption at rest where supported by the storage layer
- Role-based access controls — only you and people you invite can read your records
- Audit logging on access to sensitive resources
- OS-level firewall + intrusion detection (fail2ban) + rate limiting on auth endpoints
- Encrypted off-site backups
- No use of PHI for AI model training without explicit opt-in
- Business Associate Agreements (BAAs). If you are a covered entity (e.g., hospital, clinic, healthcare professional) and intend to use the Service in a way that requires a BAA under HIPAA, contact legal@thecompendiumco.com. We will execute a BAA on commercially reasonable terms before such use.
- No clinical-record claim. Healthcare directives stored on the platform are personal estate-planning documents that happen to contain health-related instructions. We do not market the Service as a HIPAA-compliant clinical record system.
7. AI Processing of Your Data (ThinkGrid)
Our AI feature ("ThinkGrid") processes your data in three modes:
- Per-request, per-user processing (always-on). When you click "Analyze," "Generate," or similar, we send the relevant subset of your data to Anthropic's API to fulfill that single request. The response is returned to your account only. Anthropic does not retain your data for model training under our API agreement.
- Aggregate pattern learning (default ON, easy opt-out). ThinkGrid extracts statistical patterns across users — e.g., "households with minor children fund guardianship 64% of the time" — never quotes, never identifies, never includes raw text. You can opt out in account settings.
- Cross-user model fine-tuning (default OFF, explicit opt-in only). If you opt in, anonymized fragments of your documents may contribute to platform model improvements. PII is stripped before any such use. We default this OFF and require explicit per-doc consent.
A single user's raw text is never inserted into another user's prompt context. This is enforced architecturally.
8. Security Measures
- Per-server firewall (UFW) with only essential ports open
- fail2ban with SSH, HTTP-auth, and bot-detection jails
- Application-layer rate limiting on auth + sensitive endpoints
- HTTPS enforced (TLS 1.2+); HSTS headers; strict Content-Security-Policy
- SQL prepared statements throughout — no string concatenation
- Bcrypt password hashing (cost factor 10)
- Session cookies with HttpOnly, SameSite, Secure flags
- Audit logging on every administrative action and signature event
- Daily DB backups; hourly rotating snapshots; encrypted off-site sync
- Per-tenant data isolation enforced at the query layer
- OS-level auto-security-updates enabled
- Pre-deploy DB snapshots before any schema migration
9. Data Retention
- While your account is active: we keep all your data so the Service works for you.
- If you cancel a subscription: your data is retained on the free tier; you don't lose anything.
- If you close your account: we retain your data for 30 days in case you reactivate, then permanently delete except where retention is required by law (tax records, audit logs).
- Backups: daily backups roll out of the active set after 7 days locally; off-site backups roll after 30 days.
- Audit logs: retained for at least 7 years for legal and compliance purposes; access is restricted.
- Stripe records: retained per Stripe's policy (usually 7 years for financial records).
10. Your Rights (Access, Portability, Deletion)
- Access. You can view all data you've stored in your account at any time through the dashboard.
- Portability. Email legal@thecompendiumco.com to request a machine-readable export of your data.
- Correction. Edit any field in your account at any time.
- Deletion. Close your account through settings, or email legal@thecompendiumco.com for full erasure (subject to legal retention requirements).
- Opt out of aggregate learning. Toggle in account settings.
- Withdraw consent. Disconnect linked banks, revoke advisor access, or delete documents at any time.
11. California (CCPA/CPRA) & Other State Rights
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:
- Right to know what personal information we collect, use, and share
- Right to delete your personal information
- Right to correct inaccurate personal information
- Right to opt out of the sale or sharing of personal information (we do not sell — but this confirms it)
- Right to limit use and disclosure of sensitive personal information
- Right to non-discrimination for exercising these rights
Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights. Contact legal@thecompendiumco.com to exercise any of them.
12. European Users (GDPR Notes)
If you access the Service from the European Union or United Kingdom, you have rights under GDPR / UK GDPR including: access, rectification, erasure, restriction, portability, objection, and the right not to be subject to solely automated decision-making with legal effects.
Our legal bases for processing: (a) performance of contract (operating the Service for you), (b) legitimate interests (security, fraud prevention, product improvement), (c) consent (for opt-in features), and (d) compliance with legal obligations.
For data-subject requests, contact legal@thecompendiumco.com. We respond within 30 days.
13. Cookies & Tracking
We use cookies for two purposes only:
- Session cookies — to keep you logged in and to track your workspace context. Required for the Service to work.
- Local storage — to cache UI state (sidebar collapse status, theme preferences).
We do not use third-party advertising cookies, behavioral tracking pixels, or social-media trackers on authenticated pages. Marketing pages may load Stripe.js (for checkout) and minimal analytics; both are disclosed in the page source.
14. Children's Privacy
The Service is not directed to children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, contact legal@thecompendiumco.com and we will delete it.
15. International Transfers
Compendium is operated from the United States. If you access the Service from outside the U.S., your data is transferred to and processed in the U.S. We rely on Standard Contractual Clauses with our European and UK users where required.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email and/or in-app notice at least thirty (30) days before the effective date. Continued use of the Service after the effective date constitutes acceptance.
17. Contact & Data Requests
Privacy questions, data-subject requests, BAA requests, deletion requests:
legal@thecompendiumco.com
The Compendium Company, LLC
Naples, Florida
Mailing address available on request