Privacy Policy

AdvisoryBriefings operates https://advisorybriefings.com (the "Website") and provides AI-powered daily briefing services for Registered Investment Advisors ("RIAs"). This Privacy Policy governs all personal data processed through our Website and services.

By accessing or using our Website, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use immediately.

This policy applies to all visitors, registered users, advisors, and clients whose data is processed through our platform. It covers data collected via:

• Our Website and web applications
• API integrations (including Smarsh, Global Relay, Twilio, WhatsApp)
• Email communications and support tickets
• Third-party authentication providers (Google, LinkedIn)
• Voice sample uploads and document uploads

We collect the following categories of data:

AdvisoryBriefings uses artificial intelligence providers, including OpenAI and ElevenLabs, to generate briefing content and voice synthesis. We implement the following safeguards:

• Zero-Retention Policy: We contractually require that OpenAI and ElevenLabs do not retain, train on, or store your data beyond the processing session required to fulfill the request.
• No Model Training: Your client PII, briefing scripts, voice samples, and documents are explicitly excluded from any model training or fine-tuning datasets.
• Automated Decision-Making: Our AI systems generate content recommendations and news rankings. These are advisory-only — the RIA maintains full editorial control and must approve all content before delivery.
• Human Oversight: Every briefing is queued for advisor review before delivery. No AI-generated content reaches clients without explicit human approval.

We process personal data under the following legal bases:

• Contractual Necessity (GDPR Art. 6(1)(b)): Processing required to provide our briefing services under our Terms of Service.
• Legal Obligation (GDPR Art. 6(1)(c)): Compliance with SEC recordkeeping requirements, tax laws, and applicable financial regulations.
• Legitimate Interests (GDPR Art. 6(1)(f)): Fraud prevention, network security, service improvement, and direct marketing (where consent is not required).
• Consent (GDPR Art. 6(1)(a)): Where required by law, we obtain explicit consent for processing sensitive data or for marketing communications.

We use collected data exclusively for the following purposes:

• Generating, reviewing, and delivering daily briefings to your clients
• Archiving communications to your designated Smarsh or Global Relay account
• Authenticating users and maintaining account security
• Processing payments and managing subscriptions
• Providing customer support and technical assistance
• Monitoring service performance and detecting security threats
• Complying with legal and regulatory obligations

We do not sell, rent, or monetize your data. We do not use client data for advertising purposes. Your data is used solely to deliver the services you have contracted for.

We share data only with the following categories of service providers:

• AI Providers (OpenAI, ElevenLabs): Under zero-retention contracts. No training rights.
• Archiving Providers (Smarsh, Global Relay): For SEC/FINRA compliant recordkeeping. You maintain your own license.
• Communication Providers (Twilio): For WhatsApp message delivery and archiving.
• Cloud Infrastructure: Encrypted storage and compute on isolated instances with AES-256 encryption.
• Payment Processors: For subscription billing (PCI-DSS compliant).

All third-party providers are subject to Data Processing Agreements (DPAs) that meet GDPR Article 28 requirements. We do not share data with law enforcement except when legally compelled by valid court order or subpoena.

We retain data according to the following schedule:

• Account Data: Retained for the duration of your subscription plus 7 years (to meet SEC Rule 204-2 recordkeeping requirements).
• Communication Records: Retained for 7 years from creation to comply with SEC and FINRA requirements.
• Uploaded Documents: Retained until you delete them or close your account, except where longer retention is required by law.
• Usage Logs: Retained for 12 months for security and troubleshooting purposes.
• Deleted Accounts: Personal data is purged within 90 days of account closure, except for records we are legally obligated to retain.

Depending on your jurisdiction, you may exercise the following rights:

• Right to Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure ("Right to Be Forgotten"): Request deletion of your data, subject to legal retention obligations.
• Right to Restrict Processing: Limit how we use your data in certain circumstances.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Complain: Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@advisorybriefings.com. We respond to all requests within 30 days as required by GDPR.

We implement industry-leading security controls:

• Encryption: TLS 1.3 for data in transit; AES-256 for data at rest.
• Access Control: Role-based access control (RBAC) with multi-factor authentication (MFA).
• Audit Logging: Complete access logs for all data interactions, retained for compliance review.
• Network Security: Isolated infrastructure with no shared tenant databases; DDoS protection; Web Application Firewall (WAF).
• Penetration Testing: Regular third-party security assessments and vulnerability scanning.
• Incident Response: 24-hour breach notification procedure for supervisory authorities; 72-hour notification for affected users where required by GDPR.

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
• Functional Cookies: Remember preferences and settings to enhance your experience.
• Analytics Cookies: Help us understand Website usage patterns. We use privacy-preserving analytics with IP anonymization.

You can manage cookie preferences through your browser settings. We do not use third-party advertising cookies or tracking pixels for retargeting.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete such data.

AdvisoryBriefings operates infrastructure in the United States. If you access our services from the European Union or other jurisdictions, your data will be transferred to and processed in the United States.

We ensure lawful international transfers through Standard Contractual Clauses (SCCs) approved by the European Commission (GDPR Article 46). All subprocessors sign Data Processing Agreements incorporating these SCCs with appropriate supplementary measures for data security.

As a platform serving Registered Investment Advisors, our data handling practices are designed to support your compliance obligations under:

• SEC Rule 204-2: We retain all client communications, including scripts, audio files, and delivery receipts, for a minimum of 7 years. Records are stored in a non-rewriteable, non-erasable format where required.
• SEC Marketing Rule (Rule 206(4)-1): Our platform structures content workflows to support accurate, balanced, and substantiated communications. All marketing content is flagged for advisor review before delivery.
• FINRA Rules 3110 & 4511: We maintain complete supervisory records and facilitate your supervisory review process through the advisor dashboard.
• State RIA Regulations: Our archiving and audit-logging capabilities support state-level recordkeeping and examination requirements.

We do not provide legal or compliance advice. You remain responsible for ensuring your use of our platform complies with all applicable regulations. We recommend reviewing all AI-generated content for accuracy and regulatory suitability before delivery.

We monitor and align with emerging AI regulations to ensure our platform remains compliant across jurisdictions:

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be notified via email and a prominent banner on the Website at least 30 days before taking effect. Continued use after changes constitutes acceptance.

For privacy-related questions, data subject requests, or compliance inquiries, contact:

For GDPR-related complaints, you may also contact your local data protection authority. We cooperate fully with all regulatory inquiries.