PrivateWorth is built on a simple principle: your financial data is none of our business. This policy explains what we collect, what we never touch, and how the whole thing works.
Effective date: May 1, 2026 · Applies to privateworth.comPrivateWorth is operated as an independent software product. When this policy says "we," "us," or "PrivateWorth," it means the operator of privateworth.com. For questions about this policy, email privacy@privateworth.com.
This policy applies to anyone who visits privateworth.com or purchases a Pro license.
PrivateWorth is a local-first application. When you enter your assets, debts, and financial figures, that data is processed entirely inside your browser. It is never transmitted to our servers. The encrypted vault file you save is stored on your device, not ours.
The technical reality: We have no database of user financial information. It does not exist. Your vault file is encrypted with AES-256-GCM using a key derived from your passphrase — a passphrase we never see. Even if we wanted to access your financial data, we could not.
This is not a marketing claim — it is a technical constraint of how the product is built. The application code runs in your browser. The only time any data moves from your device to our servers is when you purchase a Pro license, and even then, only your email address is involved.
Email address — collected at the time of purchase through Stripe Checkout. We use this to generate your signed license file and deliver it to you by email via Resend. We do not add you to any marketing list. We do not send unsolicited emails. The only emails you receive are transactional: your license delivery and, if needed, a re-send of that license.
Payment information — processed entirely by Stripe. We never see or store your credit card number, billing address, or payment details. Stripe handles PCI-DSS compliance on your behalf. We only receive confirmation that a payment was completed and the email address you provided at checkout.
License data — when a license is generated, we create a record containing: a license ID, a one-way hash of your email address (not the email itself), the issue date, and a cryptographic signature. This is what gets emailed to you as the .license file. We do not store a copy of this record after delivery.
Server request logs — like all web servers, ours produce basic logs when your browser requests pages or when our API receives a webhook. These logs may contain your IP address and the time of the request. They are retained for up to 30 days and used only for debugging and security monitoring.
To be completely explicit:
We use a small number of trusted third parties to operate the product. Each receives only the minimum data necessary for their specific function.
| Service | Purpose | Data they receive | Their privacy policy |
|---|---|---|---|
| Stripe | Payment processing | Payment details, email address, billing info you enter at checkout | stripe.com/privacy |
| Resend | License email delivery | Your email address and the license file attachment | resend.com/legal/privacy-policy |
| Vercel | Website hosting and serverless functions | IP address and request metadata in server logs | vercel.com/legal/privacy-policy |
We do not sell, rent, or share your personal information with any other parties.
The encrypted .pwv vault file you download is yours. It lives on your device or wherever you choose to store it (iCloud, Google Drive, a USB drive). We have no copy of it. We cannot open it. We cannot recover it if you lose your passphrase.
Important: There is no account recovery and no passphrase reset. If you lose both your vault file and your passphrase, the data inside cannot be recovered by anyone — including us. Store both somewhere safe.
Depending on where you live, you may have certain rights over personal data we hold about you. Because we hold very little data (primarily your email address from purchase), these rights are straightforward to exercise.
To exercise any of these rights, email privacy@privateworth.com. We will respond within 30 days.
If you are in the European Economic Area, you may also have the right to lodge a complaint with your local data protection authority.
PrivateWorth is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us and we will delete it promptly.
If we make material changes to this policy, we will update the effective date at the top of the page. For significant changes, we will add a notice to the main application. We will not retroactively change how we handle data already collected without giving users the opportunity to object.
Questions, requests, or concerns about this policy:
We aim to respond to all privacy inquiries within 5 business days.