Legal

Privacy Policy

Last updated: April 19, 2026.

Work in progress: Net Worth Nexus is still in pre-launch development, and services are not enabled for public use yet.

This page describes the current implementation state of the app. It is not final legal advice, and we plan to publish an attorney-reviewed policy before public launch.

Who we are

Net Worth Nexus is operated by NexTech Innovations LLC. For privacy questions, contact support@networth.nexus.

Information we collect

Based on the current backend implementation, we collect and store:

• Account identity data: username, email, password hash, account creation time, and role flags.
• Profile and preferences: full name, gender, state code, birth year, theme, session timeout choice, and product/benchmark opt-in settings.
• Consent records: terms and privacy acceptance timestamps and accepted policy version strings.
• Subscription metadata: Stripe customer ID, subscription ID, status, and Pro access state.
• Manual portfolio entries: user-entered accounts, tickers, options, and custom bet records.
• Brokerage data (for connected users): account details, balances, holdings, option positions, transactions, and related metadata from SnapTrade-connected institutions.
• Operational data: session tokens and limited error/operation logs.

How data is secured

• Passwords are hashed using PBKDF2-HMAC-SHA256 with random salts.
• SnapTrade user secrets are encrypted at rest using a server-managed Fernet encryption key.
• Session authentication uses HTTP-only cookies with SameSite=Lax and configurable expiration.
• The API sets common security headers (including HSTS, X-Frame-Options, and X-Content-Type-Options).

Third-party services

• SnapTrade is used for brokerage account connectivity and data synchronization. We do not store brokerage username/password credentials in our app database.
• Stripe is used for subscription billing and customer portal management. Payment card details are handled by Stripe, not stored by Net Worth Nexus.
• We did not identify third-party advertising trackers in the current app codebase.

Current product behavior is strictly read-only for connected brokerage data. Net Worth Nexus does not execute trades, move money, transfer funds, or provide custody.

How we use data

• To authenticate users and maintain secure sessions.
• To provide dashboards, account views, and portfolio analytics.
• To sync brokerage and transaction data when a connection is authorized.
• To provide support, troubleshoot errors, and improve reliability.
• To manage paid subscriptions and feature access status.

Data retention (current behavior)

• Session records expire automatically based on configured timeouts (default 1 hour, user-configurable up to 24 hours).
• SnapTrade webhook payload bodies are pruned after a configured retention window (currently 60 days).
• SnapTrade webhook event metadata is retained longer for operational audit purposes (currently 365 days).
• Portfolio snapshots, transaction history, and manual account records may be retained while an account exists.

User controls available today

• Update profile fields and communication preferences in Settings.
• Update session timeout and theme preferences.
• Connect and remove brokerage authorizations through SnapTrade flows.
• Add, edit, and remove manual account and position entries.
• Log out to immediately invalidate the current session.

Important current limitations

• Self-service account deletion is not yet generally available.
• Self-service data export is not yet generally available.
• Password reset/change tooling is still under development.

Children's privacy

The current registration flow enforces a minimum age threshold (13+ based on entered birth year). The service is not intended for young children.

Changes to this policy

Because this product is pre-launch, this policy may change frequently as architecture, features, and controls are finalized. We will update this page as implementation changes.