Data handling, retention, and AI processing explained plainly.

• Service delivery. To provide, maintain, and improve the Services, including operating our financial analytics platform, executing robo-advisor portfolio recommendations, processing financial statements, and generating analytical outputs.
• AI and machine learning processing. Our Services use artificial intelligence and machine learning models to analyze financial data, detect behavioral credit signals, estimate risk parameters, and generate portfolio optimization recommendations. These models process Client Data as instructed by you under your service agreement. See Section 3 for details on automated decision-making.
• Security and fraud prevention. To protect the integrity of the Services, detect and prevent unauthorized access, and investigate suspicious activity.
• Communications. To respond to your inquiries, send transactional notifications related to your account, and, where you have opted in, send product updates or marketing communications.
• Compliance. To comply with applicable legal obligations, regulatory requirements, and law enforcement requests.
• Analytics and improvement. To understand how users interact with the Services, diagnose technical issues, and develop new features. We use aggregated and de-identified data for this purpose wherever feasible.
• Business operations. To administer our business, including billing, accounting, auditing, and enforcing our agreements.

Far Gradient's Services employ automated processing, including machine learning models, to perform financial analysis, risk scoring, credit signal detection, and portfolio optimization. We describe these processes here so you can understand their scope.

• How our models work. Our models analyze structured and unstructured financial data to generate outputs such as risk scores, portfolio allocation recommendations, covariance estimates, and regime classifications. These outputs are analytical tools designed to inform human decision-making by our clients. They are not final credit, lending, or investment decisions.
• Human oversight. Our robo-advisor and analytics outputs are designed to operate within parameters set by our clients. Clients retain responsibility for final investment and credit decisions. Far Gradient does not make consumer lending, hiring, insurance, or housing decisions using automated processing.
• Client Data and model training. We do not use Client Data in identifiable form to train our general-purpose machine learning models unless you provide explicit, informed, written consent. Client Data in identifiable form is processed to deliver the Services you have contracted. Aggregate, de-identified statistical patterns derived from Client Data may be used to improve model accuracy, calibration, and service quality, provided such patterns are not reasonably linkable to any individual client or data subject. Examples include sector-level distributional statistics, structural formatting patterns across financial statement types, and aggregate model performance benchmarks.
• Derived data and analytical outputs.In the course of delivering the Services, Far Gradient generates analytical outputs including risk scores, statistical features, structural metadata, benchmark indices, model coefficients, and other derived work product ("Derived Data"). Derived Data is the intellectual property of Far Gradient. Derived Data does not include Client Data in identifiable form, and Far Gradient's ownership of Derived Data does not limit your rights in your Client Data.
• System telemetry.We collect operational data about the performance, reliability, and accuracy of our models and infrastructure, including processing latency, error rates, feature importance metrics, and calibration measurements ("Telemetry Data"). Telemetry Data does not contain Client Data in identifiable form and is used by Far Gradient to maintain, monitor, and improve the Services.
• Large language model processing. Certain features of the Services use large language models (LLMs) to process financial documents, including financial statement spreading and report generation. Source documents processed through LLM features are not retained in identifiable form after processing is complete, are not used to train or fine-tune any third-party model, and are not shared with third-party LLM providers in identifiable form unless necessary for processing, in which case such providers are bound by data processing agreements that prohibit retention and secondary use. Structural metadata and formatting patterns extracted during LLM processing, such as field locations, table structures, and document classification labels, may be retained as Derived Data.

We do not sell personal information. We share information only in the following circumstances:

• Service providers and sub-processors. We engage third-party vendors to help us deliver the Services, including cloud hosting providers, payment processors, analytics services, and infrastructure partners. These vendors are contractually obligated to use your information only as necessary to perform services on our behalf and to maintain appropriate security safeguards. A current list of sub-processors is available upon request.
• Professional advisors. We may share information with our attorneys, accountants, auditors, and consultants as necessary for professional services rendered to us.
• Legal compliance and protection. We may disclose information when we believe disclosure is necessary to comply with applicable law, regulation, legal process, or governmental request; to enforce our agreements; to protect the rights, safety, or property of Far Gradient, our users, or others; or to detect, prevent, or address fraud, security, or technical issues.
• Business transfers. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as a business asset. We will notify affected users of any change in ownership or control of their personal information.
• With your consent. We may share information for other purposes when you direct us to do so or provide explicit consent.

We retain personal information only as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account information. Retained for the duration of your account and for a period of three (3) years following account termination, unless longer retention is required for legal, regulatory, or audit purposes.
• Client Data. Retained and deleted in accordance with your service agreement. Upon termination of the service agreement, Client Data is deleted or returned to you within sixty (60) days, unless retention is required by law.
• Usage and log data. Retained for up to twenty-four (24) months for security, analytics, and troubleshooting purposes.
• Communications. Retained for as long as necessary to resolve the subject matter and for a reasonable period thereafter for quality assurance and legal purposes.
• Legal holds. Notwithstanding the above, we may retain information as required to comply with legal obligations, resolve disputes, and enforce our agreements.
• Derived Data and Telemetry Data. Because Derived Data and Telemetry Data are not Client Data and do not contain personal information in identifiable form, they are not subject to the retention schedules above and may be retained indefinitely.

Depending on your jurisdiction, you may have certain rights regarding your personal information. We honor the following rights for all users regardless of location, to the extent applicable:

• Access. You may request confirmation of whether we process your personal information and, if so, request a copy of it in a portable, commonly used format.
• Correction. You may request that we correct inaccurate or incomplete personal information.
• Deletion. You may request that we delete your personal information, subject to exceptions for legal compliance, contract performance, and legitimate security purposes. Deletion of Client Data does not require deletion of Derived Data or Telemetry Data, which do not contain personal information in identifiable form.
• Opt-out of marketing.You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at the address below. Transactional and service-related communications are not subject to opt-out.
• Do Not Sell or Share. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
• Non-discrimination. We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, contact us at privacy@fargradient.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law, generally within 45 days for most U.S. state privacy laws. If we need additional time, we will notify you of the extension and the reason.

We use the following categories of cookies and similar technologies:

• Strictly necessary cookies. Required for the Site and Services to function. These cannot be disabled without impairing core functionality. They handle authentication, security, and session management.
• Analytics cookies. Help us understand how visitors interact with the Site by collecting usage data in aggregated form. We use these to improve performance and user experience.
• Functional cookies. Remember your preferences and settings to provide a more personalized experience.

We do not use advertising or cross-site tracking cookies. We do not engage in cross-context behavioral advertising.

You can manage cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. Blocking strictly necessary cookies may impair the functionality of the Site.

Do Not Track.Some browsers transmit "Do Not Track" signals. Because no uniform standard for interpreting these signals exists, we do not currently respond to Do Not Track signals. We do not engage in cross-site tracking regardless of this setting.

We implement administrative, technical, and physical security measures designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, employee training, and incident response procedures.

No method of transmission over the Internet or method of electronic storage is completely secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security.

If we become aware of a security breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.

Far Gradient is based in the United States and processes data primarily in the United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on applicable legal mechanisms including the EU-U.S. Data Privacy Framework, standard contractual clauses, or your explicit consent where appropriate. If you have questions about the legal basis for a specific transfer, contact us at privacy@fargradient.com.

The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us at privacy@fargradient.com.

The Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to third-party sites or services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with our Services.

Far Gradient processes financial data on behalf of institutional clients. To the extent that any of our Services are subject to the Gramm-Leach-Bliley Act (GLBA) or other financial privacy regulations, we maintain safeguards and practices consistent with those requirements. If you are a client subject to financial privacy regulations, your service agreement will specify any additional obligations and protections applicable to your data.

We do not provide personal financial advice to individual consumers. Our robo-advisor and analytics products serve institutional clients. To the extent our outputs reach individual investors through our clients' platforms, our clients are responsible for compliance with applicable consumer-facing disclosure and privacy requirements.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this document and, where required, notify you by email or through the Services. Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acceptance of the changes.

We will not materially reduce your rights under this Privacy Policy without providing notice and, where required by law, obtaining your consent.

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a complaint about our privacy practices, contact us at:

If you are not satisfied with our response to a privacy complaint, you may have the right to lodge a complaint with your local data protection authority or state attorney general.