Last updated 9 June 2026 · Version 1.0
This policy explains how WealthComply Ltd. ("WealthComply", "we", "us") handles personal data. We process some of the most sensitive material in private wealth, and we treat it accordingly — stored in Switzerland, processed inside the EU, and never used to train AI models.
The short version. Your data stays in Switzerland. AI runs inside the EU, never in the US. We don't sell data, we don't train models on it, and you can export or delete it at any time. The detail below is for your data‑protection team.
WealthComply Ltd. provides a software platform that classifies legal entities under FATCA and the OECD Common Reporting Standard (CRS) and prepares the associated regulatory filings. For data submitted by our clients into the platform, our clients are the data controller and WealthComply acts as a data processor under a Data Processing Agreement (DPA). For our own website, marketing and account administration, WealthComply is the controller.
It matters who decides what happens to data:
To deliver classification and filing, the platform processes the data you choose to share, which may include:
You choose what to share. The platform does not require data it does not need to classify and file.
When you use our website or contact us, we process a small amount of data as controller:
| Category | Location |
|---|---|
| All client data, documents & encrypted backups | Azure Switzerland North — at rest in Switzerland. |
| AI inference for classification | Azure OpenAI, West Europe — within the EU data boundary. |
| United States | Not used. No client data is routed to, processed in, or stored in the US. |
WealthComply uses AI to assist classification. Two commitments govern it:
Where we act as controller, we rely on: legitimate interests (running and securing our website and responding to enquiries), consent (newsletter subscription, which you can withdraw at any time), and contract (administering your account). Where we act as processor, the legal basis for the underlying processing is determined by you as controller.
We use a small, vetted set of subprocessors. A current register is available to clients with our DPA.
| Subprocessor | Purpose |
|---|---|
| Microsoft Azure (Switzerland North) | Hosting, database, storage, monitoring. |
| Azure OpenAI (West Europe) | AI inference for classification reasoning. |
| Cloudflare | Edge protection, WAF and DDoS mitigation. |
| Microsoft Entra ID | Identity and single sign‑on. |
We notify clients of material subprocessor changes with the right to object. Non‑essential telemetry can be disabled per tenant for clients with strict Swiss‑only requirements.
Client data is retained for as long as your agreement is in force and for any period you configure. On termination, you receive a full export in agreed formats, after which your tenant is securely deleted unless a documented legal hold applies. Visitor and marketing data is kept only as long as needed for the purpose it was collected.
Under UK GDPR, EU GDPR and the revised Swiss FADP you may have the right to access, correct, delete, restrict, port or object to the processing of your personal data. Where WealthComply is the processor, we will pass any such request to the relevant client controller and support them in responding. To exercise a right or raise a concern, contact us using section 12 — and you may also complain to your local supervisory authority.
Encryption in transit (TLS 1.2+) and at rest (AES‑256), role‑based access, a default position of no access to your content without your logged approval, and an ISO 27001‑aligned management system. Our Security page sets out the detail, and a full evidence pack is available under NDA.
Questions about this policy or your data can be sent to privacy@wealthcomply.ai, or by post to WealthComply Ltd., Jersey, Channel Islands. We aim to respond within one business day.