RegentDesk← Compliance overview

Work in progress

This page is a work in progress and subject to changes and rewrites. Content here reflects RegentDesk's current intent — language, commitments, and structure may all change before launch.

Placeholder document

This is a placeholder. The full attorney-reviewed Privacy Policy will be published before first advisor signup. RegentDesk has budgeted for attorney drafting and will not onboard paying customers until this document is live and reviewed by qualified counsel.

Privacy Policy

When complete, this document will be effective as of the date published above.

What this document will cover

The full Privacy Policy will be drafted by a financial-services-aware SaaS attorney and will cover the following areas. The summary below reflects RegentDesk's current design and intended practices.

1. Information we collect

Account information (name, email, firm) provided at signup. Client data you enter manually: names, relationship notes, life events, risk profile, contact history. Voice samples you provide to train your writing style. Drafts generated and their edit history. Usage data (pages visited, features used) to improve the product. No financial account data, no portfolio data, no custodian data.

2. How we use it

To generate email drafts in your voice. To surface relationship context when you write. To operate and improve the product. We do not sell your data. We do not use your client data to train AI models. We do not share your data with advertisers.

3. Subprocessors

Third-party vendors that process data on our behalf are listed on the Subprocessors page. Each subprocessor is bound by data processing terms. We will give you at least 30 days' notice before adding a new subprocessor that processes client data.

4. Your rights

Export: download all your data as JSON from Settings at any time. Correction: update any client data directly in the product. Deletion: delete individual clients or request full account deletion. Portability: your data belongs to you and leaves with you. These rights apply regardless of which state or jurisdiction you operate in.

5. GLBA / Regulation S-P service provider obligations

RegentDesk acts as a service provider under GLBA. We maintain a written information security program, execute Data Processing Agreements with advisors on request, and commit to 72-hour breach notification as required by the 2024 Reg S-P amendments. See the Compliance overview for full details.

6. CCPA / state privacy laws

RegentDesk acts as a service provider under CCPA and equivalent state laws. We do not sell personal information. We support consumer rights requests (know, delete, opt out) passed through by advisors on behalf of their clients. The full policy will include state-specific disclosures as required.

7. Data retention and deletion

Data is retained as long as your account is active or as required for Rule 204-2 books-and-records purposes. On deletion request: 30-day soft-delete, then hard-purge from active systems. Backup copies purged within 90 days.

8. Contact

Privacy questions: lucas@regentdesk.com. Data Processing Agreement requests: same address.