Privacy and data practices

Privacy Policy

Effective date: June 23, 2026  ·  Good Stewards Holdings Inc.  ·  support@goodstewards.io

This policy is written for families, investment groups, app-store reviewers, and regulators who need a clear view of what Good Stewards collects, why it is needed, and how financial-service providers fit into the Platform.

1. Scope and Controller

This Privacy Policy explains how Good Stewards Holdings Inc. ("Good Stewards," "we," "us," or "our") collects, uses, shares, protects, and retains information when you use Good Stewards, including our website, web application, mobile applications, APIs, account-deletion flow, support channels, and related services (collectively, the "Platform").


For privacy requests, Good Stewards is the primary business or controller for information we collect to operate the Platform. Certain brokerage, custody, banking, identity-verification, payment, and account-linking services are provided by independent third-party providers under their own terms and privacy notices.

2. Financial Services Role

Good Stewards is software for family offices, family investment clubs, and investment groups to organize financial information, coordinate governance, manage records, view portfolio information, and connect third-party providers.


Good Stewards does not:

  • Hold customer funds or securities
  • Custody assets
  • Execute trades directly
  • Provide investment, legal, tax, or accounting advice
  • Act as a broker-dealer, registered investment adviser, bank, custodian, transfer agent, or payment institution

  • Brokerage, custody, banking, identity verification, account-linking, and payment services are provided by licensed or otherwise authorized third-party providers where enabled. Your use of those services may require separate onboarding, consents, contracts, risk disclosures, identity checks, and provider privacy notices.

    3. Information We Collect

    We collect information you provide, information generated when you use the Platform, and information we receive from third-party providers you choose to connect.


    Account and Contact Information

  • Name, email address, phone number, user ID, authentication details, account status, profile photo or avatar information if provided, and login/security activity
  • Passwordless sign-in codes, session tokens, and account identifiers needed for authentication
  • On mobile, credentials or tokens may be stored in device secure storage when you enable biometric sign-in; Good Stewards does not receive your Face ID, Touch ID, fingerprint, or biometric template

  • Family, Club, Governance, and Profile Information

  • Family, club, investment group, membership, role, ownership, contribution, voting, proposal, goal, meeting, education, risk-assessment, onboarding, and governance records
  • Comments, notes, messages, voting records, signatures, consents, and other user-generated content you submit through the Platform

  • Financial, Brokerage, Banking, and Payment Information

  • Assets, liabilities, account balances, positions, holdings, portfolio data, orders, trade status, transaction history, contribution history, subscription status, invoices, payment status, and related financial records
  • Bank-linking, treasury, routing, account, payment-method, customer, processor-token, account identifier, and provider-token information where needed to connect Plaid, Stripe, banking, treasury, or brokerage workflows
  • We do not ask for or store your bank or brokerage login credentials. When a third-party connection is used, the provider may collect credentials or authentication information directly from you

  • Identity, Compliance, Tax, and Legal Information

  • Information needed for onboarding, KYC/KYB, beneficial ownership, accreditation, suitability, tax, entity formation, brokerage, treasury, compliance, audit, and legal records
  • This may include date of birth, address, entity information, tax identifiers, government identification details, signature records, ownership records, and provider verification status where required by law or by a third-party provider

  • Documents, Files, and Photos You Choose to Upload

  • Operating agreements, subscription documents, tax records, bank documents, brokerage documents, signatures, PDFs, images, and other records you choose to upload or generate through the Platform
  • On mobile, we access only the files or photos you select through the document picker or photo library picker. We do not access your full photo library, camera roll, or documents without your action

  • Communications and Support Information

  • Support requests, account deletion requests, emails, in-app messages, concierge messages, feedback, survey responses, legal requests, and related correspondence

  • Device, Usage, Diagnostics, and Security Information

  • IP address, approximate location derived from IP address, device type, operating system, browser, app version, session identifiers, push notification token, app interactions, feature usage, diagnostics, crash information, performance data, logs, and security events
  • We do not collect precise GPS location, contacts, phonebook data, SMS/MMS content, microphone audio, call logs, health data, or advertising identifiers for advertising tracking unless a future feature clearly asks for permission and is disclosed before collection
  • 4. Sources of Information

    We collect information from:

  • You, when you create an account, join a club, complete onboarding, connect providers, upload documents, vote, comment, contact support, or request deletion
  • Other authorized members or administrators of your family, club, or investment group, when they invite you, assign roles, create records, or manage shared workflows
  • Third-party providers you choose to connect, such as brokerage, banking, payment, identity-verification, document-signing, email, notification, analytics, diagnostics, AI, and cloud-service providers
  • Your device, browser, and app through normal Platform operation, security logging, diagnostics, cookies, and similar technologies
  • 5. How We Use Information

    We use information to:

  • Provide, operate, personalize, maintain, secure, and improve the Platform
  • Create and manage accounts, families, clubs, roles, memberships, invitations, governance workflows, votes, proposals, meetings, documents, education, and records
  • Authenticate users, maintain sessions, enable biometric sign-in on your device, deliver passwordless sign-in codes, and prevent unauthorized access
  • Enable brokerage, banking, treasury, payment, identity-verification, tax, document-signing, and account-linking workflows you choose to use
  • Display portfolio, contribution, transaction, ownership, and governance information to authorized members of your family, club, or investment group
  • Send transactional emails, account notices, service updates, security alerts, support responses, deletion-request updates, and push notifications if enabled
  • Provide customer support, staff review, concierge support, and operational assistance
  • Generate summaries, notes, insights, or other AI-assisted outputs when you use AI-assisted features
  • Monitor reliability, measure product usage, debug errors, fix crashes, develop new features, and improve performance
  • Detect, investigate, and prevent fraud, misuse, security incidents, policy violations, unauthorized access, and illegal activity
  • Comply with legal, regulatory, tax, accounting, audit, contractual, sanctions-screening, and provider obligations

  • We do not use Platform data to provide individualized investment advice. Information, education, AI-generated content, portfolio views, and analytics are for coordination, recordkeeping, and informational purposes only.

    6. How We Share Information

    We share information only as needed for the purposes described in this Policy.


    We may share information with:

  • Authorized members, managers, officers, administrators, and advisers of your family, club, or investment group according to your role, permissions, and shared workflows
  • Brokerage and custody providers, such as Alpaca where enabled, for account authorization, brokerage account services, portfolio data, order status, trade execution by the provider, statements, confirmations, and required records
  • Banking, treasury, ACH, and account-linking providers, such as Plaid or banking partners where enabled, for account connection, verification, payment, treasury, and contribution workflows
  • Payment processors and billing providers, such as Stripe, for subscriptions, invoices, payment status, customer records, payment method handling, and billing support
  • Authentication, database, storage, hosting, security, and infrastructure providers, including Supabase and cloud providers, to operate and protect the Platform
  • Email and notification providers, including Resend and Expo, to deliver transactional emails and push notifications
  • Document-generation, document-signing, file-storage, and compliance providers, including Dropbox Sign or similar providers where enabled
  • Analytics, diagnostics, logging, monitoring, and security providers to understand product usage, improve reliability, and investigate abuse
  • AI service providers, such as Anthropic or OpenAI, when you use AI-assisted features that require sending relevant prompts, context, documents, notes, or portfolio information to produce the requested output
  • Professional advisers, auditors, insurers, regulators, law enforcement, courts, government authorities, and other parties when we believe disclosure is required by law, necessary to protect rights or safety, or needed to enforce agreements
  • Successors or parties to a merger, acquisition, financing, corporate transaction, reorganization, or asset transfer, subject to appropriate confidentiality and privacy protections

  • We require service providers to process personal information under instructions, confidentiality obligations, and security commitments appropriate to their role. Some providers, especially financial-services providers, may also act as independent businesses or controllers for services they provide directly to you or your club.

    7. Third-Party Providers and SDKs

    The Platform uses third-party services and software development kits to provide core functionality. Current or planned providers may include:

  • Supabase for authentication, database, storage, and session management
  • Alpaca for brokerage authorization, brokerage data, account status, portfolio data, and provider-executed brokerage activity where enabled
  • Plaid for financial account connection, account verification, bank-linking, and investment or banking data where enabled
  • Stripe for subscription billing, payment processing, invoices, payment status, and related customer records
  • Expo for mobile app services, including push notification token handling and notification delivery
  • Resend for transactional email delivery
  • Dropbox Sign or similar providers for e-signature and document workflows
  • Cloud hosting, storage, security, logging, analytics, diagnostics, and monitoring providers
  • AI service providers for optional AI-assisted summaries, notes, explanations, and insights

  • Third-party code may collect or process data from the app or from our servers. We review third-party provider and SDK behavior when preparing Apple App Privacy details and Google Play Data safety disclosures. If provider behavior or Platform functionality changes, we will update this Policy and store privacy disclosures as required.

    8. Tracking, Advertising, and Sales of Personal Information

    Good Stewards does not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use personal information, device identifiers, push tokens, financial information, or usage information to track you across other companies' apps or websites for advertising or advertising measurement.


    We do not use the Apple Identifier for Advertisers (IDFA), Android Advertising ID, or advertising SDKs for tracking. If we ever introduce a practice that qualifies as tracking under Apple's App Tracking Transparency rules, we will update this Policy, update App Store disclosures, and request permission through the required system prompt before tracking begins.


    We may use first-party analytics, diagnostics, cookies, and logs to operate, secure, and improve Good Stewards. These tools are not used for third-party advertising tracking.

    9. Cookies and Similar Technologies

    Our website and web app may use cookies, local storage, session storage, pixels, and similar technologies to:

  • Keep you signed in and remember session state
  • Secure the Platform and detect misuse
  • Understand product usage and improve performance
  • Maintain preferences and support core workflows

  • You can control cookies through your browser settings. Disabling cookies may limit account, security, or session functionality.

    10. Mobile App Permissions

    The mobile app may request permissions only when needed for a feature:

  • Notifications: used to send club alerts, vote updates, activity notices, and account/security messages. You can manage notification permissions through your device settings
  • Face ID, Touch ID, or fingerprint: used only for local authentication on your device. Good Stewards does not receive your biometric data
  • Photos or document picker: used only when you choose to upload an image or file for a document, onboarding, launch, or compliance workflow

  • The app does not request contacts, background location, microphone, SMS, call log, health, or camera permissions for current Platform functionality.

    11. App Store and Google Play Disclosures

    Our Apple App Privacy and Google Play Data safety disclosures are intended to match this Privacy Policy and the current app build.


    For Apple App Privacy, data collected by the app or third-party partners is generally linked to your account when it supports account, financial, governance, support, analytics, diagnostics, security, payment, brokerage, notification, or app functionality. Good Stewards does not identify any collected data as used for tracking unless our practices change.


    For Google Play Data safety, Good Stewards discloses collected data, applicable sharing, purposes of collection, encryption in transit, and the account deletion URL. The Platform uses HTTPS/TLS for data in transit. Users can request account deletion in the app settings or at https://www.goodstewards.io/account-deletion.


    Before submitting a new app version, we review the active app build, third-party SDKs, permissions, backend features, and store forms for consistency.

    12. Security

    We use administrative, technical, and organizational safeguards designed to protect personal information, including access controls, authentication controls, HTTPS/TLS for data in transit, provider security controls, logging, monitoring, and least-privilege operational access where appropriate.


    Financial, identity, brokerage, banking, and payment workflows may also be protected by the safeguards and compliance programs of the applicable third-party providers.


    No method of transmission or storage is completely secure. You are responsible for keeping your login credentials, devices, and email account secure and for notifying us promptly of suspected unauthorized access.

    13. Retention

    We retain information for as long as reasonably necessary to provide the Platform and for the purposes described in this Policy, including account administration, family or club records, portfolio and transaction records, support, security, fraud prevention, audit, tax, accounting, legal, compliance, brokerage, payment, and contractual obligations.


    Retention periods vary by data type. Examples include:

  • Account, profile, authentication, and support records are generally kept while your account is active and for a reasonable period after closure
  • Shared club records, governance records, votes, proposals, meeting records, ownership records, documents, and financial records may be retained while the club or family account remains active and afterward where needed for legal, tax, accounting, audit, dispute, or compliance reasons
  • Brokerage, banking, payment, identity-verification, and tax-related records may be retained by us or by third-party providers for legally required periods
  • Logs, diagnostics, and security records are retained for limited periods unless needed for security, fraud prevention, legal, or compliance purposes

  • When information is no longer needed, we delete, de-identify, aggregate, or retain it only as permitted or required by law.

    14. Account Deletion

    You can request deletion of your Good Stewards account and associated personal information from the mobile app settings or by using our public account deletion page at https://www.goodstewards.io/account-deletion. You may also contact support@goodstewards.io.


    Deletion is intended to remove the account from Good Stewards records along with personal information we are not legally or operationally required to retain. Because Good Stewards supports financial, brokerage, tax, governance, payment, security, and compliance workflows, some information may need to be retained after account deletion for legitimate reasons, including:

  • Brokerage, banking, payment, tax, accounting, and audit records
  • Entity, ownership, governance, vote, proposal, consent, signature, and document records shared with a family, club, or investment group
  • Security, fraud-prevention, legal, dispute, and compliance records
  • Records retained by independent third-party providers under their own legal obligations

  • We may verify your identity and authority before processing a deletion request. We generally aim to acknowledge deletion requests within 10 business days and complete deletion or de-identification of eligible Good Stewards-controlled information within 45 days, unless applicable law, provider requirements, disputes, security needs, or regulatory obligations require a different period. We will tell you if we need more information or if certain records must be retained.

    15. Privacy Rights and Choices

    Depending on where you live and your relationship with Good Stewards, you may have rights to:

  • Access or receive a copy of personal information
  • Correct inaccurate personal information
  • Delete personal information, subject to retention exceptions
  • Restrict or object to certain processing
  • Receive portable data where required by law
  • Withdraw consent where processing is based on consent
  • Opt out of marketing communications
  • Appeal a privacy-rights decision where applicable
  • Lodge a complaint with a data protection authority where applicable

  • California and other U.S. state privacy laws may provide additional rights to know, access, correct, delete, opt out of sale or sharing, limit use of sensitive personal information where applicable, and avoid discrimination for exercising privacy rights. Good Stewards does not sell personal information or share personal information for cross-context behavioral advertising.


    If the GDPR or similar law applies, our legal bases may include performance of a contract, legitimate interests, consent, compliance with legal obligations, and protection of rights, security, and safety.


    To exercise privacy rights, contact support@goodstewards.io. We may need to verify your identity before fulfilling a request.

    16. International Processing

    Good Stewards is based in the United States. Information may be processed in the United States and other countries where we or our providers operate. These countries may have privacy laws different from those where you live. Where required, we use appropriate safeguards for international transfers.

    17. Children and Minors

    The Platform is intended for users who are at least 18 years old and is not directed to children. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact support@goodstewards.io.

    18. Changes to This Policy

    We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and provide notice as required by law or store policy. The current version will be available at https://www.goodstewards.io/privacy.

    19. Contact

    Good Stewards Holdings Inc.

    2701 Little Elm Pkwy Ste 100

    #837

    Little Elm, TX 75068


    Privacy, account, deletion, and support requests: support@goodstewards.io

    Legal notices: legal@goodstewards.io

    © 2026 Good Stewards Holdings Inc.. All rights reserved.

    Terms of Use · Account Deletion · Support · Cybersecurity · Contact Support