At WealthPlus, trust is our most valuable asset. Protecting your privacy is essential to earning and maintaining that trust. This Privacy Policy explains—in clear, direct language—how we collect, use, store, share, and protect the personal data we obtain through our Site or otherwise in connection with the Services. We comply with the GDPR, the CCPA and other applicable U.S. data protection laws. Certain data practices may be subject to the Gramm-Leach-Bliley Act (GLBA) and therefore exempt from the California Consumer Privacy Act. To the extent GLBA applies, WealthPlus will handle your data in accordance with its obligations under federal law.

By using the Site or Services, you consent to our practices regarding personal data as described in this Policy. This Privacy Policy supersedes all prior versions. If you do not agree with this Policy, please do not use our Site or Services.

CONTENTS

1.        Definitions

2.        Information We Collect

3.        How We Use Personal data

4.        COOKIES AND TRACKING TECHNOLOGIES

5.        HOW WE SHARE YOUR INFORMATION

6.        Cross-Border Data Transfers

7.        Security & Data Retention

8.        Your Choices and Rights

9.        CHILDREN’S PRIVACY

10.        Security

11.        Retention

12.        Changes to This Privacy Policy

13.        Contact Us

14.        NOTICE TO CALIFORNIA RESIDENTS – ADDITIONAL PRIVACY RIGHTS UNDER CALIFORNIA LAW

15.        GLBA Financial Privacy Notice

1. Definitions

For purposes of this Privacy Policy, the following definitions shall apply as it pertains to relevant parties herein:

1. “CCPA” shall mean California’s Consumer Privacy Act.
2. “GDPR” shall mean the current version of the General Data Protection Regulations.
3. “Participant”: shall mean an individual who accesses a WealthPlus portal to view or manage a retirement plan account.
4. “Personal data” shall have the same meaning ascribed to it under the UK Data Protection Act 1998/the European Data Protection Directive 95/46/EC/General Data Protection Regulation 2018 and any successor legislation, this includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, postal address, email address and telephone number.
5. “Plan Sponsor” or “Client”: shall mean an employer (and its authorized signers) that has executed a WealthPlus Service Agreement to administer a qualified retirement plan to a Participant.
6. “Services” shall mean all services offered by WealthPlus through the Site, including: retirement-plan administration services supporting 401(k), 403(b), and 457(b) plans for U.S. employers and their employees; ministerial plan-administration duties without fiduciary status assigned to WealthPlus for such duties (e.g., payroll integrations, contribution processing, compliance testing, participant communications); participant or plan-sponsor portals, and the retirement-plan administration, recordkeeping, and ancillary services we provide now or in the future.
7. “Site” shall mean the WealthPlus website (https://wealthplus.inc/).
8. “User” shall mean any person who uses the Site.
9. “WealthPlus” (also referred to herein as “we,” “us,” or “our”)  shall mean WealthPlus, Inc. and its respective affiliates, parent companies, and subsidiaries now in existence and/or later formed.

2. Information We Collect

We collect information about you in a range of forms, including personal data. We collect information from you in various ways, including:

1. Data Collected From All Users (Participants & Plan Sponsors)

• Identifiers and Contact Information: Legal name, mailing address, email address, phone number, IP address, and, if you engage with us on social media, your handle and publicly visible profile photo. If you engage with us on social media, we may also keep detailed logs of our social media interactions.
• Account Credentials: Username, password, and (for MFA) phone number or authenticator token.
• Device & Network Data: Browser type, operating system, approximate geolocation derived from IP address, session timestamps, error logs, cookies, and pixel tags.
• Usage Data: Pages viewed, referring URLs, login attempts, link clicks, crash reports, and feature-usage metrics captured through Google Analytics or similar tools.
• Support Requests: Inquiries made by a Participant or Plan Sponsor to WealthPlus via email, phone, chat, or other authorized communication methods.
• User Generated Content: If you provide feedback to us, we may use and disclose such feedback on our Site/Services.

2. Additional Data Collected From Participants

• Retirement-Plan Data: Contribution rates or dollar amounts, investment elections and changes, loan balances and amortization schedules, distribution history, and beneficiary designations.
• Demographic Details Supplied in Surveys or Plan Forms: Age, gender, marital status, and sexual orientation.
• Financial Identifiers: Linked bank-account numbers and routing numbers used for direct deposits and withdrawals.

3. Additional Data Collected From Plan Sponsors

• Employer Census and Payroll Data: Names, dates of birth, hire dates, compensation, status changes, and contribution remittance details.
• Plan Documents: Adoption agreements, amendments, IRS determination letters, compliance-testing workpapers, Form 5500 data, fee disclosures, and auditor-requested reports.
• Authorized-Signer Information: Contact details and documentary proof of authority for individuals permitted to approve plan transactions.

4. Information We Collect as Your Authorized Agent:Plan Sponsors may authorize WealthPlus to retrieve payroll and HR data automatically via our 360° integration partner, Finch. When enabled, we receive only the census and payroll fields necessary to calculate eligibility, contributions, and compliance testing. Data is transmitted and stored using TLS encryption and is subject to strict role-based access controls. WealthPlus does not retain raw payroll-system credentials.

5. Information from Third-Party Resources

• Publicly available business data.
• Partner vendors and service providers.
• Social media and networking platforms.

6. Anonymous Data: When we use the term "anonymous data," we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party. We may create anonymous data from the personal data we receive about you and other individuals whose personal data we collect. Anonymous data might include analytics information and information collected by us using cookies. We make personal data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze usage patterns in order to make improvements to our Site/Services.

7. Other Ways We Collect Information

• Cookies: Session cookies keep you logged in; analytics cookies help us understand traffic patterns. You may disable non-essential cookies, but some features may not work.
• Pixel Tags/Web Beacons: Placed by Google Analytics or similar tools for aggregate reporting; they do not capture identifiable data.
• Log Files: Our servers store IP addresses, login times, page requests, and error events for security and troubleshooting purposes.
• Surveys: Optional questionnaires may request demographic or feedback data.

We do not use cross-device advertising IDs and we do not respond to Do Not Track signals.

3. How We Use Personal data

We use personal data to:

• Provide, operate, and maintain the Services, including contribution processing, trading, loans, and distributions.
• Perform compliance testing, prepare required notices, and file IRS Form 5500.
• Authenticate users and secure accounts.
• Detect, investigate, and prevent fraud or security incidents.
• Improve and personalize our Services and develop new features.
• Send required transactional and regulatory communications (quarterly statements, blackout notices, investment-menu updates) and, with appropriate consent, optional educational content or promotions.
• Comply with ERISA, IRS, DOL, state privacy laws, and any court orders.

We do not rent, sell, or trade Personal data.

4. COOKIES AND TRACKING TECHNOLOGIES

We may collect information using "cookies." Please review our Cookie Policy^[a] for additional information.

5. HOW WE SHARE YOUR INFORMATION

We may share your personal data as follows:

1. Third Parties Designated by You: We may share your personal data with third parties where you have provided your consent to do so, which may include directed trustees/custodians to trade and safeguard plan assets.

8. Our Third Party Service Providers: We may share your personal data with our third party service providers who assist us in operating our platform, including:

• Payment Processors (e.g., Stripe, PayPal) to facilitate secure payment transactions.
• Subcontractors that print statements, mail disclosures, process distributions, or provide IT hosting, analytics, or security services, subject to written confidentiality obligations.
• Payroll-integration partner Finch, solely for data synchronization.
• Professional advisers (lawyers, auditors, accountants) under strict confidentiality in accordance with Non-Disclosure Agreements signed by each such party.
• Analytics and Tracking Tools (e.g., Google Analytics) to understand platform usage and improve user experience.
• Other Third-Party Services as necessary for platform functionality, security, or regulatory compliance.

9. Affiliates: We may share some or all of your personal data with our affiliates, in which case we will require our affiliates to comply with this Policy. In particular, you may let us share personal data with our affiliates where you wish to receive marketing communications from them.

1. Corporate Restructuring: We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, sale of assets, or bankruptcy transaction or proceeding.

1. Other Disclosures: We may share personal data as we believe necessary or appropriate: (a) with government agencies (IRS, DOL, state regulators) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.

We do not share data with non-affiliated third parties for their own marketing.

6. Cross-Border Data Transfers

Our primary servers are in the United States. Limited cross-border data movement may occur when (i) Participants access accounts while abroad, or (ii) vetted contractors outside the U.S. provide development or support services. In such cases, we rely on encryption, role-based access, and Standard Contractual Clauses or other lawful mechanisms.

7. Security & Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including to comply with legal obligations, resolve disputes, and enforce our agreements. The standard retention periods for different data types are as follows:

1. Account Information: Retained for the duration of your account’s activity and up to ninety (90) days after account closure unless a longer retention period is required by law.
2. Transaction Data (e.g., payment records): Retained for seven (7) years in compliance with financial and tax regulations.
3. Customer Support Communications: Retained for two (2) years after the last interaction for quality assurance and dispute resolution.
4. Marketing Preferences and Opt-Out Requests: Retained indefinitely unless the user requests deletion.

Upon the expiration of these retention periods, we securely delete or anonymize data, unless retention is required by applicable law.

8. Your Choices and Rights

Participants may: (a) Access, correct, or delete personal data upon request; (b) Opt out of marketing communications; or (c) Request data portability (where applicable under law).

1. Profile Management: Participants can update contact details, contribution elections, beneficiaries, and communication preferences through the portal.

2. Opt-out: You may contact us anytime to opt-out of: (i) direct marketing communications; (ii) any new processing of your personal data that we may carry out beyond the original purpose; or (iii) the transfer of your personal data outside the USA or EEA. Please note that your use of some of the Site/Services may be ineffective upon opt-out. If we send marketing emails in the future, every email will include an unsubscribe link. Mandatory service and compliance notices cannot be disabled.

3. Access: You may access the information we hold about you at any time via your account or by contacting us directly. Email support@wealthplus.inc to request copies of your personal data. We will verify identity before releasing records.

4. Amend: You can also contact us to update or correct any inaccuracies in your personal data.

5. Delete: You have the right to contact us to request deletion of your non-plan records under applicable laws. Because ERISA and IRS regulations require extensive retention, most Participant and Plan Sponsor data cannot be deleted until seven (7) years after plan termination or two (2) years after an inactive account with no transactions, whichever is later. We will verify the identity of the requester to prevent unauthorized deletion (this may require additional information from you). We reserve the right to deny a deletion request if: (i) the request cannot be verified, (ii) data is required to comply with legal, financial, or fraud prevention obligations, or (iii) the request conflicts with contractual obligations. Upon receiving a verified request, we will delete or anonymize your personal data within thirty (30) days of receipt of request. Please note, certain data may be retained despite a deletion request due to legal, regulatory, or contractual obligations, including: (i) transaction and financial records which shall be retained for seven (7) years as require for tax and financial compliance, (ii) fraud prevention and security logs which shall be retained for three (3) years to comply with fraud detection and security requirements, and (iii) any data necessary to fulfill Pure Charge’s legal compliance obligations under applicable laws. You will receive a confirmation once your data has been deleted or anonymized. If personal data has been shared with third-party service providers, we will notify them of the deletion request where feasible. However, we are not responsible for their independent retention policies. You should review third-party policies for further information. 

6. Move: Your personal data is portable, i.e. you have the flexibility to move your data to other service providers as you wish.

7. Erase and Forget: In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data.

8. Exercising Your Rights: If you wish to exercise any of these rights, please contact us using the Contact Information contained herein. In your request, please make clear: (i) what personal data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and, in any event, within one month of your request.

9. California & Nevada Users: WealthPlus does not sell Personal data. California residents may request, twice per year, (i) the categories of Personal data collected, (ii) the business purposes for collection, and (iii) the categories of third parties with whom it was shared. Nevada residents may direct us not to sell covered information (we currently do not sell data).

1. EU/EEA Data Users: Where GDPR applies, you may have rights to access, correct, or erase your data, restrict or object to processing, and request data portability, subject to U.S. record-retention laws.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.

9. CHILDREN’S PRIVACY

Our Services are designed for workplace retirement plans and are not directed to persons under 16. Except for beneficiary information supplied by adults, we do not knowingly collect data directly from minors. If we become aware of data collected from minors, we will delete it immediately.

1. Security

We deploy a multi-layered security program:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• AWS SOC-audited data centers with physical security.
• Role-based access and mandatory MFA for privileged users.
• Continuous vulnerability scanning, penetration testing, and log monitoring.
• Documented incident-response plan with breach-notification procedures.
• Quarterly employee security and phishing-awareness training.

Despite these controls, no internet transmission or storage system is 100% secure. We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by emailing support@wealthplus.inc.

1. Retention

We will only retain your personal data as long reasonably required for you to use the Site and/or to provide you with the Services unless a longer retention period is required or permitted by law (for example for regulatory purposes). We keep plan and participant records for seven (7) years after plan termination or longer where required. Inactive, never-funded user profiles may be purged after two (2) years.

1. Changes to This Privacy Policy

We may amend this Policy from time to time, so we encourage you to review it frequently. The "Last Updated" legend above indicates when this Policy was last changed. Material changes will be posted on the Site or communicated through the portal. Continued use of the Services after notice constitutes acceptance of the revised Policy.

1. Contact Us

We welcome your comments or questions about this Policy. You may contact us in writing atsupport@wealthplus.inc.

1. NOTICE TO CALIFORNIA RESIDENTS – ADDITIONAL PRIVACY RIGHTS UNDER CALIFORNIA LAW

California law requires us to disclose the following information related to our privacy practices. If you are a California resident, this section applies to you in addition to the rest of this Privacy Policy.

1. California Residents: Privacy Rights Under the CCPA

As a California resident, you have certain rights, such as:

• Access to Information: You may request information regarding the categories of personal data we have collected about you; the categories of sources from which the information was collected; the purposes for which we collected, disclosed, or sold personal data; and the categories of third parties to whom we have sold or disclosed personal data for a business purpose and the categories of personal data disclosed or sold. You may also request access to the specific pieces of personal data we have collected in the 12 months preceding your request, including, where applicable, in an electronic and readily-usable format. Your access rights under California law are not absolute. Specifically, you have the right to make a request no more than twice in a twelve-month period and the information you can request is limited to personal data collected in the 12-month period preceding our receipt of the request.

• Deletion: You nay request that we delete the personal data we have collected from you. If required by law we will grant a request to delete information, but you should note that in certain situations, and to the extent permitted by law, we may be required to keep your personal data to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.

• Opt-Out of Sales: You have the right to opt-out of any sales of personal data that may be occurring. We share personal data, and over the preceding twelve months may have shared personal data, for other benefits which are a sale of information, as defined by California law. This includes sharing of identifiers, commercial information, and internet or other electronic network activity usage data with advertising partners and networks, and website analytics companies. We do not knowingly sell personal data about persons under the age of 16. If you wish to exercise this right, you may submit a request by email at support@wealthplus.inc.

• Non-Discrimination: You have the right not to be discriminated against for exercising your rights under California law. We do not discriminate against California consumers who exercise their rights described in this section. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale, and retention and use of your personal data as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspect of any financial incentive will be explained and described in its program terms. We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly.

Please note that not all these rights are absolute, and they do not apply in all circumstances. While we will make reasonable efforts to accommodate your request, we also reserve the right to impose certain restrictions and requirements on such requests, if allowed or required by applicable laws. Any request you submit to us is subject to an identification and residency verification process.

2. California Residents: Exercising Your Privacy Rights Under the CCPA

For the most part, we enable exercise of the privacy rights described in the paragraphs above directly through our Services when logged in.

If you are a California resident and would like to make a request for access, portability, or deletion of your information you may submit a requires through the CCPA Request Form by emailing support@wealthplus.inc.

In order to process your request, we must be able to verify your identity to make sure you are the person about whom we have collected personal data or an authorized representative. Depending on the type of request, we may conduct the verification process by email or phone using information that matches our records. The information you must provide as part of the verification process may include: name, email address, mailing address, phone number, user name, state and/or country of residency, and/or proof of residency. We may also ask for additional information as needed based on your relationship with us.

You may also designate an authorized agent to exercise these rights on your behalf by providing the authorized agent signed permission to submit the request on your behalf. If an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your personal data. Please note, we cannot process your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm that the personal data relates to you.

3. Rights Under California’s “Shine the Light” Law

California residents may request a list of all third parties to which we have disclosed personal data for direct marketing purposes in the prior calendar year. This law requires us to respond to requests from California customers asking about our practices related to disclosing certain types of personal data to third parties for their direct marketing initiatives. You may make such a request by completing and submitting a Shine the Light Request Form and submitting to support@wealthplus.inc.

1. GLBA Financial Privacy Notice

Federal law requires financial companies to tell consumers how they collect, share, and protect Personal data. WealthPlus collects Social Security numbers, contribution and investment elections, payroll data, and plan documents to administer retirement plans; shares data only with custodians, service providers, auditors, and regulators; and does not sell information to non-affiliates. You may limit sharing only for affiliates’ marketing or creditworthiness data. When you are no longer a customer, we continue to retain and protect information as described. To limit sharing or ask questions, email support@wealthplus.inc.