entropyFA Data Confidentiality Agreement

This Data Confidentiality Agreement (“Agreement”) is made by Entropy Financial Technologies, Inc. (“entropyFA,” “we,” “us,” or “our”), a Delaware corporation with principal offices at 5 Vaughn Drive, Princeton, NJ 08540.

This Agreement sets forth binding commitments regarding the treatment of data provided to entropyFA by clients, advisory firms, family offices, and their end users (collectively, “Client Data”). These commitments apply to all users of the entropyFA platform and are enforceable upon execution of this Agreement or acceptance of our Terms of Service.

1. Zero AI Model Training

entropyFA will never use Client Data to train, retrain, fine-tune, or improve any artificial intelligence or machine learning model, whether proprietary or third-party. Client Data is strictly isolated and used solely to generate analysis and outputs for the specific account to which it belongs.

This restriction is enforced at the architectural level. Client Data does not flow into any model training pipeline and cannot be included in training datasets by any entropyFA employee, contractor, or system.

2. Zero Data Monetization

entropyFA will never sell, share, lease, license, or otherwise monetize Client Data. This is a contractual covenant, not a revocable policy. There is no business model, current or planned, in which Client Data is used as a revenue source, advertising input, or commercial asset.

Client Data will not be shared with any third party except as necessary to provide the entropyFA service (e.g., encrypted transmission to cloud infrastructure providers), and such third parties are bound by equivalent confidentiality obligations.

3. Encryption & Data Residency

All Client Data is encrypted using AES-256 encryption at rest and TLS 1.3 encryption in transit. Per-family encryption keys ensure cryptographic isolation between households.

Client Data is processed and stored exclusively within the United States on SOC 2 certified cloud infrastructure. No Client Data is transferred to, processed in, or stored in any location outside of the United States. No exceptions.

4. Audit Trail & Access Logging

entropyFA maintains comprehensive audit logs of all platform activity, including user logins, data access events, configuration changes, AI agent actions, and administrative operations.

Audit logs are retained for a minimum of seven (7) years and are available to clients upon written request. Logs are designed to satisfy the recordkeeping requirements of SEC-registered investment advisors and fiduciary institutions.

5. Certified Data Deletion

Upon termination of service, entropyFA will permanently delete all Client Data from active systems and backup infrastructure within ten (10) business days of receiving a written deletion request.

entropyFA will provide written certification of complete deletion upon request. Deletion includes all copies, replicas, cached instances, and backup copies. No Client Data will be retained after the deletion process is complete, except as required by applicable law or regulation.

6. Security Incident Notification

In the event of a confirmed security incident involving unauthorized access to, disclosure of, or loss of Client Data, entropyFA will notify affected clients within seventy-two (72) hours of confirming the incident.

Notification will include: (a) a description of the incident, (b) the categories and approximate volume of data affected, (c) the measures taken to address the incident, and (d) the measures taken to mitigate potential adverse effects. entropyFA maintains a formal Incident Response Plan that is tested and updated annually.

7. Data Portability

Clients may export their data at any time in standard, machine-readable formats. entropyFA will not impose technical or contractual barriers to data portability. Your data belongs to you.

8. Ongoing Obligations

The commitments in this Agreement are ongoing and survive termination of the service relationship, except where completion of the obligation (such as data deletion) concludes the commitment.

entropyFA will not materially weaken these commitments without thirty (30) days' prior written notice to affected clients and an opportunity to terminate service before any changes take effect.