Security is where we start.
You're trusting us with tax returns, equity grants, bank statements, and property deeds. That's about as sensitive as data gets. Security isn't a feature we added — it's baked into the architecture.
We never use your data to train models. Your financial life stays yours.
NettWorth is operated by Raining Code Technologies AG, Basel, Switzerland — subject to Swiss nDSG data protection law and GDPR.
Built so the AI never sees who you are.
The AI agents that analyse your wealth never know who you are. This isn't a policy promise — it's a structural property of how we built the system. Your portfolio and your identity live in separate spaces, with a one-way door between them.
Document Ingestion — PII Stripped at the Door
When a document arrives — emailed to docs@inbound.nettworth.ai or uploaded — NettWorth immediately identifies all Personally Identifiable Information: names, mailing addresses, national ID numbers, tax file numbers, and account identifiers. This PII is extracted and stored in your encrypted identity space. It never enters the portfolio knowledge graph.
Encrypted Document Store
Your original documents are encrypted with AES-256 and stored in isolated AWS S3 buckets. Documents are linked to your identity space, not to your portfolio data — so the AI layer cannot reach them.
Portfolio Knowledge Graph
Financial data — assets, valuations, equity positions, allocations, deadlines — flows into a knowledge graph that contains zero PII. Each asset is tracked at the individual level. There is no link back to the owner within this graph.
One-way reference. No reverse lookup.
Your identity space can reference your portfolio. Your portfolio cannot reference your identity. This is enforced at the data model level — not by policy alone.
AI Intelligence Layer — Anonymous Data Only
LLMs and AI agents operate exclusively on the anonymised portfolio knowledge graph. They receive no access to document stores, identity spaces, or any PII. Even if the AI layer were somehow compromised, no personal information could be extracted — because it was structurally never there.
Data Storage & Encryption
At Rest
All data — documents, portfolio data, and identity spaces — is encrypted at rest using AES-256. Documents are stored in isolated, private AWS S3 buckets with strict per-user access controls. Encryption keys are managed via AWS KMS.
In Transit
All communication between your device and NettWorth is encrypted using TLS 1.3. No data is transmitted over unencrypted connections.
User-Managed KeysRoadmap
On premium plans, we plan to offer user-managed encryption keys: even NettWorth cannot read your documents without your explicit authorisation each time. Portfolio data extracted before encryption remains available to AI agents without requiring your key.
No Bank Credentials. No Plaid. No Persistent Access.
Traditional financial aggregators (Plaid, Yodlee) require your banking credentials and establish persistent, broad access to your accounts. NettWorth takes a different approach — one that doesn't require handing over your login details.
Traditional aggregators
- ✕Requires your bank username and password
- ✕Establishes persistent, broad account access
- ✕Aggregator breach exposes your bank account
- ✕Difficult to revoke access fully
NettWorth approach
- No bank credentials required — ever
- You forward documents you already have
- No persistent access to your accounts
- Stop sharing instantly — just stop forwarding
Found a security issue?
We welcome responsible disclosure from security researchers. If you discover a vulnerability in NettWorth, please contact us before making it public. We commit to acknowledging your report within 48 hours and working with you to resolve it promptly.
For general support, contact hello@nettworth.ai. For data deletion or privacy requests, include "Privacy Request" in your subject line.