Capistrol LogoCapistrol

Data Privacy & AI Security Standards

At Capistrol, we prioritize the confidentiality of your financial inquiries. Because our Service utilizes advanced Artificial Intelligence and Retrieval-Augmented Generation (RAG), we implement a multi-layered "Privacy-by-Design" architecture to ensure your data remains protected and, where possible, de-identified.

1. Data De-Identification & Masking

To protect your identity, we employ automated de-identification protocols. When you submit a query containing financial data:

  • PII Scrubbing: Our system is designed to identify and "scrub" Personally Identifiable Information (PII)—such as names, specific street addresses, and Tax File Numbers (TFNs)—before the query is processed for long-term storage or model refinement.
  • Data Generalization: We may use "generalization" techniques where specific values are converted into ranges (e.g., converting a specific $2.1M balance into a "$2M–$3M" category) to maintain the utility of the AI’s response without retaining exact, sensitive figures.

2. Encryption and Transmission

All data entered into Capistrol is encrypted both in transit (using TLS 1.2+ protocols) and at rest (using AES-256 encryption). This ensures that even in the unlikely event of unauthorized access, your data remains unreadable.

3. Purpose Limitation (No Data Selling)

Your data is used solely to:

  • Provide accurate, context-aware responses to your queries.
  • Improve the technical performance and accuracy of our RAG system.

Note: Capistrol does not sell your personal or financial data to third-party brokers or advertisers.

4. Zero-Retention for Sensitive Inputs

While we maintain logs to help the AI learn from general "Wealth Wiki" interactions, we operate on a Zero-Retention Policy for high-sensitivity financial identifiers. We do not store "keys" that link de-identified financial queries back to your specific identity in our long-term knowledge base.

5. Third-Party AI Sub-Processors

We may use industry-leading AI infrastructure (such as OpenAI or Google Cloud) to process your queries. In these instances:

  • Enterprise-Grade Privacy: We use API-based "Enterprise" versions of these tools, which contractually prohibit the sub-processor from using your data to train their global models.
  • Data Redaction: We apply our own redaction layer before data reaches any third-party API to ensure they only receive the technical context needed to answer your question.

User Recommendation for Maximum Privacy

While our system is built to protect you, we recommend that users avoid entering Direct Identifiers (like your full legal name, specific bank account numbers, or TFNs) into the chat. For the best experience, use Hypothetical Values or Generalized Figures (e.g., "If an SMSF has a balance of $3 million..." instead of "My SMSF has $3,102,450...").

Disclaimer: Capistrol AI can make mistakes. It provides SMSF information and decision-support tools, not personalised financial advice. The content and tools do not replace the services of a licensed financial adviser or registered tax agent. Please check the Terms of Service and Privacy Policy.