Loading...
Legal
Last updated: 25 June 2026
MyCIO.ai is operated by the Parsenne group of companies:
| Parsenne, Inc. | Delaware corporation (USA) | Data controller for users outside the UK | MyCIO.ai platform, US data hosting |
| Parsenne, Ltd. | Private limited company, registered in England & Wales (company no. [TBC]) | Data controller for UK data subjects | UK research and operations |
Parsenne, Ltd. is a wholly-owned subsidiary of Parsenne, Inc. Both entities are referred to as "Parsenne", "we", or "us" in this policy.
MyCIO.ai is a financial planning computation tool. It helps you model goals, scenarios, and projections using your inputs. It does not hold money, place trades, or provide regulated financial advice.
Data protection contact: privacy@parsenne.com
We collect the following categories of personal data when you use MyCIO.ai:
| Category | Examples |
|---|---|
| Account data | Name, email address, password hash, account creation date |
| Financial planning facts | Goals, estimated wealth ranges, jurisdiction, age range, tax details you provide |
| Planning scenarios | Retirement projections, goal probabilities, scenario parameters you set |
| Conversation context | Planning discussions saved to improve continuity across sessions (thought log) |
| Usage data | Pages visited, tool calls made, session timestamps, browser/device type |
We do not collect sensitive financial account credentials, brokerage passwords, or payment card numbers directly. Any brokerage connection (SnapTrade) is handled by the broker-level OAuth flow and we receive only read-only account data.
| Purpose | Lawful basis |
|---|---|
| Provide the MyCIO planning service | Contract — necessary to perform our service to you |
| Maintain a secure, fraud-free service | Legitimate interests — protecting users and the platform |
| Improve our models and product | Legitimate interests — developing a better product for all users |
| Send product updates you opt into | Consent — you can withdraw at any time by emailing privacy@parsenne.com |
We do not sell your personal data. We share it only with the sub-processors listed below, each of whom processes data strictly on our behalf and under a Data Processing Agreement (DPA).
| Sub-processor | Purpose | Location | DPA / Reference |
|---|---|---|---|
| Supabase | Database hosting & auth | USA | supabase.com/legal/dpa |
| Anthropic | AI conversation processing (Claude) | USA | Via API agreement |
| OpenAI | AI conversation processing (ChatGPT) | USA | Via API agreement |
Important: when you chat with MyCIO through Claude or ChatGPT, your messages — including any financial details you type — are processed by Anthropic or OpenAI under their own privacy policies. We recommend sharing ranges rather than exact figures in chat (e.g. "around £500k" rather than an exact account number).
MyCIO.ai data is primarily stored in the United States (Supabase). The following transfer mechanisms apply:
| Data flow | Transfer mechanism |
|---|---|
| Parsenne, Ltd. (UK) → Parsenne, Inc. (US) | Intragroup UK International Data Transfer Agreement (IDTA) / UK-US Data Bridge (self-certification in progress) |
| UK residents → Supabase / Anthropic / OpenAI (US) | IDTA or UK Addendum to EU Standard Contractual Clauses (SCCs), per sub-processor DPA |
| EU residents → US sub-processors | EU–US Data Privacy Framework (DPF) where sub-processor is certified; SCCs as supplementary safeguard |
Depending on where you live, you may have the following rights:
| Right | How to exercise |
|---|---|
| Access | Email privacy@parsenne.com — we will provide a copy of your data within 30 days |
| Portability (Art. 20 GDPR) | Download all your MyCIO data from Settings → Download my data |
| Erasure (Art. 17 GDPR) | Delete your account and all data from Settings → Delete my account |
| Rectification | Correct stored profile facts by telling the AI (e.g. "update my age to 45") |
| Restriction / Objection | Email privacy@parsenne.com with your request |
| Withdraw consent | Email privacy@parsenne.com to opt out of any consent-based processing |
UK residents may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. The registered UK data controller is Parsenne, Ltd.
EU residents may lodge a complaint with the supervisory authority in their EU member state.
MyCIO uses only essential cookies — specifically a signed authentication session cookie and a CSRF token. These are strictly necessary for you to log in and use the service securely. We do not use advertising, tracking, or analytics cookies.
| Cookie | Purpose | Duration |
|---|---|---|
| sb-auth-token | Supabase authentication session | Session / 1 week |
| sb-csrf | Cross-site request forgery protection | Session |
| mycio_cookie_ok | Records that you acknowledged this notice (localStorage) | Persistent |
| Data | Retention period |
|---|---|
| Active account data | Retained for as long as the account exists |
| Deleted account data | Removed immediately on account deletion (cascade delete) |
| Database backups | Purged within 30 days of account deletion |
| Conversation logs | Retained while the account exists; deleted with the account |
| Usage analytics | Aggregated and anonymised after 12 months |
For privacy questions, data subject requests, or complaints:
This policy may be updated from time to time. Material changes will be notified by email or by a prominent notice on the MyCIO.ai website. ← Back to MyCIO