Ivy
Ivyby IronVest
Back to Legal Hub

IronVest Privacy Policy

Last Updated: April 8, 2026

Quick Summary

Our Promise:

We never sell your personal data. We collect only what's necessary to provide our privacy and security services. Your data belongs to you.

Key Points:

  • This policy applies to IronVest.com, our web app, browser extensions, mobile apps, and InboxGuard.
  • We use Customer.io for email delivery, which collects tracking data when you click email links.
  • We share data only with service providers necessary to operate IronVest, and only for the purposes described in this policy.
  • We do not share personal information for cross-context behavioral advertising.
  • You can exercise privacy rights by emailing privacy@ironvest.com.
  • We encrypt your sensitive data and can't access your passwords or browsing activity.

1. Information We Collect

Account & Service Data

  • Email address (optional for some features) – to forward Masked Emails and send communications
  • Name, phone, address (optional) – for account functionality and auto-fill features
  • Payment information – processed by our payment partners, we don't store credit card numbers
  • Bank account verification (if you choose to connect a bank account) – a verification provider (such as Plaid) may process bank account details and login information as needed to complete verification
  • Biometric data (Premium users) – processed by Anonybit for identity verification

Email Communications Data

We use Customer.io for ALL email delivery, which automatically collects when you interact with our emails:

  • IP addresses and estimated geolocation
  • Device and browser information
  • Email click behavior and timestamps
  • Email engagement metrics

Your Control: Copy and paste email links instead of clicking to avoid this tracking.

Device & Usage Data

  • Website analytics – via Matomo to improve our site experience
  • Form interaction data – anonymized data about forms you use (not linked to your account)
  • Mobile app data – device tokens and app usage for push notifications via Customer.io
  • Installation metrics – anonymous data about app downloads and versions
  • Browser extension telemetry (optional) – limited, de-identified form and feature interaction telemetry to improve form detection and autofill performance; you can control this in product settings where available

InboxGuard Data

  • We process only the data needed to provide InboxGuard's security features (such as detecting phishing and securing email content).
  • We do not use Google user data for advertising or profiling.
  • We do not use Google user data to train AI models unrelated to InboxGuard's security features.

Encrypted Data (We Cannot Access)

  • Your master password
  • Your login credentials and passwords
  • Your browsing activity and personal accounts
  • Masked Email/Phone/Card data (encrypted with 256-bit AES encryption)

2. Browser Extension Data Practices

The Ivy by IronVest browser extension collects and processes specific data to provide its security and privacy features. This section describes exactly what data the extension accesses, how it is used, and where it is stored.

Data Collected by the Extension

Data TypeWhat Is CollectedPurposeStorage
Passwords & CredentialsLogin usernames, passwords, and form field data you choose to savePassword management and autofillEncrypted locally (AES-256); synced to encrypted cloud vault for Premium users
Website Content & FormsPage HTML, form fields, text, and images on websites you visitDetect login/signup forms for autofill; analyze pages for phishing and security threatsProcessed locally in real-time; not stored or transmitted
Web Navigation & HistoryURLs and page titles of websites you visitReal-time phishing detection and security warningsProcessed locally in real-time; not stored, logged, or sent to our servers
Active Tab ScreenshotsScreenshots of the currently active browser tabAnalyze pages for signs of suspicious or malicious activity (e.g., fake login pages, phishing attempts)Processed in real-time for analysis; not stored permanently or shared with third parties
Downloaded FilesMetadata and content of files you downloadAI-powered scanning to detect potentially malicious or dangerous files before you open themAnalyzed locally or via AI processing (AWS Bedrock); files are not stored by IronVest
Installed ExtensionsList of Chrome extensions installed in your browserIdentify extensions with excessive or risky permissions that may compromise your securityProcessed locally only; never sent to our servers or shared with third parties
User ActivityForm interactions, clicks on extension UI elements, and feature usageImprove form detection accuracy and autofill performanceDe-identified telemetry only; optional and controllable in settings
Personal & Financial InformationEmail addresses, phone numbers, payment card details, and personal profile data you saveMasked email, masked phone, and virtual card services; autofill for formsEncrypted with AES-256; stored locally for Free users, synced to encrypted cloud vault for Premium users

Data Storage: Local vs. Cloud

  • Free users: All sensitive data (passwords, masked identities, payment info) is stored locally on your device only, encrypted with AES-256. No data is sent to or stored on IronVest servers.
  • Premium users: Encrypted data is synced to IronVest's secure cloud servers to enable cross-device access. Data remains encrypted in transit and at rest — IronVest cannot decrypt your vault.
  • Security analysis data (screenshots, navigation, page content, installed extensions): Processed locally or in real-time only. This data is never stored on our servers, never logged, and never shared with third parties.

User Consent & Controls

  • Autofill: You choose which credentials and data to save. The extension only fills forms when you initiate it.
  • AI features: Disabled by default. You must opt in to enable AI-powered security analysis.
  • Telemetry: Optional and can be disabled in extension settings.
  • Data deletion: You can delete all locally stored data by removing the extension. For cloud-synced data, contact privacy@ironvest.com.

3. How We Use Your Information

  • Provide IronVest services – Masked Emails, Cards, Phones, and security features
  • Send communications – Account alerts, security notices, and optional marketing
  • Improve our products – Analyze anonymous usage patterns to enhance features
  • Process payments – Through secure payment partners
  • Verify identity – Using biometric authentication for Premium features
  • Customer support – Help you with account and technical issues

4. Information Sharing

We never sell your personal data.

We share personal information only with service providers that help us operate IronVest, and only for the purposes described in this policy.

We do not share personal information for cross-context behavioral advertising.

Categories of Third Parties We Share With:

  • Email service providers (Customer.io)
  • Payment processors (Stripe, Galileo)
  • Telecommunications providers (Twilio, Bandwidth)
  • Biometric authentication services (Anonybit, Coresight)
  • Fraud prevention services (LexisNexis, Stripe)
  • Customer support tools (Groove, MightyCall)
  • AI processing services (AWS Bedrock - only when you use optional AI features)

Detailed Third-Party Partners

ServiceCompanyData SharedPurpose
Email CommunicationsCustomer.ioEmail address, name, engagement data, IP addresses, device infoAll email delivery, push notifications, in-app messages
PaymentsStripe, GalileoName, address, payment detailsProcess payments and prevent fraud
Masked PhonesTwilio, BandwidthPhone numbers, messagesProvide masked phone services
BiometricsAnonybit, CoresightFacial geometry dataIdentity verification
Fraud PreventionLexisNexis, StripeTransaction data, device infoDetect and prevent fraud
AnalyticsMatomoWebsite usage dataImprove website experience
Customer SupportGroove, MightyCallContact informationProvide customer service
AI Assistant (Optional)AWS BedrockUser queries onlyReal-time AI security insights (not stored)

5. Email Communications & Tracking

Types of Emails We Send

  • Transactional emails – Verification codes, password resets, security alerts (cannot opt out)
  • Important announcements – Critical service updates (cannot opt out)
  • Marketing emails – Newsletters, promotions (can opt out anytime)

Email Link Tracking

When you click links in our emails, Customer.io automatically collects:

  • IP address and geolocation data
  • Device information (browser, OS, device model)
  • Click timestamps and behavior patterns
  • Email client information

To avoid tracking: Copy and paste email links instead of clicking them.

Your Email Controls

  • Unsubscribe from marketing emails anytime
  • Essential emails (security alerts, verification codes) will continue
  • Contact privacy@ironvest.com to adjust preferences

6. AI-Powered Features (Optional)

Ivy AI Security Assistant

  • Processing: Real-time via AWS Bedrock using Meta's Llama 3 70B model
  • Storage: No AI interactions are stored, logged, or saved
  • Control: Disabled by default, can be enabled/disabled in settings
  • Decisions: Provides recommendations only, no automated actions

7. Data Security & Retention

Security Measures

  • Industry-standard 256-bit AES encryption
  • Secure servers and encrypted data transmission
  • PCI-DSS compliant payment processing
  • Regular security assessments

Data Retention

  • Active accounts: Data retained while you use IronVest
  • Closed accounts: Data deleted within 3 years
  • Biometric data: Deleted when purpose fulfilled or within 3 years
  • Financial data: Retained as required by PCI and banking regulations
  • AI interactions: Not stored (processed in real-time only)

8. Your Privacy Rights

All Users

  • Access: Get copies of your data
  • Delete: Request data deletion (subject to legal requirements)
  • Correct: Fix inaccurate information
  • Contact: privacy@ironvest.com

California Residents (CCPA)

  • Know what data we collect and why
  • Opt out of data sales (we don't sell data)
  • Equal service regardless of privacy choices

Colorado Residents (CPA)

  • Right to data portability
  • Opt out of targeted advertising and profiling
  • Appeal declined requests

Nevada Residents

You may opt out of the sale of your personal information by emailing privacy@ironvest.com (we do not sell personal information).

European Users (GDPR)

  • Data processing based on contract, legitimate interests, consent (where required), and legal obligations, depending on the context
  • Right to object to processing
  • Data Protection Officer available

9. Cookies & Tracking

We use minimal tracking:

  • Session cookies – Expire when you close your browser
  • Analytics cookies – Anonymous website usage via Matomo
  • Marketing and analytics tools – We may use cookies or similar technologies for analytics and marketing measurement (for example, analytics platforms and advertising pixels)

Your Control: Set your browser to block cookies or use available opt-out mechanisms where applicable.

10. Special Considerations

Children's Privacy

IronVest is not intended for users under 18. We don't knowingly collect children's data.

International Data Transfers

We transfer data internationally using appropriate safeguards like EU Standard Contractual Clauses.

Third-Party Links

Our Sites may link to third-party websites. Their privacy practices are governed by their own privacy policies, not ours.

Law Enforcement

We only provide information under valid court orders and will notify you if legally permitted. We disclose only the information we are legally required to provide.

11. Contact Information

Privacy Rights Requests: privacy@ironvest.com

General Support: support@ironvest.com

Response Times

  • Colorado residents: 45 days
  • California residents: 30 days
  • Other requests: 30 days

Business Contact

IronVest, Inc.

228 Park Ave S, Suite 97601

New York, NY, 10003, US

support@ironvest.com

12. Policy Updates

We'll notify you of significant changes via email or in-app notifications. Continued use after changes constitutes acceptance.

Questions? Contact us at privacy@ironvest.com