Effective Date: March 22, 2026
Version: 1.2
Last Updated: April 2026
Advisory API Systems LLC (“Company,” “we,” “us,” or “our”) is a California-registered investment adviser (CRD #330083) based in Culver City, California. We provide the ALLOCATOR℠ portfolio optimization engine (the “Service”) to registered investment advisers (“RIA Clients”) and individual members of the public (“Individual Clients”) residing in California.
This Privacy Policy describes how we collect, use, disclose, retain, and protect the personal information of our users and website visitors. It applies to all interactions with our website, web interface, and API (collectively, the “Service”).
We are committed to protecting your privacy and complying with all applicable privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), the Gramm-Leach-Bliley Act (“GLBA”), the EU General Data Protection Regulation (“GDPR”) as applicable to personal data processed on our EU-based infrastructure, and other applicable federal and state privacy regulations.
Contact Information:
Advisory API Systems LLC
Email: [email protected]
Phone: (310) 839-0358
This Privacy Policy applies to:
RIA Client Note: If you are an RIA Client, you are the data controller for any End User personal information you submit to us. You are responsible for providing appropriate privacy notices to your End Users and for obtaining any necessary consents. We process End User data solely on your behalf as a service provider. This Privacy Policy does not create a direct relationship between the Company and your End Users.
When you use the Service, you may provide the following categories of personal information about yourself, your spouse or partner, or (in the case of RIA Clients) your advisory clients:
Identification Information: First name, last name, date of birth, gender, email address, phone number(s), and mailing address.
Financial Information: Income (employment, self-employment, and other sources), investment account balances (IRAs, 401(k)s, brokerage accounts), Social Security earnings history and benefit amounts, pension details, annuity contracts, life insurance policies, bank certificates of deposit, business ownership interests, real estate holdings, vehicle assets, and other background wealth.
Employment Information: Occupation, employer, employment history, salary, self-employment status, and expected retirement age.
Demographic Information: State of residence, marital status, and filing status.
Benefit and Insurance Information: Social Security quarters of coverage, claiming age preferences, pension benefit amounts and options, Medicare eligibility, annuity terms, and life insurance coverage and surrender values.
Risk Profile Information: Willingness-to-pay responses and risk tolerance parameters.
Individual Clients provide credit card information (card number, expiration date, CVC, and billing ZIP code) to pay for each use of the Service. This payment information is collected and processed directly by our payment processor, Stripe, Inc. We do not store your full credit card number on our servers. We receive only a transaction identifier, confirmation of payment, and the last four digits of your card for record-keeping purposes.
RIA Clients may provide payment information in connection with invoicing arrangements as described in the User Agreement.
When you access the Service, we may automatically collect:
Server Log Data: IP address, browser type, operating system, referring URL, pages accessed, timestamps, and HTTP request/response status codes.
API Usage Data: API key identifier, request timestamps, response timestamps, response status codes, and API version.
Infrastructure Data: Our infrastructure provider, Cloudflare, Inc., may collect standard web traffic data (IP addresses, request headers, and connection metadata) as part of providing content delivery, security, and DDoS protection services.
We do not use cookies, web beacons, tracking pixels, or third-party analytics services (such as Google Analytics or Facebook Pixel) on our website or web interface. We do not engage in cross-site tracking or behavioral advertising. We do not collect biometric data, geolocation data (beyond what is inferable from IP addresses), or data from social media accounts.
We use personal information for the following purposes:
Providing the Service: Processing your inputs through our portfolio optimization engine to generate investment allocation recommendations tailored to your household’s financial circumstances, including Social Security optimization, tax-aware asset allocation, background wealth valuation, and risk-adjusted portfolio construction.
Payment Processing: Authorizing and capturing payments for each use of the Service, maintaining billing records, and resolving payment disputes.
Regulatory Compliance: Maintaining records required by California securities regulators, the SEC (as applicable), and other regulatory authorities. As a registered investment adviser, we are required to maintain books and records related to the investment advice we provide.
Service Improvement: Analyzing anonymized or aggregated usage patterns to improve the accuracy, reliability, and performance of our optimization engine.
Technical Support: Diagnosing and resolving technical issues reported by users.
Legal Obligations: Responding to lawful requests from government authorities, complying with court orders or subpoenas, and exercising or defending legal claims.
Security: Detecting, preventing, and responding to fraud, unauthorized access, and other security threats.
We do not sell, rent, or trade your personal information to third parties.
We may share personal information with the following categories of recipients, solely as necessary for the purposes described in this Privacy Policy:
Payment Processor (Stripe, Inc.): We share payment-related information with Stripe to process credit card transactions. Stripe’s handling of your payment data is governed by Stripe’s own privacy policy.
Infrastructure and Security Provider (Cloudflare, Inc.): Web traffic passes through Cloudflare’s network for content delivery, DDoS protection, and security services. Cloudflare may process IP addresses and connection metadata in the course of providing these services.
Cloud Storage Provider (Dropbox, Inc.): Encrypted API usage logs are backed up to cloud storage for regulatory record-keeping and disaster recovery purposes.
External Data Providers: We may query third-party data services (such as the Federal Reserve Economic Data API, property valuation services, and vehicle valuation services) using anonymized or non-personally-identifiable parameters to obtain market data, property estimates, or vehicle values referenced in your inputs. Your name and contact information are not shared with these services.
Regulatory Authorities: We may disclose personal information to securities regulators, the SEC, FINRA, or other governmental authorities as required by law or in response to lawful requests, examinations, or investigations.
Legal Proceedings: We may disclose personal information in connection with litigation, arbitration, regulatory proceedings, or as otherwise required by law.
Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the successor entity, subject to applicable privacy laws.
We require all third-party service providers to maintain appropriate security measures and to process personal information only for the purposes for which it was disclosed.
We retain personal information as follows:
API Request and Response Logs: Complete records of API inputs and outputs are retained for the duration of your relationship with us and for a period thereafter as required by applicable securities regulations (currently five years after the end of the fiscal year in which the advice was provided, per SEC Rule 204-2 and California regulations, or longer if required).
Billing Records: Transaction records, invoices, and payment confirmations are retained for seven (7) years in accordance with accounting and tax requirements.
Server Logs: Routine web server logs (IP addresses, access times, request metadata) are retained for up to ninety (90) days for security and operational purposes.
Account Information: API credentials and account metadata are retained for the duration of your account and deleted within thirty (30) days of account termination, except as required by law.
After applicable retention periods expire, personal information is securely deleted or anonymized.
We implement technical and organizational measures designed to protect personal information, including:
No method of transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.
For additional detail, please see our Security Practices Documentation, incorporated by reference into the User Agreement.
If you are a California resident, you have the following rights under the CCPA/CPRA:
You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting it, and the categories of third parties with whom we shared it.
You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions (such as where retention is required by law or necessary to complete the transaction for which it was collected, including regulatory record-keeping obligations applicable to investment advisers).
You have the right to request that we correct inaccurate personal information we maintain about you.
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out, but you retain this right should our practices ever change.
To the extent we collect sensitive personal information (such as Social Security numbers, financial account numbers, or precise geolocation), we use it only as necessary to provide the Service. You have the right to limit the use and disclosure of sensitive personal information to what is necessary to perform the Service.
We will not discriminate against you for exercising any of your CCPA/CPRA rights.
To submit a request to know, delete, or correct, please contact us at:
We will verify your identity before processing your request. For requests submitted by email, we may ask you to confirm information we have on file. We will respond to verifiable requests within forty-five (45) calendar days. If we need additional time (up to an additional forty-five days), we will notify you of the extension and the reason for it.
You may designate an authorized agent to submit a request on your behalf. We may require the authorized agent to provide a signed written authorization or power of attorney, and we may contact you directly to verify the request.
In the preceding twelve (12) months, we have collected the following categories of personal information as defined by Cal. Civ. Code § 1798.140(v):
| CCPA Category | Collected | Examples | Business Purpose |
|---|---|---|---|
| Identifiers | Yes | Name, email address, phone number, mailing address, date of birth | Providing the Service, account management |
| Customer Records (Cal. Civ. Code § 1798.80(e)) | Yes | Name, address, phone number, financial information | Providing the Service |
| Commercial Information | Yes | Transaction records, service usage | Billing, regulatory compliance |
| Internet or Network Activity | Yes | IP address, browser type, access logs | Security, operations |
| Professional or Employment Information | Yes | Occupation, employer, salary | Portfolio optimization inputs |
| Sensitive Personal Information | Yes | Social Security earnings data, financial account details | Portfolio optimization, tax calculations |
Categories of personal information sold: None. Categories of personal information shared for cross-context behavioral advertising: None.
As a registered investment adviser, we are required to provide you with this notice regarding our privacy practices with respect to nonpublic personal information (“NPI”) as defined by the GLBA.
We collect NPI from the following sources:
We do not disclose NPI to nonaffiliated third parties except as permitted or required by law. Permitted disclosures include disclosures to service providers that perform functions on our behalf (such as payment processing, cloud hosting, and data storage), provided they agree to maintain the confidentiality of such information.
We maintain physical, electronic, and procedural safeguards to protect your NPI, as described in Section 7 of this Privacy Policy and in our Security Practices Documentation.
Because we do not share NPI with nonaffiliated third parties for their own marketing purposes, there is no need for you to opt out. Should our practices change, we will provide you with an opt-out notice and a reasonable opportunity to opt out before any such sharing occurs.
The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take reasonable steps to delete it promptly. If you believe we have inadvertently collected information from a child, please contact us at [email protected].
Our website does not respond to “Do Not Track” browser signals because we do not engage in cross-site tracking or behavioral advertising. Your use of our Service is the same regardless of your Do Not Track setting.
Our website or documentation may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.
The Service is offered exclusively to California residents. Personal data is processed on servers located in Germany (European Union), which are subject to the EU General Data Protection Regulation (GDPR) and its strict data protection requirements. Data may also transit through infrastructure located in the United States in the course of providing the Service. By using the Service, you consent to the transfer, processing, and storage of your information as described in this Privacy Policy. If you are located outside the State of California, please do not use the Service.
In the event of a security breach involving your personal information, we will notify affected individuals and applicable regulatory authorities as required by California Civil Code § 1798.82 and other applicable breach notification laws. Notification will be provided without unreasonable delay, and in no event later than required by applicable law.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated by posting the updated policy on our website with a revised “Last Updated” date. If we make material changes that affect how we handle previously collected personal information, we will provide at least thirty (30) days’ notice before the changes take effect.
Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms.
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:
Advisory API Systems LLC
Email: [email protected]
Phone: (310) 839-0358
For complaints that we are unable to resolve, California residents may contact the California Attorney General’s Office at https://oag.ca.gov/contact or the California Department of Financial Protection and Innovation at https://dfpi.ca.gov.
This Privacy Policy is incorporated by reference into the User Agreement. By using the Service, you acknowledge that you have read and understood this Privacy Policy.