MyDiscretionary
Privacy Policy

Last updated: June 30, 2026

This Privacy Policy describes how MyDiscretionary ("we", "us", "the platform") collects, uses, and protects your information when you use the MyDiscretionary mobile or web application (the "Service"). By using the Service you agree to the practices described here. If you do not agree, do not use the Service.

1. Who We Are

MyDiscretionary is operated by MyDiscretionary LLC, an Ohio limited liability company.

Contact:

2. What Data We Collect

2.1 Information you provide

When you use the Service, depending on your role:

As a beneficiary or trustee creating an account:

When using the platform:

2.2 Information collected automatically

2.3 Information from third parties

If your account is provisioned via Auth0 federation (single sign-on), we receive your name and email from the upstream identity provider.

If your firm enables SMS-based two-factor authentication, your phone number is shared with Twilio (our SMS provider) at the moment a code is sent. Twilio's privacy policy governs that interaction.

3. How We Use Your Data

We process your data only for the following purposes:

We do not:

4. How We Share Your Data

We share data only with the following parties, and only the minimum necessary:

5. Security

We protect your data with:

No security system is perfect. If we detect a breach affecting your data, we will notify you and applicable regulators as required by law.

6. Data Retention

We retain your data while your account is active. After account closure:

7. Your Rights

Depending on where you live, you may have the right to:

To exercise any of these rights, email privacy@mydiscretionary.com. We will respond within 30 days. If your request cannot be fulfilled (typically because the data is required for fiduciary record-keeping), we will tell you why and how long we are required to retain it.

California residents (CCPA / CPRA)

You also have the right to know whether we sell or share your data. We do not sell or share your data in the senses defined by these statutes.

EEA / UK residents (GDPR / UK-GDPR)

The legal basis for our processing is:

You have the right to lodge a complaint with your local supervisory authority.

8. Children

MyDiscretionary is not directed to anyone under 18. Where a beneficiary under 18 is named in a trust, their guardian or trustee acts on their behalf and is the platform user. We do not knowingly collect data directly from children.

9. International Transfers

MyDiscretionary is operated from Ohio, United States. If you are accessing the Service from another country, your data will be transferred to and processed in Ohio, United States and any region where our infrastructure providers operate. We rely on Standard Contractual Clauses or equivalent safeguards where required.

10. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced in-app and by email at least 30 days before they take effect. The "Last updated" date at the top of this document reflects the current version.

11. Contact

Questions, requests, or complaints: