← Back to home

Privacy Policy

Effective: 2026-04-26

Who we are

Prestige Ecosystem™ (operated by Citadel Management Holdings) provides a financial-operating-system platform. This Privacy Policy explains what data we collect, why, and your rights.

What we collect

  • Account data: name, email, phone, password hash, tier.
  • Engine intake data: the structured inputs you submit to credit, business, trust, and tax engines — including last-4 SSN where required by FCRA-compliant credit pulls. SSN is encrypted at rest and never logged.
  • Payment metadata: Stripe customer ID, last-4 card digits, billing address. We never store full card numbers.
  • Usage telemetry: page views, engine activation events, IP address, user-agent, referral source.
  • Support communications: emails, chat transcripts, recorded calls (with consent).

Why we collect it

  • To provide the platform you signed up for.
  • To file FCRA disputes, build business credit files, and execute the legal frameworks the engines automate.
  • To process payments and prevent fraud.
  • To send transactional emails and (with opt-in) marketing.
  • To improve the platform and answer support requests.

Who we share it with

Subprocessors: Supabase (database + auth), Stripe (payments), Resend (email), Sentry (error monitoring), Vercel (hosting), Tango Card (gift-card redemption), HeyGen + n8n (marketing automation when you opt-in to comms). We sign data-processing agreements with each. We do not sell your personal data.

HIPAA / health data

Prestige is not a HIPAA-covered entity nor a Business Associate. Some perks (e.g. Rx savings card) link out to third parties — your interaction with those third parties is governed by their privacy policies, not ours.

Your rights

  • Access: request a copy of your data via privacy@prestigeecosystem.com.
  • Deletion: we hard-delete your data 30 days after cancellation unless legal retention applies (CROA requires 5 years for dispute records).
  • Correction: edit your profile in /settings, or email support.
  • Opt-out: unsubscribe links in every marketing email.

Data security

TLS-only in transit, AES-256 at rest. Row-level security on every member-data table. Engineer access is logged. We're preparing for SOC2 Type II audit; see our internal SOC2/HIPAA prep doc for the controls inventory.

Children

Prestige is for U.S. residents 18+. We do not knowingly collect data from minors. The signup gate requires age + country attestation.

Changes

We'll email you 14 days before any material change. Minor edits are noted by an updated effective date above.

Contact

Privacy inquiries: privacy@prestigeecosystem.com. Postal: Citadel Management Holdings, attn: Privacy Officer.