Privacy Policy

Updated 09.16.2025

Introduction

Frank is an artificial intelligence product offered by SmartPath Advisors, LLC. (“Frank”, “we”, “us”, or “our”). We view protecting our clients’ personal information as a top priority and, pursuant to the requirements of the Gramm-Leach-Bliley Act (the “GLBA”), have instituted the following policies and procedures to ensure that client information is kept private and secure.

Last Updated: September 16, 2025

This policy serves as formal documentation of Frank’s ongoing commitment to the privacy of its clients. All team members will be expected to read, understand, and abide by this policy and to follow all related procedures to uphold the standards of privacy and security set forth by Frank. This Policy, and the related procedures contained herein, is designed to comply with applicable privacy laws, including the GLBA, and to protect non-public personal information of Frank’s clients.

In the event of new privacy-related laws or regulations affecting the information practices of Frank, this Privacy Policy will be revised as necessary, and any changes will be disseminated and explained to all personnel.

Scope of Policy

This Privacy Policy covers the data processing practices of Frank and applies to all non-public personally identifiable information of our current and former clients.

Overview of the Guidelines for Protecting Client Information

In Regulation S-P, the U.S. Securities and Exchange Commission (“SEC”) published guidelines, pursuant to section 501(b) of the GLBA, which address the steps a financial institution should take in order to protect client information. The overall security standards that must be upheld are:

  • Ensure the security and confidentiality of client records and information;
  • Protect against any anticipated threats or hazards to the security or integrity of client records and information; and
  • Protect against unauthorized access to or use of client records or information that could result in substantial harm or inconvenience to any client.

Application of GLBA to AI

Under the direction of the Federal Trade Commission, GLBA applies to all technology platforms that process (collect, use, disclose, and store) personal information. Although GLBA predates the advent of generative AI and LLM, the FTC has issued guidance to extend the GLBA Safeguards Rule to include AI. Therefore, Frank AI must implement reasonable technical and organizational measures to reasonably safeguard personal data.

Team Member Responsibility

  • Each team member has a duty to protect the non-public personal information of clients collected by Frank.
  • No team member is authorized to disclose or use the non-public information of clients on behalf of Frank.
  • Each team member has a duty to ensure that non-public personal information of Frank’s clients is shared only with team members and others in a way that is consistent with Frank’s Privacy Notice and the procedures contained in this Policy.
  • Each team member has a duty to ensure that access to non-public personal information of Frank’s clients is limited as provided in the Privacy Notice and this Policy.
  • No team member is authorized to sell, on behalf of Frank or otherwise, non-public information of Frank’s clients.
  • Team members with questions concerning the collection and sharing of, or access to, non-public personal information should contact SmartPath Advisor’s CCO, Ryan McPherson, for guidance. The CCO is, for the purposes of data privacy compliance, appointed as the Privacy Officer for SmartPath Advisors and for Frank, as Frank is a service of SmartPath Advisors.

Violations of these policies and procedures will be addressed in a manner consistent with other Company disciplinary guidelines.

Types of Permitted Disclosures – The Exceptions

Regulation S-P contains several exceptions, which permit Frank to disclose client information (the “Exceptions”). For example, Frank is permitted under certain circumstances to provide information to non-affiliated third parties to perform services on Frank’s behalf. In addition, there are several “ordinary course” exceptions, which allow Frank to disclose information that is necessary to administer or provide a service that a client has requested or authorized. Please review the list below:

  • To fulfill your requests for our services;
  • To communicate with you about our services;
  • To improve and/or develop services;
  • In conjunction with a sale of our company or our assets, in which case, we may transfer some or all of the Personal Information to the acquiring company;
  • In any manner consented by you in writing;
  • To disclose financial summaries to recipients with whom you wish to share this data, such as spouses or financial advisors of SmartPath Advisors; and/or
  • To comply with law enforcement, applicable law, and when disclosure is required by a court, government agency, or regulator.

We disclose your personal information to non-affiliated third parties as follows:

Type(s) of NPPI (Non-Public Personal Information)

Personal Information Which May be Collected During Interaction with Frank (some items below may not be applicable and will not be collected):

- Date of Birth / Age Range
- Credit Score
- Financial History
- Income / Salary (Specific Number or Range)
- Non-Salary Compensation (i.e., Equity Compensation)
- Account Types
- Desired Retirement Age
- Marital Status
- Dependent Status (Number of Claimed Persons)
- Debt (History / Current Amount)
- Savings (Type / Amount)

- 401K(k) and 403(b) Contributions
- Pension Details
- Total Assets (Global Amount)
- Living Situation (Rent / Own, Mortgage, Home Value)
- Income Tax Information
- Tax Filing Status
- User Activity
- 529 Account (Account Value and Contribution Amount)
- HSA Account (Account Value and Contribution Amount)
- FSA Account (Account Value and Contribution Amount)

Recipients

Google Privacy Policy available here.


RightCapital Privacy Policy available here.

Wealthbox Privacy Policy available here.

OpenAI Policy available here.

Purpose of Disclosure / Use of NPPI

Maintain client data, records, and reports.

‍[Optional: Only if Frank user chooses to work with an advisor.]
Evaluate client’s current financial situation and create retirement plan.

‍[Optional: Only if Frank user chooses to work with an advisor.]
Maintain client data and records.

Train Frank’s AI model to understand client’s specific needs and to provide more tailored, meaningful responses.

Ethical Use of AI

The personal information collected by Frank shall be used for the purpose of providing tailored financial advice to clients planning for both short-term and long-term (retirement) planning.

Frank is built on top of the OpenAI function which allows Frank to leverage powerful tools to generate meaningful responses for our clients. The more accurate the data disclosed, the more tailored and applicable the advice our clients shall receive.

To ensure that the personal data is safeguarded and used only for the purposes of providing our clients with financial advisory services, we have committed to the following:

  • Retaining personal data only for the purpose of formulating responses for financial advice-giving
  • Established a data retention and destruction schedule, with actionable items to delete data if it is no longer necessary
  • Not using the personal data for any machine learning purposes. If we intend to do so, we shall first de-identity or anonymize the data so it is no longer identifiable and would no longer be personal information
  • If we intend to use personal information beyond the purposes of giving financial advice, we shall first obtain consent from the customer. Such consent is entirely optional, subject to any legal or other similarly compelling reasons 
  • We shall evaluate our AI to ensure that it does not create any biases on the basis of immutable characteristics. These include grounds such as race or ethnicity; gender or gender identity; citizenship or nationality; age or age range; sexual orientation; socioeconomic standing (class); philosophical or religious beliefs; political opinions or affiliations; health-related conditions; or genetic data
  • Frank does not require the production of government-issued ID to run. Therefore, we will not request copies of any identifiers such as passports, citizenship, green card, state/territorial/provincial ID, or similar such documents, and will train our AI to recognize them and to reject accepting them into the AI. This shall not apply to any instances where we require ID, such as for verifying data subject or consumer privacy rights requests
  • We do not make any decisions regarding the use of your personal data or access to our services without human intervention
  • We have conducted security risk threat assessments and privacy impact assessments to evaluate the risk and impact to our customers
  • We conduct periodic audits of the data
  • We have established access control policies and procedures subject to regular audit and review
  • All staff are trained on security awareness, privacy awareness, and ethical AI use

Use of OpenAI

Frank is built on OpenAI. Therefore, OpenAI receives and analyzes the data that Frank uses to provide you with personalized financial advice. To that end, we have committed to the following data protection safeguards to keep personal data secured:

  • Use of the Enterprise version of OpenAI, which affords greater data protection as opposed to the free personal version of OpenAI
  • Execution of a service agreement with OpenAI, with clear restrictions on the accessibility of the data to the vendor
  • Adherence to international data privacy protection standards, including all US state privacy laws. More information on OpenAI’s data privacy governance is available here: (https://openai.com/policies/row-privacy-policy/)

Disclosure to Frank Clients About Working with a Financial Advisor from SmartPath Advisors

Frank clients may elect to share their information with a Financial Advisor of SmartPath Advisors to receive a second opinion on their financial situation or questions.

Please note that our financial advisors are investment advisory representatives of SmartPath Advisors, LLC. For more information about SmartPath Advisors, please visit their website and privacy policy.

Opting Out

When you use our services, you consent to the collection, use, disclosure, and storage of your personal information for the reasons listed in the previous section on “Types of Permitted Disclosures - the Exceptions”.

We may, from time to time, send you communications related to our services, policy updates, or any other messages that are relevant to you as a Frank client.

We may also choose to send you non-essential communications from time to time. If you do not wish to receive these messages, you may opt out of such communications through the following ways:

  • Replying to the message with “unsubscribe” in the body;
  • Emailing Ryan McPherson, CCO at ryan@smartpathadvisors.co that you would like to unsubscribe; or
  • Sending a physical communication here:

Ryan McPherson
Re: Frank
Chief Compliance Officer
SmartPath Advisors, LLC
2451 Cumberland PKWY, STE 3954
Atlanta, GA 30339

Please note: Depending on the U.S. Postal Service, or other sending service chosen, physical communications may take multiple days or weeks to arrive. Neither SmartPath Advisors nor Frank have any control over physical communication delivery timelines. While physical communications are in transit, you may still receive non-essential communications as referenced above. Electronic communications are preferred.

We Will Not Sell Your Personal Information

Frank will not sell your Personal Information without your consent. This means that Frank will not disclose your Personal Information to third parties who do not require this data to provide goods or services to Frank.

In the event that Frank needs to disclose your Personal Information in a way that is not for purposes related to providing goods or services to you, we will first obtain your explicit consent before doing so.

This does not apply to any situation where Frank is required to disclose Personal Information to law enforcement, a regulatory body, external investigator, or auditor to comply with legal or regulatory compliance purposes.

We Will Take Reasonable Steps To Keep Your Personal Information Safe

We take reasonable steps to keep your Personal Information safe from loss, unauthorized activity, or other misuse. We implement measures to ensure a level of security appropriate to risks inherent in handling your Personal Information. All of the Personal Information submitted to us is secured using 256-bit encryption.

Even with all of the security measures we do have in place, the nature of the Internet and its methods of data transmission means that we cannot guarantee or warrant the security of Personal Information or any other information or data.

You May Have the Legal Right to Ask Us to Disclose to You the Personal Information We Collect, Use, and Disclose, and Opt Out of the Sale of Your Personal Information

If you are a resident of a U.S. state with a privacy law that is applicable to the Personal Information Frank obtains from you, then under such privacy law, you may request Frank to disclose: (i) what Personal Information we have about you, (ii) the types of Personal Information Frank is collecting from you, (iii) what Frank does with that Personal Information, (iv) to delete your Personal Information, and (v) not to sell your Personal Information.

Additional State Privacy Rights

If you live in certain states, you have additional rights on access to information, erasure / deletion of your data, data portability, opting in and out of communications, and non-discrimination. We have summarized your rights below in the following chart and is organized by state. Please click on the state you live in to read more about your rights:

  • California
  • Colorado, Connecticut, Delaware, Maryland, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, Texas, and Virginia
  • Florida
  • Indiana and Tennessee
  • Iowa
  • Utah

Your Personal Information is Stored in the United States

Frank is located in the United States. If you are a resident of any country outside the United States, you understand and agree that Frank stores and processes your Personal Information on computers located in the United States, and that by providing any information to us, you consent to the transfer of such information to the United States.

Frank’s Systems are to be Used Only by Persons in United States

Frank’s systems are to be used only by persons located in the United States and are not designed for use, offered to, or intended to be used by, any persons outside of the United States.

If You Have Questions

Please contact SmartPath Advisors’ CCO, Ryan McPherson, via email: ryan@smartpathadvisors.co.

If you wish to send a physical communication, please send it here:

Ryan McPherson
Re: Frank
Chief Compliance Officer
SmartPath Advisors, LLC
2451 Cumberland PKWY, STE 3954
Atlanta, GA 30339

Please note: Depending on the U.S. Postal Service, or other sending service chosen, physical communications may take multiple days or weeks to arrive. Neither SmartPath Advisors nor Frank have any control over physical communication delivery timelines. While physical communications are in transit, you may still receive non-essential communications as referenced above. Electronic communications are preferred.

Privacy Notice

‍Frank has developed a Privacy Notice, as required under Regulation S-P, to be delivered to clients initially and on an annual basis. The notice discloses Frank AI’s information collection and sharing practices and other required information and has been formatted and drafted to be clear and conspicuous. The notice will be revised as necessary any time information practices change.

Privacy Notice Delivery:

Initial Privacy Notice

As regulations require, all new clients receive an initial Privacy Notice at the time when the client relationship is established; for example on execution of the agreement for services.

Annual Privacy Notice

The GLBA regulations require that disclosure of the Privacy Policy be made on an annual basis. Frank will deliver its annual Privacy Notice in conjunction with the annual offer summary of material changes of its Form ADV Part 2.

Revised Privacy Notice

Regulation S-P requires that Frank amend its Privacy Policy and distribute a revised disclosure to clients if there is a change in Frank’s collection, sharing, or security practices.

AboutPricingBlogFAQ
2451 Cumberland Pkwy SE, Suite 3954, Atlanta, GA 30339
TermsPrivacy Policy

© 2025 All Rights Reserved. Frank is an AI-powered service provided by SmartPath Advisors, LLC, an investment adviser registered with the U.S. Securities and Exchange Commission (SEC). Registration with the Securities and Exchange Commission does not imply a certain level of skill or training. The advice, content, data, guidance, and/or information provided by Frank (collectively, Frank’s content) is based on user inputs, connected accounts, and Frank’s models and research. Frank’s content may contain errors and/or be outdated, and accordingly, Frank’s content should be carefully checked and verified by users prior to use or reliance. Any use or reliance on Frank’s content is at the user’s sole risk. We do not accept, assume, and/or agree to, and we expressly disclaim, any and all responsibility and/or liability for the use of, and/or reliance upon, Frank’s content. Without limiting the foregoing, Frank's content is not, and may not be construed as, legal and/or tax advice. Furthermore, all investing involves potential risk of loss, including the possible loss of principal. Past investment performance is not indicative of future investment performance.