Privacy Policy

Last Updated: February 3, 2022

Copia Wealth Studios Inc. together with its representatives, consultants, employees, officers, and directors (collectively “Copia,”) operates the Copia mobile and/or web application (“App”) and website located at (the “Site”) offering a financial intelligence and wealth management platform that tracks the financial investments and assets to help those with complex portfolios simplify their wealth (together with the Site and App, the “Services”).

Copia respects and protects the privacy of all individuals that access and use our Services. We maintain strict policies to ensure the privacy of those who use our Services or those who may just be visiting (together, the “Users”). This policy (“Privacy Policy”) describes the types of information we may collect from you and our practices for how we collect, use, maintain, protect, and disclose such information. The way that we collect and use your information depends on the way you access the Services or your requests to us. This Privacy Policy also includes a description of certain rights that you may have over information that we may collect from you.

By using the Services, you agree to this Privacy Policy. If you do not agree with our policies and practices, your choice is to not use our Services.


Data Collection Summary

This chart is a summary of data we do collect and have collected over the past 12 months. The rest of this Privacy Policy provides additional information on our privacy practices.

Categories of Personal Information Do we Collect? Do we Disclose for a business purpose? Do we sell?
Identifiers: (Contact details, such as real name, alias, address, telephone number, unique personal identifiers, online identifiers, IP address, email address, and account name) Yes Yes No
Categories of Information described in the California Customer Records statute: (including name, email, and phone number) Yes Yes No
Commercial Information: (Transaction information, purchase history, financial details, payment information, and payment history) Yes Yes No
Inferences Drawn from other Personal Information to Create a Profile About a Consumer: (Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics) No No No
Characteristics of Protected Classifications under California or Federal Law (age, ethnicity, gender, date of birth, and marital status) No No No
Geolocation Data: (device location) Yes Yes No
Internet or other Electronic Network Activity Information:
(Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements)
No No No
Biometric Information: (Fingerprints and voiceprints) No No No
Audio, Visual, or Similar Information: (Images and audio, video, or call recordings created in connection with our business activities) (only with your prior permission) Yes Yes No
Professional or Employment Related Information: (Business contact details in order to provide you our services at a business level, job title as well as work history and professional qualifications) No No No
Non-Public Education Information (per the Family Educational Rights and Privacy Act) (Student records and directory information) No No No


Information that Copia Collects

Types of Information Collected - Personal Data “Personal Data” is information by which you may be personally identified. Copia may collect the following Personal Data from you:
  • Name;
  • Email Address;
  • Phone Number;
  • Bank Account Number;
  • Credit Card or Debit Card Number (through third party payment processor, Stripe or Apple)
Types of Information Collected - Non Personal Data Non-personal data includes any data that cannot be used on its own to identify, trace, or identify a person. We may collect your IP Address, browser type, domain names, access times, device information, or location information.

When non-Personal Data you give to us is combined with Personal Data we collect about you, it will be treated as Personal Data and we will only use it in accordance with this Privacy Policy.
How we collect information. We collect information about you in the following ways:

  1. when you provide it do us directly through an interaction with us; for example
    1. When you register for an account;
    2. When you place a purchase order through the Services;
    3. When you participate in surveys or provide feedback; and
    4. When you contact us regarding service or support requests.
  2. through automated collection methods like cookies or log files; and
  3. when we obtain the information from a third party.
Why we collect and how we use your information. (Legal Basis) We collect and use your Personal Data when we have a legitimate purpose to do so, including the following reasons:
  • to verify your eligibility to use the Services;
  • to confirm your identity to use the Services;
  • to communicate with you about our features or your account;
  • when it is necessary for the general functioning of the Services, including to facilitate orders and payments, or to contact you;
  • when it is necessary in connection with any contract you have entered into with us (including our Terms of Service or when you make a purchase through the Site or App) or to take steps prior to entering into a contract with us;
  • when we have a legitimate interest in processing your information for the purpose of providing or improving our Services;
  • when we have a legitimate interest in using the information for the purpose of contacting you, subject to compliance with applicable law; or
  • when we have a legitimate interest in using the information for the purpose of detecting, and protecting against, breaches of our policies and applicable laws.
We may use aggregated (anonymized) information about our Users, and information that does not identify any individual, without restriction.
Information Collected from Third Parties Information from our service providers: We may receive information about you from third-party service providers that we engage for verification of eligibility, log-in, or marketing our products and services.

Information from social media sites and other publicly available sources: When you interact or engage with us on social media sites through posts, comments, questions and other interactions, we may collect such publicly accessible information, including profile information, to allow us to connect with you, improve our products, or better understand user reactions and issues. We must tell you that once collected, this information may remain with us even if you delete it from the social media sites.
Accessing and Controlling Your Information If you would like to prevent us from collecting your information completely, you should cease use of our Services as our platform does not operate without collecting information. You can also control certain data via these other methods:
  • Opt-out of non-essential electronic communications: You may opt out of receiving promotional notices, newsletters, and other non-essential messages by using the ‘unsubscribe' function included in all such messages or contacting However, you will continue to receive notices and essential transactional emails.
  • Amend information: You may amend certain information in your account by contacting us at
  • Optional information: You can always choose not to fill in non-mandatory fields when you submit any form linked to our services, or not to provide non-mandatory information.
Under the California Consumer Privacy Act residents of the state of California have additional data rights. We provide the same control and rights over your data no matter where you choose to live in the United States. As a user of the Services, you have the following control over your data:
  • Right to access: You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information's source, purpose and period of processing, and the persons to whom the information is shared.
  • Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.
  • Right to erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
  • Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means.
  • Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.
Exercise Your Data Rights

We also recognize that you have the right to prohibit sale of your data, but we do not sell data.

You can exercise the rights described above by making adjustments in your User account or by contacting us at Only you, or an agent authorized to make a request on your behalf, may make a request related to your personal information.

We cannot respond to your request if, (i) we cannot verify your identity; or (ii) your request lacks sufficient details to help us handle the request. We will make our best efforts to respond to your request within 45 days of its receipt. If we cannot respond in 45 days, we will inform you, in writing, the reason for the delay and will respond to your request within 90 days. Any information we provide will only cover the 12-month period preceding the request's receipt.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We are not obligated to provide responses to your data requests more than twice in a 12-month period.

How Long do we Store Personal Data? We will only retain your Personal Data for as long as is reasonably necessary to fulfill the purposes for which it is collected, or to comply with applicable legal requirements, or until you ask us to delete your Personal Data. This length of time may vary according to the nature of your relationship with us. Subject to the foregoing, we will delete your Personal Data after 3 months of nonuse of an account, or immediately on your written request and confirmation to us that you will download or export your data (or acknowledge that you will not download or export your data).
Automated Data Collection Methods; Log Files Log Files: We use means through the Services to collect IP addresses, browser types, access times, physical or device location. We use this information to ensure compliance with various state or federal laws, including by verifying location, and to improve our Services, verify identity, and monitor financial transactions.
Users under the age of 16 Our Services are not intended for anyone under 18, particularly children under 16 years of age and we do not knowingly collect Personal Data from children under 16. If you are under 16, do not use or register on the Services, make any purchases, use any of the interactive or public comment features, or provide any information about yourself to us. If we learn we have collected or received Personal Data from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at the email address listed below.
Do Not Track Settings We do not track our Users over time and across third party websites to provide targeted advertising and do not specifically respond to Do Not Track (“DNT”) signals.


Who We Share Data With

We may use aggregated (anonymized) information about our Users, and information that does not identify any individual, without restriction.

We do not sell or otherwise disclose Personal Data specific personal or transactional information to anyone except as described below.

Third Parties We may, for our legitimate interests, share your information with third parties whom you have designated to us, solely when you have provided us with your prior written authorization to do so.
Affiliates and Subsidiaries We may, for our legitimate interests, share your information with entities under common ownership or control with us who will process your information in a manner consistent with this Privacy Policy and subject to appropriate safeguards. Such parent companies, affiliates, or subsidiaries may be located in the United States.
Successors in Interest We may, for our legitimate interests, share your information with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, in which Personal Data about our Users is among the assets transferred. You will be notified of any such change by a prominent notice displayed on our Services or by e-mail. Any successor in interest to this Privacy Policy will be bound to the Privacy Policy at the time of transfer.
Law enforcement and other governmental agencies We may share your information when we believe in good faith that such sharing is reasonably necessary to investigate, prevent, or take action regarding possible illegal activities or to comply with legal process. This may involve the sharing of your information with law enforcement, government agencies, courts, and/or other organizations.
Service Providers We may, for our legitimate interests, share certain information with contractors, service providers, third party authenticators, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. Some of the functions that our service providers provide are as follows:
  • Host infrastructure and storage;
  • Business analytics services;
  • Identity verification management;
  • Technology and product support;
  • Payment processing and fraud protection;
  • Marketing, sales, and service management.
Some of the functions that our service providers provide are as follows:
  • Google Analytics: We use Google Analytics for Site analytics. Google will use information on our behalf to evaluate the use of our online products and services, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services.
  • Intercom: Intercom is used to communicate with customers on the website, and inside the application while integrating with our system. It is used as a user-initiated chat system.
  • Hubspot: We use Hubspot as our CRM and Marketing Automation tool. Hubspot will store, and manage user data for clients and prospects for marketing and contact information.
  • Mixpanel: We use Mixpanel for app analytics. Mixpanel will track prescribed activities inside the application so we can evaluate user behavior.
  • Canoe: Canoe provides Machine Learning and processing. We utilize their service to augment our internal data processing, and as such integrate their platform into our data ingestion engine.
  • Amazon Web Services: All data hosting is provided by Amazon Web Services. This includes backups, retention, active hosting and future deployment. Amazon secures and manages all data in accordance with industry leading standards.
  • Stripe: Stripe will process all payments on our behalf, when purchased through our Website. They will store necessary data for the facilitation of a transaction.


Third-Party Services and Websites

Copia is not responsible for the privacy policies or other practices employed by websites linked to, or from, or integrated with, our Services nor the information or content contained therein, and we encourage you to read the privacy statements of any linked or integrated third party. This includes sharing information via social media websites.


Users in the European Economic Area (EEA) and the GDPR

For the purposes of data collection under the General Data Protection Regulation (GDPR), Whop shall be the data controller. If you are an individual resident in EEA, you have the following data protection rights regarding personal data:

  • You have the right to access, correct, update or request deletion of your personal data. You can do so at any time by contacting us.
  • You have the right to object to processing of your personal data, to ask us to restrict processing of your personal data, or to request portability of your personal data. Again, you can exercise these rights by contacting us.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us.
  • You have that right to revoke consent that was previously given. If we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your Personal Data.

For more information, please contact your local data protection authority. If you would like to exercise any of the above rights, please contact or through our Chief Privacy Officer at


Users in Canada and the Personal Information Protection and Electronic Documents Act (PIPEDA)

The Personal Information Protection and Electronic Documents Act is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In order to comply with PIPEDA, our business needs to follow the 10 fair information principles, which outline the standards for the collection, use, and disclosure of personal information and user’s rights. The 10 principles include:

  • Accountability. Organizations are responsible for the personal information they store and need to appoint someone to ensure the organization is compliant with the 10 principles.
  • Identifying purposes. Organizations need to state the purposes for data collection before or at the time of data collection.
  • Consent. Organizations need to obtain implicit or explicit meaningful consent in order to collect, share, and use personal information from users. Organizations can choose to implement either opt-in or opt-out measures in order to obtain consent, depending on the sensitivity of the personal information they have collected.
  • Limiting collection. Organizations need to only collect the necessary amount of information for processing purposes.
  • Limiting use, disclosure, and retention. Organizations need to use personal information only for their stated purposes unless the users give additional consent.
  • Accuracy. Organizations need to keep personal information accurate, complete, and up to date.
  • Safeguards. Organizations need to implement safety measures to protect the personal data.
  • Openness. Organizations need to be transparent to the public about their data handling. They can apply the openness principle by including a privacy policy on their website.
  • Individual access. Organizations need to honor their users’ rights in accessing, reviewing, and correcting personal information.
  • Challenging compliance. Individuals have the right to challenge an organization’s compliance with these 10 principles. Individuals should address their inquiries to the person responsible for the organization’s compliance with PIPEDA or the chief privacy officer.

For more information, please contact your local data protection authority. If you would like to exercise any of the above rights, please contact or through our Chief Privacy Officer at


Data Storage and How Copia Protects Your Information

Copia stores basic User data on our servers including name, email, phone number, address, and username. Personal Data about Users is stored within the United States and is protected by adequate international transfer agreements if necessary. If you are using the Services from other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your Personal Data to the United States. The United States may have laws which are different, and potentially not as protective, as the laws of your own country. By providing your Personal Data, you consent to any transfer and processing in accordance with this Privacy Policy. For the avoidance of doubt, our platform is not intended for any users outside of the United States.

Copia employs physical, electronic, and managerial control procedures to safeguard and help prevent unauthorized access to your information. We choose these safeguards based on the sensitivity of the information that we collect, process and store and the current state of technology. Our outsourced service providers who support our operations are also vetted to ensure that they too have the appropriate organizational and technical measures in place to protect your information.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your information transmitted to the Services. Any transmission of information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services. In the event that there is breach in the information that we hold; we shall notify of such breach via email or via notice on the Services.


Changes to the Privacy Policy

It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat our Users’ Personal Data, we will notify you by email to the primary email address that you provided to us or through a prominent notice on the Site. Such changes will be effective when posted. The date the Privacy Policy was last revised is identified at the top of the page. Your continued use of our Services following the posting of any modification to this Privacy Policy shall constitute your acceptance of the amendments to this Privacy Policy. You can choose to discontinue use of the Service if you do not accept any modified version of this Privacy Policy.


Questions or Comments

If you have any questions or comments about this Privacy Policy, or if you would like to file a request about the data we hold or file a deletion request, please contact us by email at