Our Privacy Commitment

Aurea Investments, LLC ("Aurea," "we," "us," or "our") is committed to protecting your privacy. As a state-registered investment adviser (Wisconsin DFI, CRD #336580), we are subject to federal privacy regulations including the Gramm-Leach-Bliley Act (GLBA) and Regulation S-P. This policy describes how we collect, use, share, and protect your personal information.

Your Privacy Rights: Do Not Sell or Share

We do not sell or share your personal information.

Aurea Investments does not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising purposes. Because we do not engage in these practices, there is no need to opt out. However, if our practices change, we will update this policy and provide you with the ability to exercise your rights.

We honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out request for any future sale or sharing of your personal information.

1. Information We Collect

Information You Provide:

Identity Information: Name, email address, phone number
Financial Information: Portfolio size ranges (not exact amounts), general allocation preferences, current advisor type
Communications: Messages you send us, survey responses, feedback

Information Collected Automatically:

Device Information: IP address, browser type, operating system
Usage Information: Pages visited, time spent, referral source
Cookies and Tracking: Session data, preferences, analytics identifiers

Sensitive Personal Information:

We may collect certain sensitive personal information as necessary to provide investment advisory services, including Social Security numbers (for account setup only) and financial account information. This information is collected only with your explicit consent and is subject to enhanced security measures.

2. How We Use Your Information

Service Delivery: To provide investment advisory services and portfolio analysis
Communications: To send educational content, market insights, and newsletters (with your consent)
Client Support: To respond to your inquiries and provide customer service
Service Improvement: To improve our services, website, and user experience
Legal Compliance: To comply with SEC, FINRA, and other regulatory requirements
Security: To detect, prevent, and respond to fraud or security incidents

3. Information Sharing

We never sell your personal information to third parties.

We may share information with the following categories of recipients:

Service Providers:

Resend: Email delivery services for newsletters and communications
Google Analytics: Website traffic analysis and performance monitoring
Hotjar: User experience analysis and website optimization
Microsoft Azure: Secure cloud hosting and data storage
Anthropic: Research and analysis tools (no data retained)

Legal and Regulatory:

SEC, FINRA, or other regulatory authorities when required
Law enforcement pursuant to valid legal process
Courts or administrative agencies in response to subpoenas or court orders

Business Transfers:

In connection with a merger, acquisition, or sale of assets, with notice to you

With Your Consent:

When you explicitly authorize sharing for a specific purpose

Opt-Out Right (GLBA):

Under the Gramm-Leach-Bliley Act, you have the right to opt out of having your nonpublic personal information shared with non-affiliated third parties for marketing purposes. We do not currently share information in this manner. If our practices change, we will provide you with an opt-out notice before any such sharing occurs.

4. Data Retention

We retain your personal information for the following periods:

Data Category	Retention Period	Reason
Client records and communications	5 years after relationship ends	SEC Rule 204-2 compliance
Investment advisory agreements	5 years after termination	SEC Rule 204-2 compliance
Marketing contact information	Until unsubscribe + 1 year	Honor opt-out requests
Website analytics data	26 months	Service improvement
Newsletter engagement data	3 years	Content optimization
Security and access logs	1 year	Security monitoring

After the retention period expires, we securely delete or anonymize your information unless a longer retention period is required by law or for legitimate business purposes.

5. Data Security

We maintain a comprehensive written information security program as required by the GLBA Safeguards Rule and SEC Regulation S-P. Our security measures include:

Encryption: TLS/SSL encryption for all data in transit; AES-256 encryption for data at rest
Access Controls: Role-based access, multi-factor authentication for administrative systems
Network Security: Firewalls, intrusion detection, and strict Content Security Policy (CSP)
Vendor Management: Security assessments and contractual data protection requirements for all service providers
Employee Training: Regular security awareness training for all personnel
Regular Audits: Periodic security assessments and vulnerability testing

Service Provider Security Requirements:

We require all service providers who access customer information to maintain appropriate security measures, enter into written agreements with data protection obligations, and notify us within 72 hours of any security incident that may affect your information.

6. Incident Response and Breach Notification

We maintain a written incident response program designed to detect, respond to, and recover from unauthorized access to or use of customer information, as required by SEC Regulation S-P.

Breach Notification: In the event of a security incident involving unauthorized access to your sensitive personal information that is reasonably likely to cause substantial harm or inconvenience, we will notify you within 30 days of discovering the incident. The notification will include:

A description of the incident and the types of information involved
Contact information for questions or additional information
Steps you can take to protect yourself from potential harm
Information about the steps we are taking in response

7. Marketing Communications

We only send marketing emails with your explicit consent. All marketing emails:

Require double opt-in confirmation before you receive them
Include clear unsubscribe links in every message
Honor unsubscribe requests within 24 hours
Are sent through CAN-SPAM compliant email service providers

Unsubscribing from marketing communications will not affect transactional messages related to your account or our advisory relationship.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Cookies: Required for website functionality and security
Analytics Cookies: To understand how visitors use our site (Google Analytics)
Experience Cookies: To improve user experience (Hotjar)

Your Choices: You can control cookies through your browser settings or by enabling Global Privacy Control (GPC) in your browser. Disabling cookies may affect website functionality. We do not respond to Do Not Track (DNT) browser signals, but we do honor GPC signals as opt-out requests.

9. Your Privacy Rights

Depending on your location, you may have the following rights:

All Users:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Opt-Out: Unsubscribe from marketing communications at any time

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions (such as legal retention requirements).
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, you will have the right to opt out.
Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of your sensitive personal information to only what is necessary to provide our services.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

How to Submit a Request:

To exercise your California privacy rights, submit a verifiable consumer request by:

Email: privacy@aureainvestmentsco.com
Phone: (414) 236-6960 ext. 800
Mail: 342 N Water St Suite 600, Milwaukee, WI 53202

We will verify your identity before processing your request. We will respond to verifiable requests within 45 days. If we need additional time, we will notify you of the extension (up to 90 days total).

Authorized Agents:

You may designate an authorized agent to submit requests on your behalf. We will require written authorization from you and verification of the agent's identity.

Categories of Personal Information Collected (Past 12 Months):

Identifiers: Name, email, phone, IP address
Financial Information: Portfolio size ranges, investment preferences
Internet Activity: Website browsing, email engagement
Inferences: Investment interests based on your interactions

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 18, we will delete it promptly. If you believe we have collected information from a child, please contact us immediately.

12. International Users

Our services are intended for U.S. residents. If you access our website from outside the United States, you consent to the transfer and processing of your information in the United States, which may have different data protection laws than your country of residence.

13. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the new policy on this page and updating the effective date. For significant changes, we will provide additional notice via email or a prominent notice on our website. Your continued use of our services after any changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

Aurea Investments, LLC

342 N Water St Suite 600

Milwaukee, WI 53202

Privacy Inquiries: privacy@aureainvestmentsco.com

Phone: (414) 236-6960 ext. 800

Visit our contact page for more options.

15. Regulatory Information

Aurea Investments, LLC is a state-registered investment adviser with the Wisconsin Department of Financial Institutions (DFI). Registration does not imply a certain level of skill or training.

CRD Number: #336580
Form ADV: Our Form ADV Part 2A (Firm Brochure) contains important information about our advisory services, fees, and business practices. Available at Form ADV Part 2A
IAPD: Additional information is available on the SEC's Investment Adviser Public Disclosure website

This privacy policy is provided by Aurea Investments, LLC, a Wisconsin-registered investment adviser (CRD #336580). We are committed to protecting your privacy and complying with all applicable data protection laws, including the Gramm-Leach-Bliley Act (GLBA), SEC Regulation S-P, and the California Consumer Privacy Act (CCPA/CPRA).

Last updated: December 9, 2025

Our Privacy Commitment

Your Privacy Rights: Do Not Sell or Share

We do not sell or share your personal information.

We honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out request for any future sale or sharing of your personal information.

1. Information We Collect

Information You Provide:

Identity Information: Name, email address, phone number
Financial Information: Portfolio size ranges (not exact amounts), general allocation preferences, current advisor type
Communications: Messages you send us, survey responses, feedback

Information Collected Automatically:

Device Information: IP address, browser type, operating system
Usage Information: Pages visited, time spent, referral source
Cookies and Tracking: Session data, preferences, analytics identifiers

Sensitive Personal Information:

2. How We Use Your Information

Service Delivery: To provide investment advisory services and portfolio analysis
Communications: To send educational content, market insights, and newsletters (with your consent)
Client Support: To respond to your inquiries and provide customer service
Service Improvement: To improve our services, website, and user experience
Legal Compliance: To comply with SEC, FINRA, and other regulatory requirements
Security: To detect, prevent, and respond to fraud or security incidents

3. Information Sharing

We never sell your personal information to third parties.

We may share information with the following categories of recipients:

Service Providers:

Resend: Email delivery services for newsletters and communications
Google Analytics: Website traffic analysis and performance monitoring
Hotjar: User experience analysis and website optimization
Microsoft Azure: Secure cloud hosting and data storage
Anthropic: Research and analysis tools (no data retained)

Legal and Regulatory:

SEC, FINRA, or other regulatory authorities when required
Law enforcement pursuant to valid legal process
Courts or administrative agencies in response to subpoenas or court orders

Business Transfers:

In connection with a merger, acquisition, or sale of assets, with notice to you

With Your Consent:

When you explicitly authorize sharing for a specific purpose

Opt-Out Right (GLBA):

4. Data Retention

We retain your personal information for the following periods:

Data Category	Retention Period	Reason
Client records and communications	5 years after relationship ends	SEC Rule 204-2 compliance
Investment advisory agreements	5 years after termination	SEC Rule 204-2 compliance
Marketing contact information	Until unsubscribe + 1 year	Honor opt-out requests
Website analytics data	26 months	Service improvement
Newsletter engagement data	3 years	Content optimization
Security and access logs	1 year	Security monitoring

After the retention period expires, we securely delete or anonymize your information unless a longer retention period is required by law or for legitimate business purposes.

5. Data Security

We maintain a comprehensive written information security program as required by the GLBA Safeguards Rule and SEC Regulation S-P. Our security measures include:

Encryption: TLS/SSL encryption for all data in transit; AES-256 encryption for data at rest
Access Controls: Role-based access, multi-factor authentication for administrative systems
Network Security: Firewalls, intrusion detection, and strict Content Security Policy (CSP)
Vendor Management: Security assessments and contractual data protection requirements for all service providers
Employee Training: Regular security awareness training for all personnel
Regular Audits: Periodic security assessments and vulnerability testing

Service Provider Security Requirements:

6. Incident Response and Breach Notification

We maintain a written incident response program designed to detect, respond to, and recover from unauthorized access to or use of customer information, as required by SEC Regulation S-P.

A description of the incident and the types of information involved
Contact information for questions or additional information
Steps you can take to protect yourself from potential harm
Information about the steps we are taking in response

7. Marketing Communications

We only send marketing emails with your explicit consent. All marketing emails:

Require double opt-in confirmation before you receive them
Include clear unsubscribe links in every message
Honor unsubscribe requests within 24 hours
Are sent through CAN-SPAM compliant email service providers

Unsubscribing from marketing communications will not affect transactional messages related to your account or our advisory relationship.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Cookies: Required for website functionality and security
Analytics Cookies: To understand how visitors use our site (Google Analytics)
Experience Cookies: To improve user experience (Hotjar)

9. Your Privacy Rights

Depending on your location, you may have the following rights:

All Users:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Opt-Out: Unsubscribe from marketing communications at any time

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions (such as legal retention requirements).
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, you will have the right to opt out.
Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of your sensitive personal information to only what is necessary to provide our services.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

How to Submit a Request:

To exercise your California privacy rights, submit a verifiable consumer request by:

Email: privacy@aureainvestmentsco.com
Phone: (414) 236-6960 ext. 800
Mail: 342 N Water St Suite 600, Milwaukee, WI 53202

Authorized Agents:

You may designate an authorized agent to submit requests on your behalf. We will require written authorization from you and verification of the agent's identity.

Categories of Personal Information Collected (Past 12 Months):

Identifiers: Name, email, phone, IP address
Financial Information: Portfolio size ranges, investment preferences
Internet Activity: Website browsing, email engagement
Inferences: Investment interests based on your interactions

11. Children's Privacy

12. International Users

13. Changes to This Policy

14. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

Aurea Investments, LLC

342 N Water St Suite 600

Milwaukee, WI 53202

Privacy Inquiries: privacy@aureainvestmentsco.com

Phone: (414) 236-6960 ext. 800

Visit our contact page for more options.

15. Regulatory Information

Aurea Investments, LLC is a state-registered investment adviser with the Wisconsin Department of Financial Institutions (DFI). Registration does not imply a certain level of skill or training.

CRD Number: #336580
Form ADV: Our Form ADV Part 2A (Firm Brochure) contains important information about our advisory services, fees, and business practices. Available at Form ADV Part 2A
IAPD: Additional information is available on the SEC's Investment Adviser Public Disclosure website

Last updated: December 9, 2025

Privacy Policy

Our Privacy Commitment

Your Privacy Rights: Do Not Sell or Share

1. Information We Collect

Information You Provide:

Information Collected Automatically:

Sensitive Personal Information:

2. How We Use Your Information

3. Information Sharing

Service Providers:

Legal and Regulatory:

Business Transfers:

With Your Consent:

Opt-Out Right (GLBA):

4. Data Retention

5. Data Security

Service Provider Security Requirements:

6. Incident Response and Breach Notification

7. Marketing Communications

8. Cookies and Tracking Technologies

9. Your Privacy Rights

All Users:

10. California Privacy Rights (CCPA/CPRA)

How to Submit a Request:

Authorized Agents:

Categories of Personal Information Collected (Past 12 Months):

11. Children's Privacy

12. International Users

13. Changes to This Policy

14. Contact Us

15. Regulatory Information

Privacy Policy

Our Privacy Commitment

Your Privacy Rights: Do Not Sell or Share

1. Information We Collect

Information You Provide:

Information Collected Automatically:

Sensitive Personal Information:

2. How We Use Your Information

3. Information Sharing

Service Providers:

Legal and Regulatory:

Business Transfers:

With Your Consent:

Opt-Out Right (GLBA):

4. Data Retention

5. Data Security

Service Provider Security Requirements:

6. Incident Response and Breach Notification

7. Marketing Communications

8. Cookies and Tracking Technologies

9. Your Privacy Rights

All Users:

10. California Privacy Rights (CCPA/CPRA)

How to Submit a Request:

Authorized Agents:

Categories of Personal Information Collected (Past 12 Months):

11. Children's Privacy

12. International Users

13. Changes to This Policy

14. Contact Us

15. Regulatory Information