← Back to Home

Trust Center

Transparency, Security, and Compliance at BuckGuru

Last Updated: January 11, 2026

Our Commitment to You

BuckGuru is an AI-powered financial education and coaching platform. We are committed to transparency about how we operate, protect your data, and maintain compliance with applicable regulations.

This Trust Center provides an overview of our security practices, privacy controls, regulatory positioning, and the technical safeguards we have implemented.

Platform Disclosure Brochure: For detailed information modeled after industry-standard disclosures, see our Platform Disclosure Brochure.

1. Regulatory Positioning

Important: BuckGuru is a financial education platform, not a registered investment adviser.

Service Classification

BuckGuru provides AI-powered financial coaching and educational content designed to help users understand financial concepts and make informed decisions. Our service is explicitly designed to operate within the educational exemption of the Investment Advisers Act of 1940.

What We Are

  • A financial education and coaching platform
  • An AI-powered tool for learning about personal finance
  • A resource for general financial literacy
  • A platform that encourages consultation with licensed professionals

What We Are Not

  • A registered investment adviser (RIA)
  • A broker-dealer
  • A fiduciary to our users
  • A replacement for professional financial, legal, or tax advice

Terminology Standards

We maintain strict terminology standards throughout our platform to clearly communicate our educational nature:

Terminology standards comparison
We UseInstead OfRationale
Financial coachFinancial advisor"Advisor" is regulated
Financial educationFinancial advice"Advice" implies advisory
GuidanceRecommendationsGuidance is educational

2. AI Transparency & Safety

AI System Overview

BuckGuru uses advanced AI language models to provide personalized financial education. Our AI coaches are designed with safety and compliance as core principles.

Built-in Compliance Guardrails

Every AI interaction is governed by explicit compliance boundaries embedded in our system. Our AI is designed to:

  • Never recommends specific securities (individual stocks, bonds, or ETFs) to buy or sell
  • Never provides specific portfolio allocations tailored to individual users
  • Never tells users what to do with their money - educates on options and considerations
  • Uses educational language ("Some people consider..." vs "You should...")
  • Always encourages consultation with licensed financial professionals
  • Redirects specific investment questions to general education

AI Tool Safeguards

All AI tools that access external data include embedded compliance guardrails:

  • Market Data Tools: Provide factual prices and returns only - never buy/sell recommendations
  • Web Search Tools: Present third-party information objectively - not as investment advice
  • Educational Framing: All external data is framed for educational purposes only

Voice Mode Compliance

Voice-enabled sessions maintain identical compliance standards as text chat. Voice AI coaches are instructed to:

  • Maintain a warm, professional, educational tone
  • Apply all standard compliance guardrails
  • Redirect investment advice questions to general education

AI Ethics Principles

  • Transparency: Users are always aware they are interacting with AI
  • User Control: Users can control their AI interactions and data
  • Fairness: AI responses are designed to be helpful to all users regardless of background
  • No False Credentials: AI coach personas do not claim professional credentials (CPA, CFP, etc.) that could imply licensed advisory status
  • Continuous Monitoring: AI outputs are monitored for compliance drift

Note: While our AI is designed with these guardrails, no AI system is perfect. We encourage users to exercise judgment and consult licensed professionals for specific financial decisions.

3. Security

We implement comprehensive security measures to protect your data and ensure platform integrity.

Data Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256)

Authentication

Secure authentication with NextAuth.js, role-based access control (RBAC)

Access Control

Granular permissions system with six distinct roles and 15+ permission types

Infrastructure

Hosted on enterprise-grade cloud infrastructure with DDoS protection

Vulnerability Management

Regular security assessments, dependency scanning, and automated security testing

Incident Response

Documented incident response procedures with defined notification timelines

Security Testing Program

  • Automated security testing in CI/CD pipeline
  • SQL injection prevention testing
  • Cross-site scripting (XSS) protection testing
  • Cross-site request forgery (CSRF) protection
  • Dependency vulnerability scanning

4. Privacy & Data Protection

Data Handling

  • Data Minimization: We collect only the data necessary to provide our service
  • Purpose Limitation: Data is used only for stated purposes
  • User Rights: Full support for access, correction, deletion, and portability
  • Retention: Data retained only as long as necessary

AI Data Practices

  • Conversation data is isolated between users
  • AI interactions are processed through secure, enterprise-grade providers
  • Users can request deletion of their conversation history at any time

Compliance Frameworks

  • CCPA/CPRA: Full compliance for California residents
  • GDPR: Applicable protections for EU users

For complete details, see our Privacy Policy.

5. Technical Compliance Controls

We maintain a comprehensive set of technical controls to ensure our platform operates within its educational mandate.

Technical compliance controls status
ControlStatusVerification
AI System PromptsImplementedCode review, QA tests
AI Tool GuardrailsImplementedCode review, QA tests
Terminology StandardsImplementedGrep audit, code review
Terms of ServiceImplementedLegal review
Privacy PolicyImplementedLegal review
UI DisclaimersImplementedVisual QA
First-Use AcknowledgmentImplementedE2E tests
Voice Mode ComplianceImplementedCode review
Automated TestingImplementedCI pipeline

Prohibited Activities

Our technical controls are designed to prevent the following activities:

  • Specific security recommendations (buy/sell X stock)
  • Personalized portfolio allocations
  • Market timing signals
  • Claims of being a registered advisor
  • Implying fiduciary relationship

6. Certifications & Standards

Current Alignments

  • OWASP Top 10: Security controls aligned with OWASP guidelines
  • NIST Cybersecurity Framework: Security practices aligned with NIST guidelines

Roadmap

  • SOC 2 Type II: Pursuing certification for enterprise customers
  • ISO 27001: Under evaluation for international operations

Enterprise Inquiries: For detailed security questionnaires, vendor risk assessments, or enterprise-specific compliance documentation, please contact security@buckguru.com.

7. Safe Harbor Activities

Our platform explicitly supports these unregulated educational activities:

Safe harbor educational activities
ActivityDescription
General financial educationTeaching financial concepts and principles
Budgeting guidanceHelping users understand and create budgets
Debt reduction strategiesEducational content on managing and reducing debt
Savings goal settingTools and education for setting savings goals
Credit score educationUnderstanding how credit scores work
Retirement account typesEducational content on 401(k), IRA, Roth, etc.
Insurance conceptsUnderstanding different types of insurance
Tax optimization conceptsGeneral education on tax-advantaged strategies

8. Legal Disclaimers

Investment Disclaimer

The information provided through BuckGuru is for informational and educational purposes only and is not intended as investment advice or a recommendation to buy or sell any security. All investments carry risk and may result in loss. Past performance is not indicative of future results.

You should consult with a qualified financial advisor before making any investment decisions.

Additional Notices

  • No Fiduciary Relationship: BuckGuru does not establish a fiduciary relationship with users
  • Educational Purpose: All content is provided for educational purposes
  • Professional Consultation: Users are encouraged to seek professional advice for specific situations
  • Beta Status: The service is currently in beta and may contain errors or issues

For complete terms, see our Terms of Service.

9. Maintenance & Review

We maintain our compliance controls through regular review and updates:

  • Quarterly: Review AI outputs for compliance drift
  • Annually: Full legal review of Terms of Service and disclaimers
  • On Change: Any modification to AI prompts requires compliance review
  • Ongoing: Monitor SEC/state regulatory guidance on AI financial services

Next scheduled review: Q2 2026

10. Contact Us

We welcome questions about our security, privacy, and compliance practices:

Security Inquiries

Vulnerability reports, security questionnaires

security@buckguru.com

Privacy Inquiries

Data requests, privacy rights

privacy@buckguru.com

Compliance Questions

Regulatory, legal inquiries

legal@buckguru.com

General Inquiries

Other trust-related questions

hello@buckguru.com

Note: This Trust Center is for informational purposes and does not create warranties beyond those stated in our Terms of Service. BuckGuru has implemented controls designed to maintain its status as a financial education platform. Regulatory frameworks evolve, and we commit to updating our practices accordingly.

Current as of January 11, 2026. This Trust Center is reviewed quarterly.