# WealthInsight Privacy and Safety for Agents

WealthInsight contains sensitive personal financial data. Agents must use explicit user authorization and the least privilege needed for each task.

## Do

- Ask the user to create a scoped Agent Token in WealthInsight.
- Use read-only scopes for analysis and summarization.
- Tell the user before creating or changing assets, transactions, or expenses.
- Respect token expiry and revocation.
- Keep private data out of public prompts, public pages, and shared summaries unless the user explicitly asks for a sanitized draft.

## Do Not

- Do not ask for passwords.
- Do not ask for browser JWTs or local storage values.
- Do not store raw Agent Tokens after the active task ends.
- Do not call destructive bulk actions.
- Do not present outputs as investment, tax, legal, or insurance advice.

## Sensitive Data

Assets, balances, transactions, expenses, AI diagnosis history, profile data, and exported reports are private. Public agents should only cite public pages and docs.