family privacy policy AI

Updating Our Privacy Policy: Considering AI Tools

Much of our work involves organizing, validating, and reporting on complex financial information for the families we serve. We gather data from investment statements, custodians, accounting records, spreadsheets, manager reports, and other client documents, then turn that information into clear reporting and better decision-making support. Because privacy and confidentiality are central to that work, we’ve updated our privacy policy to more clearly explain how we collect, use, protect, and process client information, including how we use artificial intelligence (AI) in selected workflows.

Our Privacy Policy

Why We Updated Our Privacy Policy

Technology is changing quickly, and AI is now part of many modern business workflows. For a family office, this creates both opportunity and responsibility.

AI tools can help improve accuracy, speed, and productivity, especially when working with large volumes of financial data. But sensitive financial information also requires careful handling, clear boundaries, and strong governance.

Our updated privacy policy is intended to explain:

  • what information we collect; 
  • why we collect it; 
  • how we protect it; 
  • how we use technology platforms such as Google Drive, Addepar, QuickBooks Online, and selected AI tools; 
  • information restricted from AI workflows; 
  • how clients can customize their own privacy and AI preferences. 

Why We Collect Information

The nature of family office work requires us to collect and organize detailed personal, financial, and operational information. This may include information about family members, entities, trusts, corporations, foundations, investment accounts, advisors, custodians, tax records, transactions, and financial reports.

We collect this information for practical reasons, including:

  • preparing consolidated financial and investment reports; 
  • maintaining bookkeeping and administrative records; 
  • coordinating with accountants, lawyers, investment advisors, private bankers, trustees, custodians, and other authorized professionals; 
  • supporting tax preparation, audit requests, estate planning, philanthropic planning, and investment policy documentation; 
  • monitoring data quality and identifying discrepancies; 
  • protecting client confidentiality and maintaining appropriate access controls. 

We do not sell, rent, or trade client information. Information is used only where reasonably connected to providing services, where authorized by the client, where required by law, or where otherwise permitted by applicable privacy legislation.

How AI Fits into Our Work

AI is not a replacement for professional judgment. It is a productivity tool that helps us process information more efficiently.

In our work, AI can be useful because family office reporting often involves a large amount of fragmented information. A single client may have multiple accounts, entities, advisors, currencies, PDF statements, spreadsheets, and investment reports. Bringing that data together requires careful review and validation.

We currently use, or may use, AI in areas such as:

  • Data and report validation: helping cross-check figures, identify inconsistencies, and validate data used in reporting workflows. 
  • Coding and automation: helping write, test, and debug scripts that extract, parse, and organize data from statements and reports. 
  • Summarizing reports: helping extract key insights from lengthy investment manager reports, market commentaries, meeting notes, and slide decks. 
  • Investment screening and due diligence: helping categorize and review large volumes of investment materials, manager presentations, and supporting documents. 
  • Building client tools: helping develop tools that allow clients to better understand their financial life, including tools that may eventually answer questions about their portfolio and financial records. 

Used carefully, AI can help reduce manual work, improve consistency, and allow our team to spend more time on analysis, judgment, and client service.

What AI Does Not Do

Our updated policy makes an important distinction: AI may assist with workflows, but it does not make decisions for clients.

We do not use AI to make automated:

  • investment decisions; 
  • legal decisions; 
  • tax decisions; 
  • credit or eligibility decisions.

AI outputs are treated as drafts, tools, or inputs. They’re subject to human review before being used in client deliverables, reporting, bookkeeping, or decision-making.

Protecting Information Used in AI Workflows

Our updated privacy policy includes boundaries around how AI tools may be used. These safeguards are designed to protect sensitive information while still allowing us to use modern tools responsibly.

Key protections include:

  • using business-grade, enterprise-grade, or API-based tools where available; 
  • configuring tools, where available, to prevent client content from being used to train public AI models; 
  • limiting vendor human review where available through appropriate settings and contractual terms; 
  • treating AI-generated outputs as confidential information; 
  • restricting access to information on a need-to-know basis; 
  • keeping certain highly sensitive documents outside AI workflows. 

Our policy is not to upload account-opening documents, Social Insurance Numbers, or tax documents to AI platforms unless specifically authorized, legally required, or approved under a documented exception process.

Need-to-Know Access

Controlled access is a major theme of our updated privacy policy.

Client information is not made broadly available across our firm or to outside parties. Access is restricted based on role, responsibility, and operational need.

That means:

  • staff access is limited to the work they need to perform; 
  • external advisors only receive information relevant to their mandate; 
  • family members only receive access where authorized by the client; 
  • sharing permissions for folders and documents are used deliberately ; 
  • access is reviewed, modified, or revoked when circumstances change. 

This approach reflects the practical reality of family office work: collaboration is necessary, but access should be specific, intentional, and limited.

Security Safeguards

Our updated privacy policy also describes the safeguards we use to protect client information.

These include:

  • Multi-factor authentication: helping protect access to cloud systems, email, document repositories, and financial platforms. 
  • Role-based access: restricting information based on function and need. 
  • Password management: requiring strong, unique credentials and secure handling of passwords. 
  • Access reviews: periodically reviewing permissions for key systems and document repositories. 
  • Offboarding procedures: removing access when employees, contractors, advisors, or representatives no longer require it. 
  • Staff training: reinforcing expectations around privacy, confidentiality, phishing awareness, secure document handling, AI use, and incident escalation. 
  • Incident response: maintaining procedures to identify, assess, contain, investigate, and respond to privacy or security incidents. 

No privacy framework can eliminate every risk, but strong procedures reduce risk and create accountability.

Client Choice and Customization

One of the most important parts of our updated policy is client choice.

Different clients have different expectations about technology, privacy, document storage, and AI. Some clients may be comfortable using Markdale’s default secure Google Drive environment. Others may prefer that we work within their own Microsoft SharePoint, Box, Citrix ShareFile, or other secure document environment.

Similarly, clients may choose different levels of AI integration.

Our updated policy contemplates options such as:

  • full AI-assisted workflow optimization; 
  • restricted AI use for selected administrative, coding, or summarization purposes; 
  • complete AI opt-out, with manual workflows only. 

This reflects our view that privacy and technology should not be one-size-fits-all. Clients should be able to understand the trade-offs and choose the approach that best fits their family, governance structure, and comfort level.

Building on Existing Confidentiality Commitments

Our updated privacy and AI policies build on the confidentiality obligations already embedded in our client relationships, engagement letters, and non-disclosure agreements.

For many families, privacy is not just a compliance issue. It is part of the trust required to work across generations, entities, family members, professional advisors, and sensitive financial decisions.

That is why our privacy framework covers not only legal compliance, but also practical governance: who has access, why they have access, how information is used, how long information is retained, and what happens if a privacy issue arises.

Innovation With Judgment

AI is becoming part of the modern administrative and reporting infrastructure of many businesses. For Markdale, the question is not whether technology should be used, but how it should be governed.

We believe family offices need to remain competitive, productive, and innovative. We also believe we must handle sensitive financial information carefully, with clear limits, strong controls, and human judgment.

Our updated privacy policy aims to balance both priorities.

Print Friendly, PDF & EmailClick Here to Get PDF

Related posts:

  1. Beyond the Balance Sheet: Who We Serve (and why)

Stay in the Loop

We’d love to keep you updated! Sign up to get our latest updates, quick highlights, and a peek at what’s happening on our socials.