Using AI-Powered Investment Tools: Is Your Data Secure? A Privacy Checklist for Hong Kong Investors
AI investment tools may access three layers of sensitive data when handling your queries. Based on the latest PCPD, SFC and HKMA frameworks, this article sets out four assessment criteria and a five-point privacy checklist to help protect your data.
TL;DR: When AI investing tools handle your queries, they simultaneously come into contact with three layers of sensitive data: conversation content, access credentials, and behavioral traces. Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD), the Securities and Futures Commission (SFC), and the Hong Kong Monetary Authority (HKMA) have issued frameworks in succession, requiring financial AI tools to meet clear standards on privacy, transparency, and human intervention. As a user, you can proactively safeguard your data by applying the four evaluation dimensions and the privacy checklist in this article.
You’ve just entered a query into an AI tool: “30% of my position is concentrated in tech stocks—given the recent pullback, should I trim?” It looks like an ordinary sentence, yet it contains a lot of information: you have equity holdings, you hold tech stocks, your current allocation, and your uncertainty about recent volatility. If you use the same AI tool over a long period, these queries can accumulate into a fairly complete picture of your personal investing profile. Where does this data flow? Who is authorized to read it? How will the provider use it? These are not hypothetical questions—they are questions every investor using AI investing tools should take seriously and be able to answer.
What data of yours is flowing through AI tools
When you use AI investing tools, data flows are more complex than you might expect. Broadly, they can be divided into three layers.
The first layer is the query content itself. Every sentence you type reveals your financial situation, investment logic, and decision preferences. A single query may seem harmless, but long-term conversation records can be pieced together into a personal investing profile—including the analytical frameworks you tend to use, the sectors you prefer, and even your psychological state during market swings. The sensitivity of this information is no less than that of a financial disclosure.
The second layer is access credentials, including API keys, OAuth authorizations, and cookies. These credentials are the “keys” that allow AI tools to access your account data. If they leak, someone could read your positions, review your order history, and—under some configurations—even execute trade instructions. Users often underestimate this layer of risk, because authorization is so convenient at the moment you set it up that few people carefully examine the scope and validity period of what they are granting.
The third layer is behavioral traces. When you make queries, what you click, how long you stay on a particular answer, whether you adopt the AI’s suggestions… these details may seem trivial, but they are important inputs for providers to improve models, understand user preferences, and even perform ad targeting. This layer of data flow is usually mentioned in the terms of service, but few users read that far when setting up an account.
The sensitivity of these three layers differs, but in everyday user experience they are often blended together, making boundaries hard to distinguish. Understanding this layered structure is necessary preparation before evaluating any AI investing tool.
The direction set by Hong Kong regulators
In response to the rapid penetration of AI into financial services, Hong Kong’s three main regulators have issued concrete guidance in succession, providing reference frameworks for the industry and for users.
PCPD’s Artificial Intelligence: Model Framework on Personal Data Protection
On 11 June 2024, Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD) published Artificial Intelligence (AI): Model Framework on Personal Data Protection. The framework is grounded in the Personal Data (Privacy) Ordinance and incorporates the seven AI Ethical Principles formulated in 2021. It provides good-practice recommendations for organizations procuring, deploying, or using AI systems. (Source: PCPD: Press Release on “Artificial Intelligence (AI): Model Framework on Data Privacy Protection”)
The framework’s core requirements include: the data minimization principle (collect only the minimum data necessary to achieve the purpose), users’ right to be informed (explain in clear, understandable language how the AI system is used and the associated risks), and mechanisms for human intervention (select an appropriate model of human oversight based on the level of risk). Although the framework is primarily addressed to organizations, the principles it sets out are equally useful for individual users—these principles themselves are benchmarks you can use when assessing an AI service.
SFC and HKMA regulatory requirements for generative AI in finance
On 12 November 2024, the Securities and Futures Commission (SFC) issued the circular Use of Generative AI Language Models (Document No.: 24EC55). It explicitly categorizes “providing investment advice, investment opinions, or investment research to investors or clients” as a high-risk use case, and requires licensed corporations to notify the SFC before adopting such capabilities. Specific requirements for high-risk scenarios include model validation, human review/intervention for outputs, disclosure to users that they are interacting with AI, and stringent cybersecurity and data-governance measures (including encrypting non-public data and prohibiting the input of sensitive information into AI models). (Source: SFC Circular (24EC55): Use of Generative AI Language Models)
The Hong Kong Monetary Authority (HKMA) also issued a generative AI circular on 19 August 2024, adding supplementary requirements from a consumer-protection perspective: financial institutions must provide customers with options to opt out or request human intervention, and must establish ongoing monitoring mechanisms to ensure the quality of AI outputs. (Source: HKMA Circular: Consumer Protection in respect of Use of Generative Artificial Intelligence)
The common signal from all three regulators is clear: in financial AI scenarios, privacy protection, accountability, and transparency are not optional features—they are baseline design requirements.
Three privacy risks that are easy to underestimate
With the regulatory frameworks in mind, let’s look at real user scenarios. The following three types of risk are relatively common yet often overlooked.
Conversations being used for model training
Most mainstream AI tools, by default, use user conversations as training data to improve their models. Even when providers offer an option to disable this, in most cases users must proactively go into settings and turn it off manually—and this step is rarely emphasized. More importantly, once you have entered specific position allocations or financial plans, even if you disable training afterward, most services’ terms are unclear about whether data you already submitted will still be used and how you can withdraw it.
The exposure created by handing API keys to third parties
Some users, in order to allow an AI tool to directly access market data or account information, paste their broker API keys into third-party tool settings, or even write them into configuration files for open-source projects. If that configuration file is pushed to a public code repository—or if the third-party tool itself has security vulnerabilities—your account’s operating permissions may be exposed. In the Open Web Application Security Project (OWASP) Top 10 for LLM Applications, “Sensitive Information Disclosure” and “Insecure Output Handling” have long ranked near the top; this is not accidental. (Source: OWASP Top 10 for LLM Applications)
Cross-border transfers and the fine print
Overseas AI tools often store data in different jurisdictions such as the United States, Singapore, or the European Union. Details about transmission paths and compliance with the Personal Data (Privacy) Ordinance are typically buried in the last few pages of the terms of service. In addition, clauses such as “sharing data with affiliates, advertising partners, and analytics service providers” are very common in many platforms’ privacy policies, yet most users have never carefully reviewed the exact sharing scope or data retention periods.
How to tell whether an AI investing tool is trustworthy
To evaluate an AI investing tool’s data-security standards, you can start with four dimensions.
Key clauses in the privacy policy: Search the provider’s privacy policy for keywords like “training,” “retention,” and “third-party” to quickly locate the most critical clauses. Pay attention to whether the platform uses conversations for model training by default, whether there is an opt-out option, how long data is retained, whether data is shared with third parties, and the jurisdiction(s) where data is stored.
Security certifications and audit reports: SOC 2 Type II, ISO 27001 (information security management), and ISO 27701 (privacy information management) are common industry security standards. Holding these certifications does not mean absolute security, but it indicates the platform has processes for regular independent third-party audits, providing institutional safeguards for accountability and incident traceability.
Granularity of permissions: Mature tools split account permissions into different levels, such as “read-only quotes,” “read positions,” and “execute trades.” If a tool asks for full trading permissions when you only need market quotes, that is a signal worth scrutinizing.
Data-processing architecture: Is data sent directly to a third-party model provider, or is it relayed through the provider’s backend first for forwarding, filtering, and de-identification? The risk exposure differs significantly between these two designs, and it is worth understanding clearly before choosing a tool.
The other side of data security—can you trace the data the AI sees?
Data security has two directions. Above, we discussed how your data is protected, but there is another direction that is just as important: are the data used by the AI tool itself reliable and traceable?
Most AI tools are built on training data with a cutoff date. They can explain a company’s business model and reference historical financial performance, but they cannot guarantee that the numbers they cite are current, nor can they verify the original source of every figure. For everyday information queries, this limitation may not matter; but for investment research, outdated or unverifiable data can directly affect decision-making.
A more ideal design approach is not to rely on a language model’s internal memory or approximate inference, but instead to connect queries to traceable financial data sources, so that every number comes with a verifiable provenance. This design principle is precisely Longbridge AI (LongbridgeAI)’s default starting point: treating real-time, traceable market data as the foundational layer for analysis rather than an add-on feature. Traditionally, data of this quality required access to professional terminals.
When you can trace every number provided by AI, the question “Is this AI’s analysis credible?” shifts from a subjective feeling to something that can be verified. If you want to dive deeper into the design of Longbridge AI’s research tools, you can refer to the AI Investing column at Longbridge Academy.
MCP architecture: keep the API key on your side

In the traditional approach, users need to hand a broker’s or data provider’s API key directly to an AI tool, which then accesses data on the user’s behalf. The problem with this design is that if the API key leaks, your account exposure can be complete and long-term, and you have almost no control over where the key goes.
The Model Context Protocol (Model Context Protocol, MCP) offers an alternative architectural approach. Under MCP, the data source provides its own managed server (an MCP Server). AI tools obtain data through this server instead of directly holding your API key. For users, the differences are: you don’t need to hand a long-lived API key to a third party; the authorization scope is controlled by the data source; and when you need to revoke authorization, the path is clearer.
Longbridge Skill is a connector built on this architecture. It allows the AI tools you already use—such as ChatGPT, Gemini, Cursor, or Codex—to access Longbridge data such as market quotes via a hosted MCP Server, without requiring you to manage API keys yourself. One point needs to be made clear: the substantive analysis and the generation of answers are handled by the third-party AI tool you choose; Longbridge Skill’s role is limited to data access, connection management, and permission control, and it does not provide investment advice.
This architecture also echoes another important design principle. Longbridge AI’s overall positioning is to treat AI as a research assistant and the investor as the final decision-maker (the so-called “CEO model”): AI organizes data and presents analysis; the responsibility for signing off and making judgments always remains with the user. AI doesn’t place orders—people do. This is both a compliance-driven design and a way to respect users’ sovereignty over data-informed judgment.
This architectural design does not mean “absolute security”; the security of the entire chain depends on every link. But it at least removes the common risk point of “API keys directly connected to a third party,” representing an attempt to reduce exposure at the architectural level. To learn more about use cases for AI investing tools, you can read more in the AI Investing column at Longbridge Academy.
A privacy checklist for Hong Kong investors
To consolidate the analysis above, here are five actionable steps.
First, find and turn off the setting for “use conversations to train the model.” Most mainstream AI tools provide this setting, but it is enabled by default and requires you to disable it proactively.
Second, if you truly need to authorize a broker account connection, prioritize tools that support MCP or similar managed architectures, and avoid handing long-lived API keys directly to third-party services.
Third, grant only the minimum permissions necessary. If you only need market quotes, you don’t need to enable trade-execution permissions; if you only need to read positions, you don’t need to authorize order submission.
Fourth, log in to your broker’s backend regularly to review the list of authorized API keys and OAuth connections, and revoke third-party connections you no longer use.
Fifth, avoid entering personally identifiable information into an AI tool’s chat box, such as a full account number or Hong Kong ID number. When asking investment questions, express them in terms of percentages, sectors, and asset classes—you don’t need to include specific numbers that can identify you.
Conclusion
AI tools are entering investing scenarios far faster than most users are building data-security awareness—and to some extent, faster than regulatory frameworks are being updated. The guidance from the PCPD, SFC, and HKMA sets the direction for the industry; but in areas not explicitly covered by regulatory frameworks, users need to take on more responsibility for making their own data-related judgment calls.
The “two-sided nature of data security” this article attempts to unpack can ultimately be reduced to one question: which data are you willing to entrust to which tool? Conversation content, access credentials, and behavioral traces each carry different levels of sensitivity; whether a tool’s data is traceable and whether its architecture minimizes risk are also dimensions you can evaluate proactively. The power of choice always remains with you.
Choosing the right tool depends on your investment objectives, risk tolerance, and how much you value privacy. Whatever AI investing tool you choose, you need to fully understand its data-handling practices and permission design. You can learn more about AI investing through Longbridge Academy, or download the Longbridge App to explore the design philosophy and capabilities of Longbridge AI tools.
This article is for reference only and does not constitute any investment advice. Investing involves risks; please assess carefully before entering the market.






