Privacy Policy

1. What information do we collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

The personal information we collect may include:

• Email address — collected at account registration and used to identify your account and communicate with you.
• Portfolio holdings data — stock tickers, quantities, and values that you voluntarily enter to use the analysis features. This data is stored locally in your browser (localStorage) and transmitted to our servers only when you request an analysis.

Financial Data. If you purchase a subscription, your payment is processed by Stripe, Inc. We do not store payment card details on our servers. We may have access only to limited information such as the last four digits of your card and your billing country.

Sensitive Information. We do not process sensitive personal information (such as health data, racial or ethnic origin, religious beliefs, or biometric data).

Information automatically collected

In Short: Some information — such as your IP address and browser characteristics — is collected automatically when you visit our Services.

We automatically collect certain technical information when you visit or use the Services. This may include:

• Log and usage data: IP address, browser type, browser version, pages visited, time and date of visit, time spent on pages, and other diagnostic data.
• Device data: Device type, operating system, screen resolution, and hardware configuration.
• Location data: General geographic location derived from your IP address (country/region level only).

2. How do we process your information?

In Short: We process your information to provide and improve our Services, communicate with you, and comply with the law.

We process your personal information for the following purposes:

• To provide and operate the Services, including generating AI-powered portfolio analysis and delivering responses from the Clarity assistant.
• To manage your account, including authentication and account settings.
• To process your subscription and manage billing via Stripe.
• To send you administrative communications, including service updates, security alerts, and policy changes.
• To improve the Services through analytics on how users interact with features.
• To enforce our terms and protect the security and integrity of the Services.
• To comply with applicable legal obligations, including Australian Privacy Principles and international data protection laws.

3. When and with whom do we share your personal information?

In Short: We may share your information with specific service providers necessary to operate the Services. We do not sell your personal information.

We share personal information only in the following circumstances:

• Anthropic, Inc. (USA) — Portfolio context and questions are transmitted to Anthropic's Claude API to power the Clarity AI assistant. Portfolio data is not stored by Anthropic beyond the duration of the in-flight request and is not used to train AI models.
• Netlify, Inc. (USA) — Our hosting and serverless infrastructure provider. Network-level access logs may be retained by Netlify in accordance with their privacy policy.
• Stripe, Inc. (USA) — Payment processing for subscriptions. Stripe processes your payment card data directly and is PCI DSS compliant.
• Third-party market data providers (e.g. Finnhub) — We retrieve publicly available stock prices and news data from these providers. We do not share your personal information with them.
• Business transfers — If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.
• Legal requirements — We may disclose your information if required to do so by law or in response to valid requests by public authorities.

We do not sell, trade, or rent your personal information to third parties for their own marketing or commercial purposes.

4. Do we use cookies and other tracking technologies?

In Short: We use browser localStorage to save your portfolio locally, and may use basic analytics technologies.

We use browser localStorage to save your portfolio holdings on your own device. This data does not leave your device unless you explicitly run an analysis. We may also use standard session cookies for authentication once account features are available.

We may integrate basic web analytics (such as page view counting) that collect anonymised usage data. We do not use advertising cookies or cross-site tracking technologies.

Most browsers allow you to control cookies through browser settings. Disabling cookies may affect certain features of the Services.

5. Do we offer artificial intelligence-based products?

In Short: Yes — Clarity, our AI portfolio assistant, is powered by Anthropic's Claude models.

The Clarity AI assistant and AI-generated portfolio analysis features use large language models provided by Anthropic, Inc. When you use these features:

• Your portfolio holdings and your questions are transmitted to Anthropic's API to generate a response.
• This data is processed by Anthropic solely for the purpose of generating that response.
• It is not used to train Anthropic's models and is not retained by Anthropic beyond the in-flight API request.
• We do not persist your portfolio data on our own servers beyond the duration of the API call.

Important limitation: AI-generated outputs are for informational and educational purposes only. See Section 12 for the full No Financial Advice disclaimer.

6. How long do we keep your information?

In Short: We retain your information only as long as necessary for the purposes described in this policy, or as required by law.

We will only keep your personal information for as long as you maintain an account with us, or as necessary to fulfil the purposes in this policy. When retention is no longer necessary, we will delete or anonymise your personal information. If deletion is not immediately possible (e.g. due to backup archives), we will isolate the information from further processing until deletion is possible.

7. How do we keep your information safe?

In Short: We use technical and organisational measures to protect your personal information.

We have implemented appropriate technical and organisational security measures, including:

• HTTPS encryption for all data in transit.
• Server-side API key management — third-party API keys are never exposed to the client browser.
• Portfolio data is not persistently stored on our servers — it is processed in memory for the duration of each request only.
• Access controls limiting who can access our infrastructure and data.

No electronic transmission over the internet is 100% secure. While we take all reasonable precautions, we cannot guarantee the absolute security of information you transmit to us.

8. Do we collect information from minors?

In Short: We do not knowingly collect data from or market to anyone under 18 years of age.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. By using our Services, you represent that you are at least 18 years old. If we discover that we have inadvertently collected information from a minor, we will take reasonable steps to delete such information promptly. If you believe we may have collected information from a minor, please contact us at ianlu160604@gmail.com.

9. What are your privacy rights?

In Short: Depending on your location, you have rights over your personal information.

All users

You may at any time: request access to the personal information we hold about you; request correction of inaccurate information; request deletion of your account and associated data; or withdraw consent where we rely on consent to process your information. To exercise these rights, contact us at ianlu160604@gmail.com.

EU / UK users (GDPR)

If you are in the EEA, UK, Iceland, Liechtenstein, or Norway, you have rights under the GDPR including: right of access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and the right to object to processing. You also have the right to lodge a complaint with your local data protection authority.

US users (CCPA)

If you are a California resident, you have rights under the CCPA including: the right to know what personal information we collect, use, disclose, and sell (we do not sell personal information); the right to request deletion; and the right not to be discriminated against for exercising your privacy rights.

Account Information

Once account features are live, you may review and update your account information by logging in to your account settings. You may terminate your account at any time, after which we will deactivate and delete your data from active databases, subject to any legal retention requirements.

10. Controls for do-not-track features

Most web browsers and some mobile operating systems include a Do-Not-Track (DNT) setting. We do not currently respond to DNT signals as no uniform standard for DNT has been finalised. If a standard is adopted that we are required to follow, we will update this policy accordingly.

11. Do other regions have specific privacy rights?

Australia

Our Privacy Policy is designed to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you are an Australian resident, you have the right to:

• Request access to or correction of personal information we hold about you.
• Make a complaint to us if you believe we have breached the APPs.
• If unsatisfied with our response, lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

To exercise these rights or lodge a complaint, contact us at ianlu160604@gmail.com.

12. No financial advice

13. Do we make updates to this notice?

In Short: Yes, we will update this notice as required to remain compliant with applicable laws.

We may update this privacy notice from time to time. The updated version will be indicated by a revised "Last updated" date. If we make material changes, we will notify you by email or by displaying a prominent notice within the Services. We encourage you to review this policy periodically.

14. How can you contact us about this notice?

If you have questions or comments about this privacy policy, you may contact us by email at ianlu160604@gmail.com.

15. How can you review, update, or delete the data we collect from you?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correction of inaccuracies, or deletion of your personal information. You may also have the right to withdraw your consent to our processing of your personal information.

To submit a request, please contact us at ianlu160604@gmail.com. We will respond in accordance with applicable data protection laws.