Privacy Policy

Last updated: February 2026

1. Information We Collect

We collect the following types of information:

  • Account information: email address, display name, and hashed password (bcrypt) when you register
  • Usage data: pages visited, features used, AI analyses requested, commands executed, and interaction timestamps
  • Analysis history: tickers analyzed, saved reports, trade journal entries, portfolio configurations, and shared analysis metadata
  • Device & network information: browser type, operating system, screen resolution, and IP address (for security, rate limiting, and trial abuse prevention)
  • Payment information: billing details are collected and processed by Stripe. We never store full credit card numbers on our servers.

2. How We Use Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your subscription and billing through Stripe
  • Personalize your experience and deliver relevant analysis
  • Monitor usage patterns to improve product quality and reliability
  • Communicate important updates about the Service or your account
  • Enforce our Terms of Service and protect against misuse
  • Prevent abuse of free trials and detect fraudulent activity (via IP address tracking)
  • Send milestone notifications (e.g., when a shared analysis reaches view milestones)

3. Data Storage & Security

Your data is stored in secure databases with encryption at rest (AES-256) and in transit (TLS 1.2+). We implement industry-standard security measures including:

  • Regular encrypted backups and disaster recovery procedures
  • Role-based access controls — no employee has access to raw user data without audit logging
  • HSTS, CSP, XSS protection, and CORS headers on all API responses
  • IP-based rate limiting and brute-force protection on authentication endpoints
  • API key and credential sanitization in all error responses
  • Passwords are hashed using bcrypt — we never store or log plaintext passwords

4. Third-Party Services & AI Data Handling

We share limited data with the following third-party services:

  • Stripe: processes payment information for subscription billing. We do not store your credit card details. See Stripe's Privacy Policy.
  • Third-party AI service providers: When you run an analysis, your ticker symbol and market data context are sent to one or more AI inference providers to generate insights. We do NOT send your email, name, account details, or any personally identifiable information to these providers. All queries are anonymized and contain no user-identifiable data.
  • Market data providers: receive ticker symbols to fetch real-time and historical market data. No user data is shared with data vendors.

We do not sell, rent, or trade your personal information to any third parties. We do not use your data to train AI models.

5. Cookies & Local Storage

VigQuant uses essential client-side storage only:

  • JWT authentication tokens stored in localStorage
  • Session flags for UI state (banner dismissals, display mode preference)
  • Theme preference (modern/terminal mode)

We do not use third-party tracking cookies or advertising pixels.

6. IP Address Collection

We collect and store your IP address for the following purposes:

  • Security: brute-force protection, rate limiting, and fraud detection
  • Trial abuse prevention: ensuring one free trial per household/network
  • Audit logging: maintaining security audit trails

IP addresses associated with trial claims are retained indefinitely to prevent abuse. IP addresses for general usage are retained for 90 days and then anonymized.

7. Your Rights

You have the right to:

  • Access your personal data and request a copy
  • Export your data in a portable, machine-readable format (JSON)
  • Delete your account and all associated data permanently
  • Correct inaccurate or incomplete personal information
  • Restrict processing of your data in certain circumstances

To exercise any of these rights, contact us at privacy@vigquant.com. We will respond within 30 days.

8. GDPR Compliance (EU/EEA Users)

If you are located in the European Union or European Economic Area:

  • Legal basis: We process data based on contractual necessity (providing the Service), legitimate interest (security, fraud prevention), and consent (where applicable).
  • Right to erasure: You may request deletion of all personal data. We will comply within 30 days, except where legal retention is required.
  • Data portability: You may request your data in a structured, machine-readable format.
  • Right to object: You may object to processing based on legitimate interest.
  • Data transfers: Your data may be transferred to and processed in the United States. We use standard contractual clauses and appropriate safeguards.
  • Data Protection Officer: Contact our DPO at dpo@vigquant.com.
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority.

9. CCPA Rights (California Users)

If you are a California resident, you have additional rights under the CCPA:

  • Right to know: You may request disclosure of what personal information we collect, use, and share.
  • Right to delete: You may request deletion of your personal information.
  • Right to opt-out: We do not sell personal information, so there is nothing to opt out of.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email privacy@vigquant.com with subject "CCPA Request."

10. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we permanently remove your personal data within 30 days, except:

  • Billing records retained for 7 years (tax compliance)
  • Trial claim IP records retained indefinitely (abuse prevention)
  • Anonymized, aggregated usage statistics (no personal data)

11. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided personal data, we will delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new date, and for significant changes, via email. Your continued use of the Service constitutes acceptance of the updated policy.

13. Contact

If you have any questions about this Privacy Policy, contact us at:

privacy@vigquant.com

dpo@vigquant.com