Privacy Policy

1. Information We Collect

We collect the following categories of information:

• Account information: Email address and encrypted password (managed by Supabase Auth)
• Investment profile: Risk level, monthly budget, investment goals, horizon, market and sector preferences
• Portfolio data: Holdings you add (tickers, shares, buy prices), screenshots you upload for extraction
• Analysis data: Stock analysis and monitoring preferences you configure
• Usage data: Interaction logs, feature usage, bot conversations (retained as rolling 6-message window)
• Consent records: Timestamps, IP addresses, and user agent strings at the time of consent (stored immutably)

2. How We Use Your Information

• To provide personalised portfolio monitoring and AI analysis
• To generate alerts, recommendations, and stock analysis
• To deliver Telegram bot responses when you link your account
• To improve AI accuracy through anonymised interaction logging
• To maintain legal compliance via consent records

3. AI Processing

Your portfolio data is sent to Anthropic Claude AI for analysis. We send only the data necessary for each specific analysis task. Anthropic does not use API inputs to train their models. AI outputs are labelled as AI-generated throughout the Platform.

4. Data Storage & Security

All data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) ensuring you can only access your own data. All communication uses HTTPS/TLS encryption. We never store your password in plain text.

5. Data Retention

• Price data: 90 days
• Bot conversations: Rolling 6-message window, reset after 4 hours of inactivity
• Consent records: Retained indefinitely (immutable, cannot be deleted)
• Account & portfolio data: Retained while your account is active
• Analysis history: Retained while your account is active

6. Data Sharing

We do not sell your data. We share data only with the following third-party services necessary to operate the Platform:

• Supabase: Database hosting and authentication
• Anthropic: AI analysis (via API, no model training on your data)
• Telegram: Message delivery (only if you link your account)
• Finnhub/EODHD: Market data (ticker symbols only, no personal data)

7. Your Rights

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your account and associated data (except immutable consent records retained for legal compliance)
• Export your data in a machine-readable format
• Withdraw consent by closing your account

8. Cookies

We use essential cookies only for authentication session management. We do not use tracking cookies or third-party analytics cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. You will be notified of material changes and required to re-accept updated terms before continuing to use the Platform.

10. Contact

For privacy-related questions or data requests, contact us at privacy@portfolioguardian.app.