Privacy Policy
At Fintrax, we take your privacy seriously. This Privacy Policy explains what personal data we collect when you use our AI equity-research and education service, how we use it, who processes it on our behalf, and the rights you have under UK data protection law.
1. Information We Collect
Account Information
When you create an account we collect:
- Your email address and password (handled by our authentication provider, Supabase Auth)
- Your subscription and billing status (e.g. free or Pro, renewal state)
Research Activity
As you use the product we store:
- The company ticker symbols you add to your watchlist
- Usage counters — for example, how many briefs you have viewed and how many questions you have asked in a period (used to apply plan limits)
- The questions you type into the “Ask the analyst” copilot
We do not connect to your bank, use open banking, or collect your bank statements, transactions, account balances, or any uploaded financial documents. Fintrax analyses public companies from public sources, not your personal finances.
Payment Information
Payments are handled entirely by Stripe. Fintrax never sees or stores your card number. We receive only a subscription status and identifiers from Stripe so we can enable the right plan for your account.
Technical Information
We automatically collect a limited amount of technical data:
- Server logs (such as IP address and request metadata) needed to run and secure the service
- Error diagnostics via our monitoring provider, Sentry
- Privacy-focused usage analytics via Vercel Analytics
2. How We Use Your Information
We use your information to:
- Provide the analyst briefs, Q&A copilot, watchlist, and daily digest
- Generate answers to the questions you ask (see section 4)
- Apply your plan's usage limits and manage your subscription
- Provide customer support
- Keep the service secure, prevent abuse, and diagnose errors
- Comply with our legal obligations
We do not sell your personal data, and we do not use your account data to make personalised investment recommendations — the service is impersonal by design.
3. Legal Bases for Processing (UK GDPR)
Under UK GDPR, we rely on the following lawful bases:
- Performance of a contract: to provide the service you have signed up for, including generating briefs and answers and managing your subscription
- Legitimate interests: to keep the service secure, prevent abuse, understand aggregate usage, and improve the product — balanced against your rights
- Legal obligation: where we must retain or disclose information to comply with the law
4. AI Processing of Your Questions
When you ask the copilot a question, the text of that question, along with relevant market data and news, is sent to Anthropic (the provider of the Claude models) so that an answer can be generated. The same applies to the source material used to produce our analyst briefs.
Your questions are not used to train AI models. They are processed only to return an answer to you.
5. Processors and Sub-processors
We use the following providers to run the service. We share only the data each needs to perform its function.
- Supabase — database and authentication, hosted in London (eu-west-2). Stores your account, watchlist, and usage data.
- Anthropic — generates AI briefs and answers from the questions and source material we send it.
- Stripe — processes payments and holds your card details; Fintrax never receives them.
- Vercel — hosts the application and provides privacy-focused analytics.
- Sentry — error monitoring and diagnostics.
- Financial Modeling Prep and Finnhub — market data and news providers. They receive only the ticker symbols requested, never your personal data.
- Voyage AI — generates embeddings of public filings for search. It receives no personal data.
We may also disclose information where required by law, or in connection with a merger, acquisition, or sale of assets. We do not sell your personal data.
6. International Transfers
Your account data is held in the UK (London region). Some processors, such as Anthropic and Stripe, may process data outside the UK. Where they do, we rely on appropriate safeguards such as UK adequacy regulations or the International Data Transfer Agreement / Standard Contractual Clauses.
7. Data Security
We implement appropriate technical and organisational measures, including:
- Encryption of data in transit and at rest
- Row-level security so each account can only access its own data
- Access controls and authentication
- Reputable, security-conscious hosting and infrastructure providers
No system is completely secure, but we work to protect your information and to limit what we collect to what we need.
8. Data Retention
- Account and research data (email, watchlist, usage counters): retained until you delete your account
- Server logs: retained for approximately 30 days
- Billing records: retained as required to meet our legal and accounting obligations
9. Your Rights Under UK GDPR
You have the right to:
- Access: request a copy of the personal data we hold about you
- Rectification: correct inaccurate personal data
- Erasure: request deletion of your personal data
- Portability: receive your data in a portable format
- Restriction: limit how we use your data
- Object: object to processing based on our legitimate interests
To exercise any of these rights, contact us at privacy@fintrax.app.
10. Cookies
We use essential cookies for authentication and a small number of analytics cookies. See our Cookie Policy for details.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email and by updating the “Last updated” date.
12. Contact and Complaints
Data Controller: Fintrax Ltd
Address: [Your Business Address]
Email: privacy@fintrax.app
If you have concerns about how we handle your personal data, you have the right to complain to the Information Commissioner's Office (ICO):
ICO: ico.org.uk
Phone: 0303 123 1113