Privacy Policy

1. Introduction

StockWin ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using StockWin, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

• Email address
• Name (if provided through OAuth)
• Profile information from third-party authentication providers (e.g., Google)
• Password (encrypted and never stored in plain text)

2.2 Usage Data

We automatically collect information about how you use our Service:

• Login timestamps and session duration
• Predictions viewed and interaction history
• Browser type, device information, and IP address
• Pages visited and features used
• Error logs and performance data

2.3 Payment Information

For paid subscriptions, payment information is processed by our third-party payment processor (Stripe). We do not store your complete credit card information on our servers. We only retain:

• Last 4 digits of your card
• Card brand (Visa, Mastercard, etc.)
• Billing history and transaction records
• Subscription status and renewal dates

2.4 Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze usage patterns and improve our Service
• Provide personalized content

3. How We Use Your Information

We use the collected information for:

• Service Delivery: Provide AI-powered predictions and personalized portfolio insights
• Account Management: Create and maintain your account, process subscriptions
• Communication: Send important updates, subscription notifications, and security alerts
• Improvement: Analyze usage patterns to improve our AI models and user experience
• Security: Detect and prevent fraud, abuse, and security incidents
• Compliance: Meet legal and regulatory obligations
• Marketing: Send promotional emails (you can opt-out at any time)

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

4.1 Service Providers

• Supabase: Authentication and database services
• Stripe: Payment processing
• Vercel: Hosting and infrastructure
• Analytics Providers: Usage analytics and monitoring

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Legal process or government requests
• Court orders or subpoenas
• Protection of our rights, privacy, safety, or property
• Investigation of fraud or security issues

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with hashed passwords
• Regular security audits and vulnerability assessments
• Access controls and role-based permissions
• Automated backups and disaster recovery procedures

6. Data Retention

We retain your personal information for as long as:

• Your account is active
• Needed to provide the Service
• Required for legal, tax, or regulatory purposes
• Necessary to resolve disputes or enforce agreements

When you delete your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

7.1 Access and Portability

Request a copy of your personal data in a portable format

7.2 Correction

Update or correct inaccurate information in your account settings

7.3 Deletion

Request deletion of your account and personal data (subject to legal retention requirements)

7.4 Opt-Out

• Unsubscribe from marketing emails using the link in each email
• Disable cookies through your browser settings (may affect functionality)
• Opt-out of analytics tracking

7.5 Restriction and Objection

Request restriction of processing or object to certain data uses

To exercise these rights, contact us at stockwin.win@proton.me

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email notification
• Prominent notice on our Service
• Updating the "Last Updated" date

Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

13. Regulatory Compliance

We comply with applicable data protection regulations, including:

• General Data Protection Regulation (GDPR) for EU users
• California Consumer Privacy Act (CCPA) for California residents
• Other applicable state and federal privacy laws