Privacy Policy
Last updated: May 5, 2026
1. What data we collect
Account data:
- Name and email address (on registration)
- Password (stored as BCRYPT hash — never in plain text)
Financial data you enter:
- Portfolios and investment positions (names, tickers, quantities, prices)
- Proposed actions for evaluation
- Decision history and verdicts
Usage data:
- Access and activity logs (IP, timestamps, actions)
- Subscription and billing information (processed by Stripe)
2. How we use your data
- Provide the Service: evaluate actions, show history, calculate plan usage
- Send service notifications (verdict emails, plan alerts)
- Detect and prevent fraud or abuse
- Improve the Service through aggregate, anonymised analytics
- Comply with legal obligations
We do not sell your personal or portfolio data to third parties.
3. Data shared with third parties
| Third party | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, billing data |
| SEC EDGAR | Public company data | Ticker/symbol queried only |
| Yahoo Finance | Real-time market data | Symbol queried only |
4. Data retention
We retain your data while your account is active. When you close your account, we delete or anonymise your personal data within 30 days, except data we must retain due to legal or tax obligations.
5. Security
- Passwords stored with BCRYPT (cost 12) — never reversible
- Communications encrypted with TLS/HTTPS
- API secrets and tokens stored in encrypted database, not in source code
- Per-user data access enforced via prepared statements (no SQL injection)
- HTTP security headers on all responses (CSP, X-Frame-Options, HSTS)
6. Your rights
You have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Delete your account and associated data
- Export your decision history
- Object to the processing of your data
To exercise these rights, contact privacy@iquelo.com
7. Cookies
We use a single session cookie (httpOnly, SameSite=Lax) for authentication. We do not use tracking, advertising or third-party analytics cookies.
8. Changes to this policy
We will notify you of material changes by email at least 15 days in advance. The last updated date is shown at the top of this document.
9. Contact
For privacy enquiries: privacy@iquelo.com