Privacy Policy
Effective Date: April 15, 2026 | Version 1.1
AlgoForgeX ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our platform.
1. Information We Collect
1.1 Information You Provide
| Category | Data | Purpose |
|---|
| Account | Email address, password (hashed) | Authentication and account management |
| Profile | Display name, bio, experience level, investment focus, avatar | Personalization and AI context |
| Portfolio | Holdings, trades, cost basis, dividends | Portfolio tracking and analytics |
| Research | Research queries, journal entries, notes, workspace data | Research features and AI analysis |
| Support | Contact form submissions, bug reports, ticket communications | Customer support |
| Billing | Subscription tier (payment details handled by Stripe) | Subscription management |
1.2 Information We Collect Automatically
- Usage data: Pages visited, features used, timestamps, session duration
- Device data: Browser type, operating system, screen resolution
- Log data: IP address, error logs, API request metadata
1.3 Information from Third Parties
- Market data providers: Third-party financial data providers supply market data such as prices, fundamentals, and economic indicators (not personal data)
- AI providers: We send your research queries to third-party AI providers for processing. These queries may include portfolio context you've entered. See Section 5 for details.
- Stripe: Subscription status and billing events (we do not store credit card numbers)
2. How We Use Your Information
- Provide services: Portfolio tracking, research, analytics, alerts, and all Platform features
- AI analysis: Send research queries with relevant context to AI providers to generate analysis
- Personalization: Tailor AI responses, dashboard layout, and feature recommendations based on your profile and experience level
- Communication: Send account notifications, support responses, and (with consent) product updates
- Security: Detect fraud, prevent abuse, and maintain Platform integrity
- Improvement: Analyze usage patterns to improve features and user experience (aggregated, not individual)
3. How We Protect Your Data
We implement industry-standard security measures:
- Encryption at rest: Transparent data encryption (TDE) for all database storage
- Column-level encryption: AES-256-CBC with HMAC authentication for sensitive fields (PII, client data)
- Encryption in transit: TLS 1.2+ for all network communications
- Access controls: Role-based access with data isolation ensuring users only see their own data
- Secret management: Industry-standard key vault with managed identity for all credentials
- Password security: Cryptographic hashing (passwords are never stored in plaintext)
4. Data Sharing and Subprocessors
We do not sell your personal information. We share data only with the following named subprocessors and service providers:
| Subprocessor | Service Provided | Data Shared | Location |
|---|
| Anthropic, PBC | AI research (Claude) | Research queries and selected context | United States |
| OpenAI, LLC | AI research (ChatGPT) | Research queries and selected context | United States |
| Stripe, Inc. | Payment processing | Email, subscription plan, payment details | United States |
| Microsoft Azure | Cloud hosting (App Service, SQL, Key Vault, Functions) | All Platform data | United States |
| Azure Communication Services (Microsoft) | Transactional email delivery | Email address, email body | United States |
| Azure Application Insights (Microsoft) | Usage analytics and error telemetry | Page views, session data, device/browser, IP address | United States |
| Finnhub, AlphaVantage, FRED, TwelveData, Reddit | Market data and sentiment | Ticker symbols only (no personal data) | United States |
We may also disclose information if required by law, legal process, or to protect the rights, property, or safety of AlgoForgeX or others.
5. AI Provider Data Processing
When you use AI research features, your queries and selected context (market data, portfolio holdings, prior research) are sent to third-party AI providers for processing. These providers have their own privacy policies and data retention practices:
We have executed commercial API agreements with both providers that prohibit the use of your data to train their models. We do not send your email, password, or billing information to AI providers. AI-generated outputs are stored in your account for research history purposes.
6. Data Retention
- Active accounts: We retain your data for as long as your account is active
- Deleted accounts: Upon account deletion, your data is permanently removed within 30 days (some audit logs may be retained longer for compliance)
- Compliance records: Adviser tier CRM communications and compliance audit logs are retained per SEC Rule 17a-4 requirements (minimum 3 years for most records, 6 years for certain communications)
- Email logs: Sent email records are retained for 7 days for delivery monitoring
7. Your Rights
7.1 All Users
- Access: View your data through the Platform's UI (portfolio, research, profile, etc.)
- Correction: Update your profile and account information at any time
- Deletion: Delete your account and all associated data via the Account settings page
- Export: Export your portfolio, research, and journal data (PDF/Excel)
7.2 European Users (GDPR)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Legal basis: We process your data based on contractual necessity (providing the service), legitimate interest (security, improvement), and consent (marketing communications)
- Data portability: Request a machine-readable export of your data
- Right to object: Object to processing based on legitimate interest
- Right to restriction: Request we limit how we process your data
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing
- Supervisory authority: Lodge a complaint with your local data protection authority
To exercise these rights, contact us at admin@algoforgex.com.
7.3 California Users (CCPA/CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and its amendment (CPRA):
- Right to know: What personal information we collect, use, and share
- Right to correct: Request correction of inaccurate personal information
- Right to delete: Request deletion of your personal information
- Right to opt-out: We do not sell personal information. We do not share personal information for cross-context behavioral advertising
- Right to limit use of sensitive personal information: Financial account information (portfolio holdings, trading history) may qualify as sensitive PI under CPRA. We use this information solely to provide the services you request; we do not use it for secondary purposes, and you may contact us to further limit its use
- Non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights
- Authorized agent: You may designate an authorized agent to make requests on your behalf; we may require verification of the agent's authority
7.4 Do Not Track
Some browsers transmit "Do Not Track" (DNT) signals. AlgoForgeX does not use third-party behavioral advertising or cross-site tracking, so our data practices do not change based on DNT signals. We treat all users with the same privacy protections regardless of DNT settings.
8. Cookies and Tracking
AlgoForgeX uses essential cookies and similar technologies for:
- Authentication: Session cookies to keep you signed in
- Preferences: Theme (dark/light mode), dashboard layout preferences stored in localStorage
- Anti-forgery: CSRF protection tokens
- Analytics (Azure Application Insights): Microsoft Application Insights is loaded on public and authenticated pages to measure page views, session duration, errors, and user geography. It may set cookies and use localStorage/sessionStorage to generate a non-identifying session ID. No advertising identifiers are used. See Microsoft's privacy statement for details on how Application Insights handles telemetry.
We do not use third-party advertising cookies or tracking pixels. We do not participate in ad networks.
9. Children's Privacy
AlgoForgeX is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we discover we have collected data from a child under 18, we will delete it promptly.
10. International Data Transfers
Our services are hosted on cloud infrastructure in the United States. If you are located outside the United States — including in the European Economic Area (EEA), the United Kingdom, or Switzerland — your data will be transferred to and processed in the United States, which may not offer the same level of data protection as your country.
Transfer mechanisms: For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on the Standard Contractual Clauses (SCCs) adopted by the European Commission (and the UK Addendum / Swiss equivalent where applicable), which are incorporated into our service-provider agreements with our US-based subprocessors (including Microsoft, Anthropic, OpenAI, and Stripe). Where those providers are certified under the EU–U.S. Data Privacy Framework, we also rely on that framework. You may request a copy of the applicable transfer mechanism by contacting admin@algoforgex.com.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification. The "Effective Date" at the top indicates the latest revision.
12. Contact Us
For privacy-related questions or to exercise your data rights: