Table of Contents
1. Information We Collect
Information you provide directly: When you register, we collect your name, email address, and a hashed password. If you subscribe to a paid plan, billing is handled by Stripe β we never store raw card numbers.
Information collected automatically: We collect usage data such as pages visited, features used, session duration, IP address, browser type, and device identifiers to improve the platform and diagnose issues.
OAuth sign-in: If you sign in via Google or GitHub, we receive your email address and display name from that provider only.
2. How We Use Your Information
We use the data we collect to: provide and operate the platform, authenticate your identity, process payments, send product and security communications, analyze usage trends to improve features, and comply with legal obligations. We do not sell your data or use it for third-party advertising.
3. Sharing Your Information
We share personal data only in the following circumstances:
- Service providers: Trusted vendors (AWS for hosting, Stripe for payments, Postmark for email) process data on our behalf under strict data processing agreements.
- Legal compliance: We may disclose data when required by law or court order.
- Business transfers: In the event of a merger or acquisition, your data may be transferred under equivalent protections.
4. Data Retention
We retain your account data for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except where legal retention requirements apply (e.g., billing records retained for 7 years).
5. Cookies & Tracking
| Cookie Type | Purpose | Duration |
|---|---|---|
| Session | Maintains your login state (JWT) | Browser session |
| Preference | Saves UI settings (theme, timeframe) | 1 year |
| Analytics | Aggregate feature usage (no PII) | 90 days |
You can disable cookies in your browser settings, though this may prevent login from functioning.
6. Your Rights (GDPR, CCPA & DPDP Act 2023)
Depending on your location, you may have rights under GDPR, CCPA, or other applicable laws. Indian users have rights under the Digital Personal Data Protection Act 2023 (DPDP Act) as a Data Principal, including:
- Right to Access: Request a summary of personal data we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.
- Right to Grievance Redressal: Lodge a complaint with our Data Protection Officer if you believe your data rights have been violated.
- Right to Withdraw Consent: Withdraw your consent for marketing communications at any time via the unsubscribe link in any email or by contacting us.
To exercise any of these rights, email privacy@stocktrendz.in or use our Data Rights Request form. We acknowledge all requests within 48 hours and resolve them within 30 days per DPDP Act guidelines.
9. Digital Personal Data Protection Act 2023 (India)
StockTrendz AI operates as a Data Fiduciary under the Digital Personal Data Protection Act 2023 (DPDP Act), enacted on 11 August 2023. This section sets out our obligations and your rights specifically under Indian law.
Legal Basis for Processing (Section 4, DPDP Act)
We process your personal data on the following legal bases:
- Consent: Account creation, marketing communications, and optional data sharing (you may withdraw consent at any time).
- Legitimate Uses: Providing the services you have subscribed to, fraud prevention, security, and legal compliance.
Data Principal Rights (Sections 12β13, DPDP Act)
As a Data Principal (user), you have the right to: access your data, correct inaccurate data, erase your data (subject to legal retention needs), and grieve any violation of your rights. See Section 6 above for how to exercise these rights.
Data Protection Officer
Our Data Protection Officer (DPO) is responsible for overseeing DPDP Act compliance. Contact: dpo@stocktrendz.in. We acknowledge grievances within 48 hours and resolve within 30 days.
Data Localisation & Cross-Border Transfers
We store primary user data on servers located in India. Where data is transferred to third-party service providers outside India (e.g., email delivery, analytics), we ensure adequate data protection safeguards are in place per DPDP Act requirements.
7. Security
We use TLS 1.3 encryption in transit, AES-256 encryption at rest, strict role-based access controls, and conduct regular third-party security audits. If you believe your account has been compromised, contact us immediately at support@stocktrendz.in .
8. Contact
For privacy questions or to exercise your rights, contact our Data Protection Officer at support@stocktrendz.in or write to:
StockTrendz AIβ’ Inc.