How AlphaVue collects, uses, and protects your personal information.
Last updated: March 15, 2026
1. Overview and Scope
This Privacy Policy explains how AlphaVue Inc. ("AlphaVue," "we," "us," or "our") collects, uses, shares, and protects your personal information when you access or use the AlphaVue platform, mobile applications, APIs, and related services (collectively, the "Service"). This Policy applies to all users of the Service worldwide.
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. If you do not agree with any part of this Privacy Policy, you should not use the Service.
This Privacy Policy should be read in conjunction with our Terms of Service and Refund Policy, which together govern your relationship with AlphaVue. In the event of a conflict between this Privacy Policy and any other AlphaVue policy, the terms of this Privacy Policy shall prevail with respect to the collection and processing of personal information.
Third-Party Authentication (Google)
We use Google OAuth for user authentication. When you sign in with Google, we request access to your basic profile information (email address and profile picture). This data is used solely to identify you, create your personal AlphaVue account, and synchronize your watchlist and settings across devices. We do not use this information for marketing or provide it to third parties.
2. Types of Information We Collect
Account Information: When you register for an Account, we collect your name, email address, password (stored in hashed form), profile preferences, and any other information you voluntarily provide during registration or account setup. If you sign in using a third-party authentication provider (such as Google or Apple), we receive your name and email address from that provider.
Financial and Payment Information: If you subscribe to a paid plan, our third-party payment processor, Stripe, collects your payment card number, expiration date, billing address, and other payment details. AlphaVue does not store complete credit or debit card numbers. We receive from Stripe only a partial card number, card type, and transaction confirmation details necessary to manage your Subscription.
Usage and Activity Data: We collect information about how you use the Service, including pages visited, features used, search queries, watchlist activity, stock analysis requests, AI interaction history, alert configurations, session duration, click patterns, and other behavioral data. We also collect device and technical information, including IP address, browser type and version, operating system, device identifiers, screen resolution, language preferences, referring URLs, and access timestamps.
Communications: If you contact us via email, contact forms, or in-app support, we collect the content of your communications, your contact information, and any attachments you provide.
3. How We Collect Information
We collect information through the following methods: (a) directly from you when you register, update your profile, subscribe to a plan, submit feedback, or communicate with us; (b) automatically through cookies, web beacons, pixels, and similar tracking technologies when you access or use the Service; (c) from third-party service providers, including Stripe (payment data), authentication providers (sign-in data), and analytics services (usage data); and (d) from publicly available sources to supplement our records where permitted by law.
We may combine information collected from different sources to provide a more complete view of your account and to improve the Service. For example, we may link your usage data with your account information to personalize your experience and provide more relevant research insights.
When you use the Service's AI analysis features, the queries you submit and the resulting AI Output may be logged for quality assurance, model improvement, and service operation purposes, subject to the data retention periods described in this Policy.
4. Purposes of Information Use
We use the information we collect for the following purposes: (a) to provide, operate, maintain, and improve the Service, including AI-powered stock analysis, alerts, watchlists, and research workflows; (b) to process transactions, manage Subscriptions, and handle billing and payment-related matters; (c) to personalize your experience, including providing customized research insights, recommendations, and content based on your usage patterns and preferences.
We also use your information: (d) to communicate with you regarding your Account, Subscription status, service updates, security alerts, and important product announcements; (e) to analyze usage trends, monitor the effectiveness of the Service, and conduct research and development for new features; (f) to detect, prevent, and address fraud, abuse, security incidents, and technical issues; and (g) to comply with applicable legal obligations, respond to lawful requests, and enforce our Terms of Service.
We may use aggregated or de-identified data that can no longer reasonably be used to identify you for any purpose, including product analytics, industry research, and marketing. Such data is not subject to the restrictions of this Privacy Policy.
5. Legal Basis for Information Use
If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following legal bases: (a) Performance of Contract — processing necessary to provide the Service and fulfill our obligations under the Terms of Service; (b) Legitimate Interests — processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where those interests are not overridden by your rights and freedoms.
We may also process your data based on: (c) Consent — where you have given us specific, informed consent to process your data for a particular purpose, such as receiving marketing communications (you may withdraw consent at any time); and (d) Legal Obligation — where processing is necessary to comply with a legal obligation to which AlphaVue is subject, such as tax reporting, financial record-keeping, or responding to lawful government requests.
Where we rely on legitimate interests as a legal basis, we conduct a balancing test to ensure that our interests do not unduly impact your rights. You may contact our Data Protection Officer at [email protected] to learn more about how we assess legitimate interests.
6. AI Data Processing
AlphaVue integrates artificial intelligence models provided by third-party providers, including Anthropic and OpenAI, to deliver AI-powered research and analysis features. When you use AI features, your queries and related contextual data may be transmitted to these providers for processing. We contractually require our AI providers to maintain appropriate data security measures and to refrain from using your data for purposes other than providing the Service.
AI interaction logs, including your queries and the resulting AI Output, are stored for the purposes of service delivery, quality assurance, debugging, and improving the accuracy and relevance of AI features. These logs are retained for the periods described in Section 11 of this Policy. We do not use your personal financial data or portfolio information to train third-party AI models.
You should exercise caution when submitting sensitive personal or financial information through AI features. While we implement reasonable safeguards, AI Output is generated algorithmically and may not always be accurate or complete. AlphaVue does not guarantee the confidentiality of information submitted through AI features beyond the protections described in this Policy.
7. Information Sharing and Disclosure
We may share your information with the following categories of third parties: (a) Payment Processors — Stripe processes your payment information to manage Subscriptions and transactions; (b) AI Service Providers — Anthropic and OpenAI process your queries to deliver AI-powered features; (c) Cloud Infrastructure and Hosting Providers — to host and operate the Service; (d) Analytics Providers — to help us understand usage patterns and improve the Service; and (e) Customer Support Tools — to manage and respond to your support requests.
We may also disclose your information: (f) when required by law, subpoena, court order, or other legal process; (g) when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of AlphaVue, our users, or the public; (h) in connection with a merger, acquisition, reorganization, asset sale, or bankruptcy proceeding, in which case the acquiring entity will be bound by this Privacy Policy with respect to your information; and (i) with your consent or at your direction.
AlphaVue does not sell your personal information to third parties. We do not share your personal information with third parties for their own direct marketing purposes without your explicit consent.
8. International Data Transfers
AlphaVue is based in the United States, and the Service is hosted and operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States and other countries where our service providers maintain facilities.
When we transfer personal data from the EEA, United Kingdom, or Switzerland to the United States or other countries, we rely on appropriate transfer mechanisms recognized under applicable data protection law, including Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Agreement, or other lawful transfer mechanisms. We also ensure that our service providers maintain adequate levels of data protection.
By using the Service, you acknowledge and consent to the transfer of your information to the United States and other jurisdictions as described in this Policy. If you have concerns about international data transfers, please contact our Data Protection Officer at [email protected].
10. Data Security Measures
We implement reasonable technical, administrative, and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include: (a) encryption of data in transit using TLS/SSL protocols; (b) encryption of sensitive data at rest; (c) access controls and authentication mechanisms to limit access to personal data to authorized personnel; (d) regular security assessments, penetration testing, and vulnerability scanning; and (e) employee training on data protection and security best practices.
Despite our efforts, no method of transmission over the internet and no electronic storage system is completely secure. We cannot guarantee the absolute security of your information. In the event of a data breach, we will follow the notification procedures described in Section 17 of this Policy.
You play an important role in protecting your information by maintaining the confidentiality of your Account credentials, using strong and unique passwords, and promptly notifying us at [email protected] if you suspect any unauthorized access to your Account.
11. Data Retention Periods
We retain your personal information for as long as your Account remains active and as reasonably necessary to provide the Service. The specific retention periods depend on the type of data: (a) Account information is retained for the duration of your Account and for up to 30 days after Account deletion to allow for account recovery; (b) payment and transaction records are retained for up to 7 years after the transaction date for tax and financial compliance purposes; (c) usage logs and analytics data are retained for up to 24 months, after which they are aggregated or deleted.
AI interaction logs are retained for up to 12 months for quality assurance and service improvement purposes, after which they are anonymized or deleted. Communications with our support team are retained for up to 3 years to ensure continuity of service and for dispute resolution purposes.
After you delete your Account, we will delete or anonymize your personal data within 30 days, except where retention is required by applicable law, necessary for dispute resolution, or needed to enforce our agreements. We may retain aggregated or de-identified data indefinitely for analytics and research purposes.
12. User Rights (General)
Depending on your jurisdiction, you may have certain rights with respect to your personal information, including the right to: (a) access the personal information we hold about you and receive a copy in a structured, commonly used, and machine-readable format; (b) correct or update inaccurate or incomplete personal information; (c) request deletion of your personal information, subject to certain exceptions; (d) restrict or object to the processing of your personal information under certain circumstances; and (e) withdraw consent where processing is based on your consent.
You can exercise many of these rights directly through your Account settings, including updating your profile information, managing notification preferences, and deleting your Account. For any rights that cannot be exercised through your Account settings, or if you have questions about your rights, please contact us at [email protected].
We will respond to your request within the timeframe required by applicable law (generally within 30 days for GDPR requests and 45 days for CCPA/CPRA requests). We may ask you to verify your identity before processing your request. We will not discriminate against you for exercising your data protection rights.
13. California Residents' Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA). These rights include: (a) the right to know what personal information we collect, use, disclose, and sell about you; (b) the right to delete your personal information; (c) the right to correct inaccurate personal information; (d) the right to opt out of the sale or sharing of your personal information; and (e) the right to limit the use and disclosure of your sensitive personal information.
AlphaVue does not sell your personal information and does not share your personal information for cross-context behavioral advertising purposes. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA/CPRA.
To exercise your rights under the CCPA/CPRA, you may contact us at [email protected] or use the privacy controls available in your Account settings. You may also designate an authorized agent to make a request on your behalf, provided the agent presents written authorization and we can verify your identity. We will not discriminate against you for exercising your CCPA/CPRA rights.
14. EU/UK Residents' Rights (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and the UK GDPR, respectively. In addition to the general rights described in Section 12, you have the right to: (a) lodge a complaint with your local Data Protection Authority (DPA) if you believe our processing of your personal data infringes applicable data protection law; (b) request data portability, meaning the right to receive your data in a structured, commonly used, and machine-readable format and to transmit it to another controller; and (c) object to processing based on legitimate interests.
Where we process your personal data based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. Where we process your personal data based on legitimate interests, you have the right to object, and we will cease processing unless we demonstrate compelling legitimate grounds that override your rights.
For EU/UK-specific requests or to contact our Data Protection Officer, please email [email protected]. We will respond to GDPR-related requests within 30 days, which may be extended by an additional 60 days for complex or multiple requests, with prior notification to you.
15. Protection of Minors
The Service is not directed at individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 18. If you are under 18, you may not create an Account or use the Service.
In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13. If we become aware that we have inadvertently collected personal information from a child under 13 (or under 16 in the EEA/UK), we will take immediate steps to delete such information from our systems.
If you are a parent or guardian and believe that your child has provided personal information to AlphaVue, please contact us at [email protected] and we will promptly investigate and, if applicable, delete the information.
16. Third-Party Links and Services
The Service may contain links to or integrations with third-party websites, applications, and services that are not owned or controlled by AlphaVue. This Privacy Policy applies only to information collected by AlphaVue through the Service and does not apply to any third-party services.
We encourage you to review the privacy policies and terms of service of any third-party services before providing your personal information. AlphaVue is not responsible for the privacy practices, security measures, or content of any third-party services, even if they are linked to or integrated with the Service.
Our use of third-party service providers (including Stripe, Anthropic, OpenAI, and analytics providers) is governed by contracts that require these providers to protect your information and to use it only for the purposes for which it was disclosed.
17. Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, AlphaVue will notify affected users without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in compliance with the GDPR and other applicable data breach notification laws.
Breach notifications will include: (a) a description of the nature of the breach, including the categories and approximate number of individuals and records affected; (b) the name and contact details of our Data Protection Officer; (c) a description of the likely consequences of the breach; and (d) a description of the measures taken or proposed to address the breach and mitigate its effects.
We will also notify the relevant supervisory authorities as required by applicable law. If a breach is unlikely to result in a risk to your rights and freedoms, we may not provide individual notification but will document the breach internally. For security-related concerns, please contact us at [email protected].
18. Policy Changes
AlphaVue reserves the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes, we will update the "Last updated" date at the top of this Policy and provide notice through one or more of the following methods: email notification, in-app notification, or a prominent notice on the Service.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the revised Policy. If you do not agree with the changes, you should stop using the Service and may request deletion of your Account.
For material changes that significantly alter how we collect, use, or share your personal information, we will provide at least 30 days' advance notice before the changes take effect, giving you the opportunity to review the changes and exercise your rights.
19. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the following channels:
Privacy Inquiries: [email protected] | Data Protection Officer: [email protected] | General Support: [email protected] | Security Issues: [email protected] | Legal Inquiries: [email protected]
We are committed to resolving privacy concerns and will respond to your inquiries within the timeframes required by applicable law.