Last Updated: June 17, 2025

​

Stockminds ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our Software as a Service (SaaS) platform, which provides information to improve trading and investing results (the "Service"). By using the Service, you agree to the practices described in this policy.

​

1. Information We Collect

We collect the following types of information:

• Personal Information Provided by You:

  • Authentication Data: When you sign up or log in via Auth0, we collect your email address, and username.

  • Payment Information: When you subscribe to our Service, our payment processor, Stripe, collects and processes payment details (e.g., credit card information). We do not store this information directly but may access transaction details (e.g., transaction ID, subscription status).

• Automatically Collected Information:

  • Usage Data: We collect data about your interactions with the Service, such as features used, login times, logout times, trading data accessed and requested trading data.

  • Device and Log Data: We collect information like your IP address, browser type, device type, and operating system for analytics and security purposes.

• Information from Third Parties:

  • We may receive information from third-party services like Auth0 (e.g., authentication tokens) or Stripe (e.g., payment confirmation) to provide the Service.

​

2. How We Use Your Information

We use your information to:

• Provide and improve the Service, including delivering personalized trading and investing insights, and developing new features to improve the information provided by the Service.

• Process payments and manage subscriptions via Stripe.

• Authenticate users and secure accounts via Auth0.

• Analyze usage to enhance user experience and optimize the Service.

• Communicate with you, including sending service updates or responding to inquiries.

• Comply with legal obligations, such as tax or financial regulations.

​

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Service Providers:

  • Auth0: For user authentication and account management.

  • Stripe: For payment processing.

• Legal Compliance: We may share data to comply with legal obligations, respond to legal processes, or protect our rights.

• Business Transfers: If our business is sold or merged, your information may be transferred to the new owner, subject to this policy.

​

4. Data Security

We implement reasonable security measures to protect your data from unauthorized access, disclosure, or loss. These measures include:

• Encrypted Data Transmission: We use Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to encrypt data transmitted between your device and our servers, ensuring secure communication for login credentials and other sensitive information.

• Data Encryption at Rest: We encrypt data stored on our servers, such as user profiles and trading preferences, using industry-standard encryption methods like AES-256 to prevent unauthorized access.

• Secure Authentication: User authentication is managed by Auth0, which employs secure protocols like OAuth 2.0, password hashing, and session management to protect your login credentials.

• Payment Security: Payment information is processed and stored by Stripe, a PCI DSS-compliant provider, using end-to-end encryption to secure your financial data.

• Access Controls: We use strict access controls, including multi-factor authentication (MFA) and role-based permissions, to limit access to sensitive data to authorized personnel only.

• Regular Security Updates: We maintain and update our software, including the application and its dependencies, to address security vulnerabilities and ensure a secure environment.

• Data Backups: We perform regular backups of user data to secure locations, enabling recovery in case of data loss or system incidents.

• Monitoring and Logging: We monitor system activity and maintain logs to detect and respond to potential security threats promptly, while respecting user privacy.

Despite these measures, no system is completely secure, and we cannot guarantee absolute security. We are committed to continuously improving our security practices to protect your data.

​

5. Data Retention and Deletion

We retain your personal information only as long as necessary to provide the Service, fulfill our legal obligations, and support legitimate business purposes. Specific retention periods include:

• Authentication Data: We retain your email address, name, and other authentication data collected via Auth0 while your account is active. Upon account deletion, we retain this data for 30 days to allow reactivation, unless required longer for tax or legal purposes (e.g., linked to transactions, retained for 6 years).

• Transaction Data: Payment-related data, such as transaction IDs and subscription details processed by Stripe, is retained for 6 years from the end of the fiscal year in which the transaction occurred, as required for tax purposes.

• User Profile and Trading Preferences: Data you provide, such as trading goals or investment preferences, is retained while your account is active and for 30 days after deletion to facilitate reactivation. If linked to transactions, this data may be retained for 6 years for tax purposes.

• Usage and Analytics Data: Usage data, such as pages visited or features used, is retained for 24 months unless anonymized, in which case it may be kept indefinitely for business insights.

• Customer Support Data: Support communications, such as emails or tickets, are retained for 3 years after resolution to address disputes or improve service quality, unless tied to transactions (then 6 years).

• Backup Data: Backups of our systems are retained for 90 days. Personal data is removed from backups within 30 days of an account deletion request.

Upon account deletion or your request, we will securely delete your personal information from our systems within 30 days, except where retention is required by law (e.g., tax records) or for anonymized analytics. To request deletion, contact us at stockminds@stockminds.world.  We coordinate with third parties, such as Auth0 and Stripe, to ensure your data is deleted from their systems where applicable, subject to their retention policies.

​

6. Your Rights

Depending on your location, you may have rights to:

• Access, correct, or delete your personal information.

• Object to or restrict certain data processing.

• Request data portability.

• Opt out of marketing communications.

To exercise these rights, contact us at stockminds@stockminds.world. We will respond within 30 days, per GDPR/CCPA.

​

7. Third-Party Services

The Service integrates with third-party providers:

• Auth0: Governed by Auth0’s Privacy Policy (https://auth0.com/docs/secure/data-privacy-and-compliance).

• Stripe: Governed by Stripe’s Privacy Policy (https://stripe.com/en-ca/privacy).

​

8. International Data Transfers

Your data may be transferred to and stored in the United States, where Auth0/Stripe servers are located as well as other regions where our service providers maintain data centers. We ensure compliance with applicable data protection laws, such as GDPR for European users and PIPEDA for Canadian users, through the following safeguards:

• Adequacy Decision for Canada: For data transfers to Canada, we rely on the European Commission’s adequacy decision recognizing Canada’s data protection laws as equivalent to GDPR standards.

• Standard Contractual Clauses (SCCs): For transfers to jurisdictions without an adequacy decision, such as the United States, we use Standard Contractual Clauses approved by the European Commission to ensure your data is protected to GDPR standards.

• Encryption: We encrypt all data during transfer using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and store data with industry-standard encryption, such as AES-256, to protect it across borders.

We take reasonable steps to ensure your data is protected during international transfers, consistent with applicable legal requirements.

​

9. Children’s Privacy

Our Service is not intended for users under 18 years of age, as it provides trading and investing information intended for adults capable of entering financial agreements. In certain jurisdictions, such as Canada, the minimum age may be 19 to align with the legal age of majority for contractual purposes. We do not knowingly collect personal information from individuals under these age thresholds. If we learn that we have collected personal data from a user below the applicable age limit, we will promptly delete it. To report concerns about underage data collection, contact us at stockminds@stockminds.world.

​

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or in-app notifications. Your continued use of the Service constitutes acceptance of the updated policy.

​

11. Contact Us

For questions or concerns, contact us at stockminds@stockminds.world.