Privacy Policy

1. Introduction

FinCap Alpha ("we", "us", "our", or "Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using FinCap Alpha, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us:

• Account Information: Email address, password (hashed), and account preferences
• Subscription Information: Payment method details (processed by Stripe), billing address, subscription plan, and payment history
• Communications: Messages sent to our support team or feedback you provide

2.2 Automatically Collected Information

We automatically collect certain information when you use the Service:

• Usage Data: Pages visited, features used, search queries, filters applied, and time spent on the Service
• Device Information: IP address, browser type, device type, operating system, and device identifiers
• Log Data: Access times, error logs, and performance data
• Cookies and Tracking: Cookies, web beacons, and similar tracking technologies (see Section 7)

2.3 Public Congressional Data

We aggregate and display publicly available information about congressional stock trades. This data is derived from public disclosures required under the STOCK Act and is not considered your personal information.

3. How We Use Your Information

We use collected information for the following purposes:

• Service Provision: To provide, maintain, and improve the Service
• Account Management: To create and manage your account, process subscriptions, and handle billing
• Communication: To send service-related communications, respond to inquiries, and provide customer support
• Security: To detect, prevent, and address security issues, fraud, and unauthorized access
• Analytics: To analyze usage patterns, improve Service functionality, and develop new features
• Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights
• Marketing: To send promotional communications (you may opt out at any time)

4. How We Share Your Information

We do NOT sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service:

• Supabase: Database hosting, user authentication, and data storage
• Stripe: Payment processing and subscription management. FinCap Alpha does not store or have access to your full credit card numbers. Payment card data is transmitted directly to Stripe and never touches FinCap Alpha's servers. We retain only limited billing information such as subscription status and Stripe customer identifiers.
• Resend: Email delivery services for transactional notifications (account verification, password resets)
• Vercel: Hosting and infrastructure services
• Apify: Data aggregation services for congressional trading information

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Subpoenas, court orders, or legal process
• Government requests or investigations
• Enforcement of our Terms of Service
• Protection of our rights, property, or safety
• Prevention of fraud or security threats

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4.4 With Your Consent

We may share your information with your explicit consent or at your direction.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data in transit is encrypted using TLS/SSL protocols
• Secure Storage: Data at rest is stored in secure databases with access controls
• Authentication: Passwords are hashed using secure algorithms (never stored in plain text)
• Access Controls: Limited access to personal information on a need-to-know basis
• Regular Audits: Security assessments and vulnerability testing
• Monitoring: Continuous monitoring for security threats and unauthorized access

No Absolute Security: While we employ reasonable security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

Your Responsibility: You are responsible for maintaining the confidentiality of your account credentials. Notify us immediately of any unauthorized access.

6. Data Retention

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain security and prevent fraud

Account Deletion: When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

Backup Data: Deleted information may persist in backup systems for up to 90 days before permanent deletion.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your login session
• Remember your preferences
• Analyze Service usage and performance
• Improve user experience

Cookie Types:

• Essential Cookies: Required for Service functionality (cannot be disabled)
• Analytics Cookies: Help us understand how users interact with the Service
• Preference Cookies: Remember your settings and preferences

Cookie Retention: Essential cookies persist for the duration of your session or as needed for authentication. Analytics cookies may persist for up to 12 months.

Third-Party Cookies: We may use analytics services (such as Vercel Analytics) that set their own cookies. We do not use advertising or marketing cookies.

You can control cookies through your browser settings, but disabling cookies may limit Service functionality.

Do Not Track: We do not currently respond to "Do Not Track" (DNT) browser signals, as there is no uniform industry standard for DNT compliance.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 Access and Portability

You have the right to access your personal information and receive a copy in a portable format.

8.2 Correction

You can update your account information at any time through your account settings.

8.3 Deletion

You may request deletion of your account and personal information, subject to legal retention requirements.

8.4 Opt-Out

You can opt out of marketing emails by clicking unsubscribe links or adjusting your email preferences.

8.5 California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know what personal information is collected, used, and shared
• Right to request deletion of your personal information
• Right to opt-out of sale or sharing of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights
• Right to designate an authorized agent to make requests on your behalf

To submit a verifiable consumer request, email us at privacy@fincapalpha.com. We will respond within 45 days of receiving your request. We may need to verify your identity before processing the request.

8.6 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access, rectify, or erase your personal data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Legal Basis: We process your data based on: (1) contract performance (providing the Service), (2) legitimate interests (security, analytics), and (3) consent (marketing communications).

9. Children's Privacy

FinCap Alpha is not directed at children under the age of 13 and complies with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13. Additionally, the Service is intended only for users who are at least 18 years of age or the age of majority in their jurisdiction.

If we become aware that we have inadvertently collected information from a child under 13, we will delete such information immediately. If you believe we have collected information from a child, please contact us immediately at privacy@fincapalpha.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

Third-Party Services We Use:

• Stripe: Payment processing - Privacy Policy
• Supabase: Database and authentication - Privacy Policy
• Resend: Transactional email delivery - Privacy Policy

12. Email Communications

Transactional Emails: We send essential service emails that you cannot opt out of, including:

• Account verification emails
• Password reset requests
• Billing and subscription confirmations
• Security alerts
• Important service-related notices

Marketing Emails: You can opt out of promotional emails at any time by clicking unsubscribe links or adjusting your preferences in your account settings.

13. Data Breach Notification

In the event of a data breach that compromises the security of your personal information, we will:

• Notify affected users via email within 72 hours of becoming aware of the breach, where feasible
• Provide details about the nature of the breach and the types of information affected
• Describe the measures taken to address the breach and mitigate potential harm
• Provide guidance on steps you can take to protect yourself
• Notify relevant regulatory authorities as required by applicable law

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by:

• Email notification to your registered email address
• Prominent notice on the Service
• Updating the "Last Updated" date at the top of this page

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact us: