Your Privacy Matters: This Privacy Policy explains how Fineduca ("we," "us," or "our") collects, uses, and protects your personal information in compliance with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.
1. Data Controller
Fineduca is the data controller responsible for your personal data. For any privacy-related inquiries, please visit our Contact Page.
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, username, password (encrypted)
- Profile Information: Any additional information you choose to provide
- Payment Information: Processed securely by Stripe (we do not store credit card details)
- User Content: Watchlists, portfolio data, search queries, and saved preferences
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent, interaction data
- Device Information: IP address, browser type, operating system, device identifiers
- Cookies: Session cookies, preference cookies (see Cookie Policy below)
3. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
- Contractual Necessity: To provide our services as per our Terms of Service
- Legitimate Interest: To improve our services, prevent fraud, and ensure security
- Consent: For marketing communications (you can withdraw consent anytime)
- Legal Obligation: To comply with applicable laws and regulations
4. How We Use Your Information
- Provide, maintain, and improve our stock analysis services
- Process payments and manage subscriptions
- Send important service updates and notifications
- Respond to your inquiries and support requests
- Detect and prevent fraud, abuse, and security incidents
- Analyze usage patterns to improve user experience
- Send marketing communications (only with your consent)
- Comply with legal obligations and enforce our Terms
5. Data Sharing and Disclosure
We do not sell your personal data. We may share your information with:
5.1 Service Providers
- Stripe: Payment processing (PCI-DSS compliant)
- OpenAI: AI-powered analysis features (anonymized queries)
- Hosting Providers: Railway, Cloudflare Workers (data storage and delivery)
- Email Services: SendGrid (transactional emails only)
5.2 Legal Requirements
We may disclose your information if required by law, court order, or to protect our rights, safety, or property.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
6. Your Rights (GDPR)
Under GDPR, EU users have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for marketing or optional processing
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise your rights, please visit our Contact Page
7. Data Retention
- Active Accounts: We retain your data while your account is active
- Deleted Accounts: Data is permanently deleted within 30 days of account deletion
- Legal Requirements: Some data may be retained longer to comply with legal obligations (e.g., tax records for 7 years)
- Anonymized Data: We may retain anonymized analytics data indefinitely
8. International Data Transfers
Your data may be transferred and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:
- EU Standard Contractual Clauses (SCCs) with service providers
- Data Processing Agreements (DPAs) with GDPR-compliant terms
- Privacy Shield or equivalent frameworks (where applicable)
9. Cookies and Tracking
9.1 Types of Cookies We Use
- Essential Cookies: Required for authentication and core functionality
- Preference Cookies: Remember your settings (e.g., dark mode)
- Analytics Cookies: Help us understand usage patterns (anonymized)
9.2 Your Cookie Choices
You can control cookies through your browser settings. Note that disabling essential cookies may affect functionality.
10. Security
We implement industry-standard security measures:
- Password encryption (bcrypt hashing)
- HTTPS encryption for all data transmission
- Secure session management
- Regular security audits and updates
- Access controls and monitoring
No system is 100% secure. We cannot guarantee absolute security, but we take all reasonable precautions.
11. Children's Privacy
Fineduca is not intended for users under 16 years of age. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use after changes constitutes acceptance.
13. Contact Us
For privacy questions, requests, or complaints, please use our Contact Form.
All communications regarding privacy, data protection, and user rights should be submitted through our official contact page to ensure proper handling and response.
Business Location: Limassol, Cyprus
EU Representative: If you are located in the EU and have concerns about our data practices, you have the right to lodge a complaint with your local supervisory authority.