Privacy Policy

1. Introduction

DailyFinz AI ("we," "us," "our," or the "Company") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website dailyfinz.com (the "Site") and use our services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Site or use our Services.

DailyFinz AI operates globally and is committed to complying with applicable data protection laws in all jurisdictions where we operate, including but not limited to the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA), the Act on the Protection of Personal Information (APPI) in Japan, the Personal Information Protection Act (PIPA) in South Korea, the Privacy Act 1988 in Australia, and the Privacy Act 2020 in New Zealand.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when using our Services:

• Account Information: Email address, name, and password when you create an account or subscribe to our newsletter.
• Communication Data: Information you provide when contacting us, including your name, email address, and message content.
• Preferences: Your newsletter preferences, including selected sectors, stocks, and frequency of communications.
• Feedback: Any feedback, comments, or suggestions you provide about our Services.

2.2 Information Collected Automatically

When you access our Services, we automatically collect certain information:

• Device Information: Device type, operating system, browser type, unique device identifiers, and mobile network information.
• Log Data: IP address, access times, pages viewed, referring URL, and actions taken on our Site.
• Usage Information: How you interact with our Services, including features used, articles read, and time spent on pages.
• Location Data: General geographic location based on your IP address (country and city level only).

2.3 Information from Third Parties

We may receive information from third-party sources:

• Analytics Providers: Aggregated analytics data from services like Google Analytics.
• Financial Data Providers: Market data from Polygon.io, Finnhub, and other financial data providers (not personal data).

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our Services, including generating AI-powered market insights and sending newsletters.
• Personalization: To personalize your experience by showing relevant content based on your preferences and interests.
• Communication: To send you newsletters, updates, and promotional materials (with your consent where required).
• Analytics: To understand how users interact with our Services and to improve functionality and user experience.
• Security: To detect, prevent, and address technical issues, fraud, and security threats.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Business Operations: To support our legitimate business interests, including billing, customer support, and service optimization.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process personal data based on the following legal grounds under the GDPR:

• Consent: Where you have given explicit consent for specific processing activities, such as receiving marketing communications.
• Contract Performance: Where processing is necessary to fulfill our contractual obligations to you, such as providing the Services you subscribed to.
• Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our Services, provided these interests do not override your fundamental rights.
• Legal Obligation: Where processing is necessary to comply with legal obligations to which we are subject.

You have the right to withdraw consent at any time where we rely on consent to process your personal data. This will not affect the lawfulness of processing conducted prior to withdrawal.

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

We share data with third-party service providers who perform services on our behalf, including:

• Cloud hosting providers (e.g., Vercel, AWS)
• Email delivery services (e.g., SendGrid, Mailgun)
• Analytics providers (e.g., Google Analytics, Vercel Analytics)
• AI/ML providers (e.g., OpenAI, Anthropic) for generating insights

These providers are contractually obligated to protect your data and may only use it for the specific purposes for which it was shared.

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal process (subpoenas, court orders, or government requests)
• Protection of our rights, privacy, safety, or property
• Enforcement of our Terms of Service
• Protection against legal liability

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Site of any change in ownership or uses of your personal information.

5.4 No Sale of Personal Data

We do not sell your personal information. We do not rent, trade, or otherwise monetize your personal data to third parties for their marketing purposes.

6. International Data Transfers

DailyFinz AI operates globally, and your information may be transferred to and processed in countries other than your country of residence, including the United States.

6.1 Transfers from the EEA/UK

When we transfer personal data from the EEA or UK to countries not deemed to provide an adequate level of data protection, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules where applicable
• Adequacy decisions for transfers to countries recognized as providing adequate protection

6.2 Transfers from Other Jurisdictions

For transfers from Japan, South Korea, Australia, and New Zealand, we comply with applicable cross-border data transfer requirements, including obtaining appropriate consents or implementing necessary contractual protections as required by local law.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

• Account Data: Retained while your account is active and for 3 years after account closure.
• Newsletter Subscriptions: Retained until you unsubscribe, plus 1 year for record-keeping.
• Contact Inquiries: Retained for 2 years from the date of inquiry.
• Analytics Data: Aggregated and anonymized data may be retained indefinitely.
• Legal Requirements: Data may be retained longer if required by law or for legal proceedings.

When personal data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3.
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
• Infrastructure Security: We use enterprise-grade hosting with SOC 2 Type II certified providers.
• Regular Audits: We conduct regular security assessments and penetration testing.
• Incident Response: We maintain incident response procedures to address any data breaches promptly.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Request limitation of how we process your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw previously given consent at any time.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

To exercise any of these rights, please contact us at privacy@dailyfinz.com. We will respond to your request within the timeframe required by applicable law (typically 30 days).

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information:

10.1 Types of Cookies We Use

• Essential Cookies: Necessary for the Site to function properly. Cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our Site.
• Preference Cookies: Remember your settings and preferences.
• Marketing Cookies: Used to deliver relevant advertisements (only with consent).

10.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling cookies may affect the functionality of our Site.

For users in the EU/UK, we obtain consent before placing non-essential cookies. You can manage your preferences through our cookie consent banner.

10.3 Do Not Track

We currently do not respond to "Do Not Track" browser signals. However, we honor opt-out requests through our cookie consent mechanism.

11. Children's Privacy

Our Services are not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@dailyfinz.com.

12. Jurisdiction-Specific Provisions

12.1 United States

California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights:

• Right to Know: Request disclosure of personal information collected, used, and shared in the past 12 months.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information. Note: We do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: Limit our use of sensitive personal information.

Categories of personal information collected include identifiers, commercial information, internet activity, and geolocation data. We collect this information for the business purposes described in Section 3.

To exercise your rights, contact us or submit a request through our privacy portal. We may need to verify your identity before processing your request.

Virginia, Colorado, Connecticut, Utah Residents

Residents of these states have rights similar to California residents under respective state privacy laws. Please contact us to exercise these rights.

12.2 European Economic Area and United Kingdom (GDPR/UK GDPR)

If you are located in the EEA or UK, the following provisions apply:

• Data Controller: DailyFinz AI is the data controller for your personal data.
• Legal Basis: We process data based on consent, contract, legitimate interests, or legal obligation (see Section 4).
• Data Protection Officer: For privacy inquiries, contact our DPO at dpo@dailyfinz.com.
• Supervisory Authority: You have the right to lodge a complaint with your local supervisory authority.
• Transfers: See Section 6 for information about international data transfers.

UK Representative: For UK data subjects, our representative can be contacted at our London office.

EU Representative: For EEA data subjects, our representative can be contacted via eu-privacy@dailyfinz.com.

12.3 Japan (APPI)

If you are located in Japan, the following provisions apply under the Act on the Protection of Personal Information:

• Purpose of Use: We use your personal information for the purposes described in Section 3.
• Third-Party Provision: We may provide personal information to third parties as described in Section 5, with appropriate contractual protections.
• Cross-Border Transfer: When transferring data outside Japan, we ensure the receiving country provides adequate protection or implement appropriate safeguards.
• Rights: You have the right to request disclosure, correction, cessation of use, and deletion of your personal information.
• Opt-Out: You may opt out of receiving marketing communications at any time.

Contact for Japan-specific inquiries: japan-privacy@dailyfinz.com

12.4 South Korea (PIPA)

If you are located in South Korea, the following provisions apply under the Personal Information Protection Act:

• Collection and Use: We collect and use personal information with your consent for the purposes described in this Policy.
• Third-Party Provision: We obtain consent before providing personal information to third parties, except as required by law.
• Overseas Transfer: We notify you of overseas transfers and obtain consent where required.
• Retention: We retain personal information only for as long as necessary and securely destroy it thereafter.
• Rights: You have the right to access, correct, delete, and suspend processing of your personal information.
• Personal Information Manager: Our designated manager can be reached at korea-privacy@dailyfinz.com.

12.5 Australia (Privacy Act 1988)

If you are located in Australia, the following provisions apply:

• Australian Privacy Principles (APPs): We comply with the APPs as set out in the Privacy Act 1988 (Cth).
• Collection: We only collect personal information that is reasonably necessary for our functions.
• Disclosure: We will not disclose personal information to overseas recipients unless they are subject to similar privacy obligations.
• Access and Correction: You may request access to and correction of your personal information held by us.
• Complaints: If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC).

Contact for Australia-specific inquiries: au-privacy@dailyfinz.com

12.6 New Zealand (Privacy Act 2020)

If you are located in New Zealand, the following provisions apply:

• Information Privacy Principles (IPPs): We comply with the IPPs under the Privacy Act 2020.
• Purpose Limitation: We only collect personal information for lawful purposes connected to our functions.
• Cross-Border Disclosure: Before disclosing personal information overseas, we ensure comparable privacy protections are in place.
• Access and Correction: You have the right to access and request correction of your personal information.
• Complaints: You may lodge a complaint with the Office of the Privacy Commissioner if you believe we have breached your privacy.
• Mandatory Breach Notification: We will notify affected individuals and the Privacy Commissioner of notifiable privacy breaches.

Contact for New Zealand-specific inquiries: nz-privacy@dailyfinz.com

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Policy
• Notify you via email (if you are a subscriber)
• Post a prominent notice on our Site

We encourage you to review this Policy periodically to stay informed about how we protect your information. Your continued use of our Services after changes are posted constitutes your acceptance of the updated Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: