Skip to content

Privacy Policy

Last updated: March 25, 2026

This Privacy Policy explains how Vixr ("Vixr," "we," "us," or "our") collects, uses, shares, and protects personal information when you use our website, apps, and related services (collectively, the "Service").

This Privacy Policy is intended to satisfy applicable privacy notice requirements, including (where applicable) Articles 13 and 14 of the EU/UK General Data Protection Regulation ("GDPR/UK GDPR") and California privacy notice requirements.

If you do not agree with this Privacy Policy, please do not use the Service.

Controller

Vixr is the "controller" (or equivalent) of personal information processed under this Privacy Policy.

  • Legal entity name: VIXR AI INC
  • Registered address: 8 The Green, Ste R, Dover, DE 19901
  • Email: privacy@vixr.ai

If you are in the EEA/UK and we are not established there, we may appoint an EU/UK representative. If applicable:

  • EU Representative: Alex del Castillo, alex@vixr.ai
  • UK Representative: Polly Lambert, polly@vixr.ai

If we appoint a Data Protection Officer (DPO), we will provide their contact details here:

  • DPO: Alex del Castillo, alex@vixr.ai

Summary of what we collect and why

We collect information (1) to provide the Service you request, (2) to run our subscription billing and account security, (3) to improve the Service, and (4) to comply with legal obligations.

Information we collect

A. Information you provide directly

  1. Account and profile
  • Name (optional, if you choose to provide it)
  • Email address
  • Password or other authentication credential (stored in a hashed form)
  • Preferences and notification settings
  • Onboarding responses (if you provide them)
  1. Portfolio and watchlist data
  • Tickers, positions, transaction/position notes, watchlists, and other data you input into the Service
  1. Communications
  • Messages you send to us (e.g., support emails)
  • Feedback, survey responses, bug reports
  1. Subscription and billing (handled by our payment processor)
  • We use a third-party payment processor (e.g., Stripe) to process subscription payments.
  • We do not store your full payment card number. We may receive limited billing details such as subscription status, customer ID, payment history/receipts, and billing country.

B. Information collected automatically

When you use the Service, we may automatically collect:

  • Usage data (e.g., pages viewed, feature interactions, clicks)
  • Device and browser data (e.g., browser type, OS, screen resolution)
  • Network and log data (e.g., IP address, approximate location derived from IP such as country/region, referring URL)
  • Security and session data (e.g., login timestamps, session tokens, user agent) for fraud prevention and account protection

C. Information from third parties

  1. Google sign-in (OAuth) If you choose to sign in with Google, we receive information such as your name, email address, and profile picture from Google. We do not access your Google contacts or files.

  2. Service providers We receive certain data from our service providers needed to operate the Service, such as email delivery status from our email provider and subscription status from our payment provider.

How we use your information

We use personal information for the following purposes:

  1. Provide and operate the Service
  • Create and manage accounts
  • Provide features such as signals, research tools, portfolios, and watchlists
  • Provide personalization you request (e.g., surfacing signals relevant to tickers you track)
  1. Subscription billing and administration
  • Process payments
  • Manage renewal, cancellations, receipts, and subscription status
  • Prevent payment fraud
  1. Communications
  • Send service/transactional emails (e.g., verification, password reset, billing notices, security alerts)
  • Provide customer support and respond to requests
  1. Marketing (where permitted)
  • Send newsletters and product updates (e.g., daily/weekly emails) only when you opt in (or where another lawful basis applies under local law)
  • You can opt out at any time using the unsubscribe link or your account settings
  1. Analytics, product improvements, and debugging
  • Understand how the Service is used
  • Improve performance, reliability, and user experience
  1. Security, abuse prevention, and legal compliance
  • Detect, prevent, and investigate fraud, abuse, or security incidents
  • Enforce our Terms & Conditions
  • Comply with applicable laws and lawful requests

If GDPR/UK GDPR applies, we process your personal data only when we have a valid legal basis, including:

  • Contract necessity: to provide the Service and subscription features you request
  • Legitimate interests: to secure the Service, prevent fraud/abuse, and improve the Service (balanced against your rights)
  • Consent: for optional marketing (where required) and for optional analytics/cookies in certain jurisdictions
  • Legal obligations: for accounting, tax, and compliance obligations and to respond to lawful requests

Where we rely on consent, you may withdraw it at any time (and withdrawal will not affect processing already carried out before withdrawal). We will make withdrawal as easy as giving consent.

Cookies and similar technologies

We use cookies and similar technologies as described below. You can manage your preferences via the cookie consent banner shown on your first visit, or at any time via the "Cookie Preferences" link in the site footer.

1) Strictly necessary cookies

These cookies are essential for the Service to function. They cannot be disabled.

  • Session cookie — authenticates your logged-in session (set by Better Auth, expires when the session ends)
  • CSRF token — prevents cross-site request forgery attacks
  • Cookie consent preference (cookie-consent) — records your accept/decline choice (expires after 6 months)

2) Optional analytics cookies (require your consent)

With your consent, we use privacy-focused analytics tools to understand how the Service is used and to improve performance and user experience. These cookies are only set if you click "Accept" on the consent banner.

We currently use or may use the following analytics services:

  • Vercel Web Analytics — aggregated, privacy-friendly page view and performance metrics. Processed by Vercel Inc. (US). No personal identifiers are stored. See Vercel's privacy policy.

If we add additional analytics or measurement tools in the future, we will update this section and request your consent again where required.

We do not use:

  • Marketing or advertising cookies
  • Social media tracking pixels
  • Third-party cookies that track you across other websites

Withdrawing consent: You can withdraw or change your cookie consent at any time by clicking "Cookie Preferences" in the site footer. If you decline analytics cookies, no analytics data is collected and no analytics scripts are loaded.

Browser settings: You can also control cookies through your browser settings. Note that disabling strictly necessary cookies may prevent the Service from functioning correctly.

How we share information

We do not sell your personal information.

We share personal information only:

  • With service providers that process data on our behalf to operate the Service (processors/subprocessors), such as:
    • Hosting / content delivery and related infrastructure (e.g., Vercel)
    • Database hosting (e.g., Neon)
    • Payment processing (e.g., Stripe)
    • Email delivery (e.g., Resend)
    • Authentication providers (e.g., Google OAuth, if you choose it)
  • With authorities or others as required by law or legal process, or to protect rights, safety, and security
  • In connection with a corporate transaction (e.g., merger, acquisition, financing), where permitted by law and subject to appropriate protections

We require service providers to protect personal information and to process it only under our instructions and consistent with applicable law.

International transfers

Our service providers may process personal information in the United States and other countries.

If GDPR/UK GDPR applies and personal data is transferred outside the EEA/UK, we use appropriate safeguards, which may include:

  • Standard Contractual Clauses (SCCs) and, where appropriate, supplementary measures
  • Transfers to organizations participating in an approved adequacy mechanism (where applicable), such as the EU-U.S. Data Privacy Framework

You may request information about the relevant safeguards we use and how to obtain a copy by contacting us at privacy@vixr.ai.

Data retention

We keep personal information only as long as necessary for the purposes described in this Privacy Policy, including for legal, accounting, and security reasons.

Typical retention periods:

  • Account data (including portfolios/watchlists): retained while your account is active
  • After account deletion: we delete or de-identify account/portfolio/watchlist data within 30 days, unless we must retain certain information for legal or security purposes
  • Billing records: retained as required by applicable tax and financial regulations
  • Security logs: retained for a limited period necessary to protect the Service and investigate abuse
  • Backups: deleted/rotated within 90 days (subject to technical constraints)

Security

We implement reasonable technical and organizational security measures designed to protect personal information, such as:

  • Encryption in transit (TLS/HTTPS)
  • Access controls and least-privilege practices
  • Password hashing
  • Monitoring and rate limiting for abuse prevention

No system is 100% secure. You are responsible for keeping your account credentials confidential.

Data breach notification

In the event of a data breach that affects your personal information, we will notify affected users and applicable supervisory authorities as required by law. Where GDPR/UK GDPR applies, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where feasible). We will notify affected users without undue delay where the breach is likely to result in a high risk to their rights. For US users, we will comply with applicable state breach notification laws, including Delaware's breach notification requirements.

Your rights and choices

A. EEA/UK rights (GDPR/UK GDPR)

Depending on your location and the law that applies, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your personal data (in certain circumstances)
  • Restrict processing (in certain circumstances)
  • Object to processing (including objection to direct marketing at any time)
  • Data portability (in certain circumstances)
  • Withdraw consent (where consent is the legal basis)
  • Lodge a complaint with a supervisory authority

We will respond to verified requests within the timeframes required by law (generally within one month, with possible extensions in certain cases).

B. California privacy rights (if applicable)

If you are a California resident and the CCPA/CPRA applies to our processing, you may have rights to:

  • Know what personal information we collect, use, disclose, and (if applicable) sell/share
  • Request deletion of personal information (subject to exceptions)
  • Correct inaccurate personal information
  • Opt out of the "sale" or "sharing" of personal information (if we engage in such activities)
  • Limit certain uses/disclosures of "sensitive personal information" (if applicable)
  • Not be discriminated against for exercising your rights

We do not sell your personal information. If our practices change, we will update this policy and provide required opt-out mechanisms.

To exercise privacy rights, contact privacy@vixr.ai. We may need to verify your identity before fulfilling your request.

C. Marketing preferences

You can opt out of marketing emails at any time:

  • Via the unsubscribe link in the email
  • Through your account settings (if available)

You may still receive non-marketing service emails (e.g., billing and security notifications).

Automated processing and profiling

We use automated systems (including AI models) to generate analytics and trading-intelligence outputs, and we may personalize certain outputs using information you provide (such as tickers in your portfolio/watchlist).

We do not use solely automated decision-making that produces legal effects or similarly significant effects about you within the meaning of GDPR Article 22. If this changes, we will update this Privacy Policy and provide any required information and choices.

Children

The Service is not intended for minors. We do not knowingly collect personal information from children. If you believe a minor has provided us personal information, contact us and we will take appropriate steps to delete it.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice (e.g., by email or in-product notice). The "Last updated" date indicates when the policy was last revised.

Contact

Questions or requests regarding privacy: privacy@vixr.ai

For terms governing use of the Service, see our Terms & Conditions. For trading-specific risk information, see our Disclosures.