Privacy Policy

1. Scope

This Privacy Policy applies to personal information we collect:

• through the Service;
• when you create an account or subscribe;
• when you communicate with us;
• when you sign up for emails, newsletters, or product updates;
• when you interact with our content, alerts, dashboards, or educational materials.

This Privacy Policy does not apply to third-party websites, products, brokers, or services that are not controlled by ArcAlpha, even if they are linked from or integrated with the Service. Those third parties have their own privacy policies and practices which we recommend you to review before using such third-party resources.

2. What We Collect

Depending on how you use the Service, we may collect the following categories of personal information.

A. Identifiers and Contact Information

• name or display name;
• email address;
• username;
• account ID or subscription ID;
• billing address or mailing address, if provided.

B. Account and Subscription Information

• login credentials and authentication information;
• account settings and preferences;
• subscription tier, status, renewal dates, and billing history;
• customer support history.

C. Device, Internet, and Usage Information

• IP address;
• browser type and version;
• device type, device identifiers, operating system, and language settings;
• pages viewed, links clicked, referring pages, session activity, timestamps, and interaction logs;
• cookies, pixels, SDKs, local storage, and similar technologies;
• approximate location inferred from IP address.

D. User-Provided Content and Communications

• messages sent to us;
• support requests and correspondence;
• responses to surveys, feedback forms, waitlists, or beta signups;
• content you choose to submit through the Service.

E. Market-Interaction and Preference Information

• watchlists;
• saved filters;
• dashboard preferences;
• content or alert preferences;
• newsletter or communication preferences.

F. Transaction and Payment Information

If you purchase a subscription, we and our payment processor may collect transaction and billing information, such as:

• plan selected;
• billing interval;
• payment status;
• limited payment-related metadata.

We do not store full payment card numbers ourselves. Payment information is typically processed by our PCI-compliant third-party payment processor.

H. Inferences

We may derive limited inferences from usage and preference data, such as engagement preferences, likely content interests, or product usage patterns. We do not use those inferences to provide personalized investment advice.

We collect and process personal information only to the extent reasonably necessary and proportionate to provide and improve the Service.

3. Sources of Personal Information

We collect personal information from the following sources:

• directly from you;
• automatically from your browser or device when you use the Service;
• from our service providers, such as hosting, analytics, communications, billing, or customer-support vendors;
• from third-party connectivity providers, if you authorize an account connection and that feature is enabled; and
• from third-party sources that help us maintain, secure, and improve the Service.

4. How We Use Personal Information

We use personal information for the following business and commercial purposes:

To provide and operate the Service

• create and maintain accounts;
• authenticate users;
• provide dashboards, alerts, newsletters, content, and support;
• process subscriptions and transactions.

To personalize the user experience in a non-advisory manner

• save preferences, filters, watchlists, and content settings;
• display your selected views and account settings;
• improve navigation and usability.

To communicate with you

• send service messages, confirmations, billing notices, legal notices, and security alerts;
• send newsletters, product updates, and marketing communications where permitted by law.

To maintain, secure, and improve the Service

• monitor performance and stability;
• detect bugs, errors, fraud, abuse, and security incidents;
• troubleshoot and debug technical issues;
• analyze aggregate usage and trends.

To comply with law and protect rights

• comply with legal obligations;
• enforce our Terms of Use and other policies;
• respond to lawful requests and defend legal claims.

To support business operations

• maintain records;
• conduct audits, reporting, and internal administration;
• evaluate and improve product features and documentation.

We do not use personal information to provide personalized investment advice or recommendations, determine suitability, or act as your investment adviser.

5. Cookies and Similar Technologies

We may use cookies, pixels, local storage, SDKs, web beacons, and similar technologies to:

• keep you logged in;
• remember account preferences and settings;
• understand how users navigate and use the Service;
• measure our performance and improve functionality;
• support platform security and fraud prevention; and
• support communications, analytics, and, if enabled, certain marketing functions.

You can usually control cookies through your browser settings. Some browsers also permit blocking or deleting cookies. Blocking certain cookies may affect functionality of the Service.

Do Not Track

Some browsers offer a “Do Not Track” (“DNT”) setting. At this time, there is no universally accepted DNT standard, and we may not respond to DNT signals in a uniform manner. We may, however, honor other legally required privacy preference signals where applicable, such as browser-based opt-out signals when required by state law. Where required by applicable law, including the California Consumer Privacy Act (as amended by the California Privacy Rights Act), the Colorado Privacy Act, the Connecticut Data Privacy Act, and similar state laws, we treat a recognized Global Privacy Control (GPC) signal as a valid request to opt out of the “sale” or “sharing” of personal information and out of targeted advertising for the browser or device from which the signal is received.

6. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients:

A. Service Providers and Processors

We may disclose personal information to vendors and service providers that perform services on our behalf, such as:

• hosting and cloud infrastructure;
• analytics providers;
• email and communications platforms;
• customer-support tools;
• payment processors (such as Stripe, which processes subscription billing on a PCI-compliant basis; ArcAlpha does not store full payment card numbers);
• security and fraud-prevention vendors;
• engineering and development tools; and
• authentication service providers (such as Clerk, which manages account creation, session management, passkey and OAuth sign-in, and stores related authentication credentials on ArcAlpha's behalf).

These parties are permitted to process personal information only as needed to provide services to us or as otherwise permitted by law.

C. Professional Advisers and Transaction Counterparties

We may disclose personal information to lawyers, auditors, consultants, insurers, financing sources, or counterparties in connection with corporate transactions or professional services.

D. Legal and Safety Disclosures

We may disclose personal information when reasonably necessary to:

• comply with law, regulation, legal process, or lawful request;
• protect the rights, safety, and security of ArcAlpha, our users, or others;
• detect, prevent, or respond to fraud, abuse, security incidents, or illegal activity.

E. Corporate Transactions

We may disclose personal information in connection with an actual or proposed merger, acquisition, financing, reorganization, bankruptcy, asset sale, or similar transaction.

7. Sale, Sharing, and Targeted Advertising Disclosures

We do not sell personal information for monetary consideration.

If we use cookies, pixels, or similar technologies in a way that is considered “sharing” for cross-context behavioral advertising or “targeted advertising” under applicable state privacy law, we will provide any notices and opt-out rights required by law.

We do not sell personal information for monetary consideration. If we engage in any practice that constitutes “sharing” for cross-context behavioral advertising or targeted advertising under applicable law, we will provide any notices and opt-out rights required by law.

8. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including:

• to provide the Service;
• to maintain user accounts and subscriptions;
• to comply with legal, tax, accounting, and recordkeeping obligations;
• to resolve disputes and enforce agreements; and
• to maintain security and business continuity.

Retention periods are determined based on the type of information and the reason it was collected, and may vary depending on account activity, legal obligations, dispute resolution needs, and operational requirements.

9. Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction.

No internet-based service is completely secure. We cannot guarantee absolute security. You are responsible for safeguarding your login credentials and using secure devices and networks.

In the event of a security incident or unauthorized acquisition of unencrypted personal information that is reasonably likely to result in identifiable harm, we will provide notice to affected individuals and applicable regulators in the manner and within the timeframes required by applicable federal and state breach-notification laws.

10. Children's Privacy

The Service is intended only for users who are at least 18 years old, and we do not knowingly permit persons under 18 to create accounts or use the Service.

We also do not knowingly collect personal information online from children under 13 without legally required consent. If you believe that a child under 13 has provided personal information to us, please contact us at privacy@arcalpha.io, and we will take appropriate steps to address the issue.

If we learn that a person under 18 has created an account or provided personal information in violation of our policies, we may suspend or terminate the account and delete the associated information, subject to applicable law.

11. Your Privacy Rights

Depending on where you live, you may have privacy rights under applicable law, subject to exceptions and verification requirements. These may include the right to:

• know what personal information we collect, use, disclose, sell, or share;
• access specific pieces of personal information;
• request deletion of personal information;
• request correction of inaccurate personal information;
• opt out of sale, sharing, or targeted advertising, where applicable;
• limit certain uses of sensitive personal information, where applicable;
• appeal a denial of a privacy-rights request, where applicable; and
• not receive unlawful discriminatory treatment for exercising privacy rights.

To exercise a privacy request, contact us at:

Email: privacy@arcalpha.io

We may need to verify your identity before processing a request. We may deny or limit requests where permitted by law.

You may also authorize an agent to submit certain requests on your behalf. Authorized agents submitting requests on your behalf must provide written permission signed by you and verify their identity with us, or provide proof of power of attorney as permitted by applicable law.

12. California Privacy Notice

This section applies to California residents to the extent California law applies.

California law requires certain disclosures, including the categories of personal information collected, the sources of that information, the purposes for collecting, using, or disclosing it, and whether personal information is sold or shared. This Privacy Policy is intended to serve as that notice. California's online privacy-policy statute also requires operators of commercial websites and online services that collect personally identifiable information from California consumers to post a conspicuous privacy policy.

Categories of Personal Information Collected

In the last 12 months, ArcAlpha may have collected the categories described in Section 2 above, including:

• identifiers and contact information;
• account and subscription information;
• internet / network activity and device data;
• communications and customer-support data;
• preference and watchlist data;
• transaction metadata;
• inferences drawn from usage or preference data.

Purposes

We collect and use those categories for the purposes described in Section 4.

Disclosure for Business Purposes

We may disclose those categories to the categories of recipients described in Section 6 for business purposes.

Sale / Sharing

We do not sell personal information for monetary consideration. If we engage in any practice that constitutes “sharing” for cross-context behavioral advertising under California law, we will provide required notices and opt-out mechanisms.

Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes other than those permitted by applicable law, unless we specifically disclose otherwise. Sensitive personal information may include account log-in credentials in combination with passwords or security questions that permit access to an account. We use such information only for the purposes permitted under Cal. Civ. Code § 1798.121 and other applicable law (including providing the Service, ensuring security and integrity, and preventing fraud), and not for purposes of inferring characteristics about consumers. To the extent California law provides a right to limit the use of sensitive personal information, you may exercise that right using the contact methods in Section 11.

ArcAlpha does not knowingly collect or process precise user geolocation, financial account credentials, government identifiers, or other user data defined as sensitive under applicable law.

California Requests

California residents may submit requests to know, delete, and correct personal information, and may exercise other California rights, using the contact methods in Section 11.

13. U.S. State Privacy Rights

Residents of certain U.S. states may have additional rights under applicable privacy laws, including rights to access, delete, correct, opt out of targeted advertising, opt out of certain profiling, and appeal decisions on requests. We will process requests as required by applicable law. These rights may be available, subject to applicable thresholds and exceptions, to residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia, and to residents of any other state whose privacy law applies to ArcAlpha. We will respond to verified requests within the timeframes prescribed by the applicable law (generally 45 days, subject to one permitted extension). Where applicable, we honor opt-out preference signals (such as the Global Privacy Control) as described in Section 5.

If your state law provides an appeal right and we deny your request, we will tell you how to appeal.

14. International Users

ArcAlpha is based in the United States. If you access the Service from outside the United States, your personal information may be transferred to, processed in, or stored in the United States or other jurisdictions that may not provide the same level of data protection as your home jurisdiction.

By using the Service where permitted by law, you understand that your information may be processed in the United States. Where personal information of individuals located in the European Economic Area, the United Kingdom, or Switzerland is transferred to the United States or another country that has not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum, where applicable), to legitimize the transfer. A copy of the relevant safeguards may be requested by emailing privacy@arcalpha.io.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required by law, such as by posting the updated policy, updating the “Last Updated” date, or providing in-product or email notice where appropriate.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise privacy rights, contact us at: