Privacy Policy

We collect the following categories of information, depending on how you interact with the Service:

• ›Account & communications: email, name, password hash, phone number (e.g., for security/2FA), plan/status, country, communication preferences; support tickets/feedback.
• ›Voice & transcripts (push‑to‑talk only): microphone input is processed only while you hold push‑to‑talk. We do not store audio. Where appropriate, we may store the text transcript produced from speech‑to‑text, along with the corresponding Outputs.
• ›Chats, prompts & Outputs: text prompts, certain chats, and Outputs (including tags such as tickers/instruments) may be stored to provide history/context, cache responses for performance, and improve the Service.
• ›Optional Memory: small, structured notes to personalize responses (e.g., watchlist preferences). Memory is optional and can be cleared at any time.
• ›Usage & telemetry (metadata): timestamps and creation dates, request/response IDs, input token counts, usage and activity levels, performance metrics, device/OS details, and crash logs. Production logs are designed to avoid full chat/transcript content.
• ›Website & analytics: IP address (which may be truncated/hashed), device/browser data, pages/events, consent status, and cookie/local‑storage identifiers.
• ›Billing & tax (if applicable): subscription identifiers, billing country, tax/VAT information, invoice metadata. We do not store card details; we do not directly handle payment.
• ›Special categories: we do not seek sensitive categories (e.g., health, biometrics). Do not submit such data.

• ›Provide and operate the Service (Contract): transcribe push‑to‑talk speech to text (no audio storage); generate Outputs; account setup/authentication; customer support. Necessity: without identifiers (e.g., email) or transcripts/chats, core features cannot function; declining mic permission disables voice features.
• ›Maintain security, prevent abuse, and ensure quality (Legitimate Interests; Legal obligation where applicable): monitoring usage, activity levels, and input tokens; rate‑limiting; fraud/abuse prevention; diagnostics/debugging; legal compliance and tax/accounting. Necessity: essential to protect users and infrastructure.
• ›Improve models and features; caching for performance (Legitimate Interests with right to object / opt‑out): use certain chats and related metadata to enhance relevance, reduce errors, improve retrieval/summarization; cache prior interactions to reduce latency. Control: you may opt‑out of the use of your chats for improvement without losing access (see Section 5).
• ›Analytics and product decisions (Consent where required; otherwise Legitimate Interests for strictly necessary measurement): aggregate usage and funnel metrics; service planning. Control: in the UK/EU, non‑essential analytics run only after consent; you can decline without losing access.
• ›Communications (Contract/Legitimate Interests; Consent for marketing where required): account, security, and service notices; optional product emails with opt‑out. Necessity: accurate contact details are needed to deliver critical communications.
• ›Consequences of refusal: if you do not provide required data (e.g., email), we cannot create your account; if you decline mic permission, voice features will not function; if you decline analytics cookies, the site/app still runs; if you object/opt‑out of improvement, we exclude your chats from improvement processes.

• ›Recipients (categories): service providers acting on our behalf and under our instructions, limited to what they need to perform—speech‑to‑text; AI model; market‑data; hosting & infrastructure; analytics (consent‑gated where required); email delivery; payments.
• ›Data minimization & safeguards: we share only data relevant to the provider's task, require confidentiality, security, and deletion on termination, and prohibit use for unrelated purposes.
• ›International transfers: where data leaves your region (for example, to the United States), we implement appropriate safeguards such as the EU Standard Contractual Clauses and, for the UK, the UK Addendum/IDTA, or rely on adequacy mechanisms where available.
• ›No sale or sharing for cross‑context advertising: we do not sell personal information and do not share it for cross‑context behavioral advertising. If this changes, we will update this Policy, provide required links/controls, and honor opt‑out preference signals.

• ›Retention: audio (mic) not stored; transcripts and chats for your session/history/cache up to 12 months (or until you delete); chats used for improvement up to 24 months (we may retain de‑identified, derived metrics/models); Optional Memory TTL 180 days (auto‑expiry); telemetry (metadata) 12 months; account/billing/legal records for the life of the account and up to 6 years thereafter; marketing preferences/consents 3–5 years to demonstrate compliance.
• ›Controls: delete chats/history and clear Memory in‑product; opt‑out of improvement (toggle "Use my chats to improve the Service" to Off or email support@tradetir.ai)—we exclude future chats and, upon request, cease using historical chats for improvement; manage cookies at any time via Cookie Settings (UK/EU analytics are off until consent).
• ›California "Notice at Collection" (summary): we do not sell or share personal information for cross‑context behavioral advertising. Typical collection includes identifiers (account/security), internet/device data (security/diagnostics/analytics), audio & transcript (provide transcription and Outputs; no audio storage), commercial data (billing/tax), and inferences/memory (personalization). Retention and recipients correspond to Sections 5 and 4. We present this notice at or before collection (e.g., near forms).

• ›Types: necessary cookies/local storage to operate the site/app; analytics only where permitted.
• ›Consent (UK/EU): non‑essential analytics are off until you opt in via the banner; a persistent Cookie Settings control lets you withdraw consent at any time.
• ›Service worker/local storage: we may cache limited data for performance/offline use; we treat this transparently as "cookies" and honor your Cookie Settings.
• ›Do Not Track / GPC: "Do Not Track" is not standardized. If we ever engage in sale/share under California law, we will honor opt‑out preference signals such as Global Privacy Control.

• ›Security: we apply appropriate technical and organizational measures (encryption in transit; key management; role‑based access; environment isolation; rate‑limiting; monitoring; production logging configured to avoid full chat content). Where required, we notify regulators of notifiable breaches and, when legally required, affected users.
• ›Children & age limits: the Service is intended for ages 16+. We do not knowingly allow account creation by anyone under 16. Purchases require 18+ in the United States, European Union, England & Wales, and Northern Ireland; in Scotland, purchases may be permitted from 16+, though we may require 18+ at our discretion. If we learn we have collected personal data from anyone under the applicable minimum age, we will delete it.
• ›Payments: if you purchase a plan, payments are processed by a third‑party payments provider. We do not store card details; we do not directly handle payment.
• ›Changes: we will post updates with a new effective date and, for material changes, provide in‑product or email notice.
• ›Contact: all privacy questions and requests—support@tradetir.ai.