1. INTRODUCTION

This Privacy Policy explains how StockAlert Pro ("we," "us," "our," or "Service") collects, uses, and protects your personal information when you use our stock alert and portfolio tracking service.

Contact for Privacy Questions: [email protected]

2. INFORMATION WE COLLECT

Personal Information:

• Email addresses - for account login and alert delivery
• Stock watchlists - your selected stocks and preferences
• Alert settings - your customized notification preferences
• Language preferences - stored in browser cookies

Technical Information:

• IP addresses - for service delivery and security
• Browser information - basic compatibility data
• Usage analytics - via Google Analytics

Information We DO NOT Collect:

• Financial account numbers or banking information
• Personal financial data (income, assets, net worth)
• Social security numbers or government IDs
• Credit card information (until paid features launch)
• Detailed device fingerprints or mobile device IDs
• Location data beyond IP geolocation

3. HOW WE USE YOUR INFORMATION

Primary Uses:

• Service Delivery: Send stock price alerts and notifications
• Account Management: User authentication and account access
• Service Improvement: Analyze usage patterns to enhance features
• AI/ML Enhancement: Improve recommendations and service functionality

Future Uses (with your consent):

• Marketing Communications: Feature updates, educational content, and service announcements
• Customer Support: Respond to inquiries and technical issues

We Do NOT:

• Sell your personal information to third parties
• Share individual user data with partners
• Use your data for advertising to other companies
• Create public statistics from your personal data

4. THIRD-PARTY SERVICES

Current Third-Party Services:

• Google Analytics: Website usage analytics (anonymous data)
• Google OAuth: Secure login authentication
• Gmail: Email delivery for alerts (transitioning to dedicated service)
• Cloudflare: DNS services only (no data collection)
• Oracle Cloud Infrastructure (OCI): Secure data storage and hosting

Planned Future Services:

• SendGrid (or equivalent): Professional email delivery service
• PayPal: Payment processing for future paid features

Third-Party Data Sharing:

We only share the minimum necessary data with these services to provide functionality. We do not share personal data beyond what's required for each service to function.

5. DATA STORAGE & SECURITY

Data Storage Location:

• Primary Storage: Oracle Cloud Infrastructure (OCI)
• Geographic Location: Secure data centers with enterprise-grade security
• Backup & Recovery: Regular automated backups with encryption

Security Measures:

• Data encryption in transit and at rest
• Secure authentication via Google OAuth
• Regular security monitoring and updates
• Access controls and audit logging
• Industry-standard security practices

Data Retention:

• Account Deletion: Data deleted immediately upon user request
• Inactive Accounts: Data deleted after 2 weeks of inactivity
• Legal Requirements: Some data may be retained longer if required by law

6. YOUR PRIVACY RIGHTS

Data Access & Control:

• View Your Data: Access all your stored information through your account
• Download/Export Data: Manually export your watchlists and settings
• Modify Data: Edit watchlists and some settings (theme preferences)
• Delete Account: Self-service account deletion available

Email Preferences:

• Alert Emails: Required for core service functionality
• Marketing Emails: Opt-out available when feature launches
• Unsubscribe: All marketing emails will include unsubscribe links

Email Address Changes:

Important: To change your email address, you must delete your current account and create a new one. This will remove all your watchlists and settings.

Regional Rights (GDPR/CCPA):

• Right to access your personal data
• Right to rectify inaccurate data
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing

7. LEGAL COMPLIANCE

GDPR Compliance (European Union):

• Lawful basis for processing: Legitimate interest and consent
• Data minimization: We collect only necessary information
• User rights: Access, rectification, erasure, portability, objection
• Data breach notification: Within 72 hours if applicable
• Privacy by design: Built into our service architecture

CCPA Compliance (California, USA):

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising CCPA rights
• Note: We do not sell personal information

Israeli Privacy Laws:

• Compliance with Israeli Privacy Protection Law
• Data security requirements for Israeli-based services
• User consent and notification requirements

Cross-Border Data Transfers:

When transferring data internationally, we ensure adequate protection through appropriate safeguards and legal mechanisms.

8. COOKIES & TRACKING

Types of Cookies We Use:

• Essential Cookies: Required for basic website functionality
• Language Preference Cookies: Remember your language selection
• Analytics Cookies: Google Analytics for usage statistics

Third-Party Tracking:

• Google Analytics: Anonymous usage data and website performance
• No advertising cookies: We do not use advertising or marketing cookies
• No social media tracking: No Facebook, Twitter, or other social media tracking

Managing Cookies:

• You can disable cookies in your browser settings
• Essential cookies cannot be disabled without affecting functionality
• Analytics cookies can be disabled without affecting core features

9. CHILDREN'S PRIVACY

• We do not knowingly collect personal information from children under 18
• If we discover that a child under 18 has provided personal information, we will delete it immediately
• Parents who believe their child has provided information should contact us immediately
• Stock market investing requires legal age of majority

10. DATA BREACH NOTIFICATION

Our Commitment:

• We employ industry-standard security measures to protect your data
• Regular security audits and monitoring
• Immediate response protocols for any security incidents

In Case of a Breach:

• Immediate Assessment: Evaluate scope and impact within hours
• Regulatory Notification: Notify authorities within 72 hours (GDPR requirement)
• User Notification: Inform affected users promptly via email
• Remediation: Take immediate steps to secure systems and prevent further breaches
• Transparency: Provide clear information about what happened and what we're doing about it

11. CHANGES TO THIS PRIVACY POLICY

Policy Updates:

• We may update this Privacy Policy to reflect changes in our practices or legal requirements
• Significant changes will be communicated via email to registered users
• Updated policies will be posted with a new "Last Updated" date
• Continued use of the service after changes constitutes acceptance

Types of Changes:

• Minor Updates: Clarifications, contact information, or legal compliance updates
• Material Changes: New data collection, usage purposes, or third-party sharing
• Major Changes: 30-day advance notice for significant policy changes

12. INTERNATIONAL USERS

Service Availability:

• StockAlert Pro is accessible globally
• Service operated from Israel with data stored on Oracle Cloud Infrastructure
• Compliance with local privacy laws where technically and legally feasible

Data Transfer Safeguards:

• Adequate protection for international data transfers
• Compliance with EU adequacy decisions where applicable
• Standard contractual clauses for data transfer protection
• Ongoing monitoring of international privacy law developments

Local Legal Requirements:

This Privacy Policy is subject to mandatory consumer protection and privacy laws in your jurisdiction that cannot be waived. Where local laws provide greater protection, those laws will apply.

13. CONTACT INFORMATION

Service Information:

• Service Operator: StockAlert Pro
• Service Location: Israel
• Data Processing: Oracle Cloud Infrastructure
• Governing Law: Delaware, United States (subject to mandatory local privacy laws)

Response Times:

• General Privacy Questions: 5-7 business days
• GDPR/CCPA Requests: 30 days maximum
• Account Deletion: Immediate upon request
• Data Breach Notifications: Within 72 hours of discovery