Privacy Policy - StonkPro

StonkPro Inc. ("we," "our," or "us"), a federal corporation incorporated under the laws of Canada, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service"). If you have questions, contact our Data Protection Officer at the details below.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide to us when you:

Register for an Account: Name, email address, username, password, and investment experience level
Use the Service: Data you input or generate while using our tools
Contact Us: Email address, name, and message content
Sign Up for Beta Testing: Name, email, investment experience, and communication preferences

1.2 Automatically Collected Information

When you access the Service, we automatically collect certain information, including:

Log Data: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps
Device Information: Device type, unique device identifiers, and mobile network information
Usage Data: Features accessed, time spent on pages, search queries, and interaction patterns
Cookies and Similar Technologies: Session data, preferences, and authentication tokens
Location Data: Approximate location inferred from IP address for security and analytics

1.3 Financial Data

We do not collect or store your financial account information, credit card numbers, or brokerage account credentials. However, you may input financial data for analysis purposes, which we store to provide the Service. This user-input data is pseudonymized where possible and not linked to external financial accounts.

2. How We Use Your Information

We use the information we collect to:

Provide and Maintain the Service: Create and manage your account, process requests, and deliver functionality
Personalize Your Experience: Remember your preferences, save your analyses, and customize content
Improve the Service: Analyze usage patterns, identify bugs, and develop new features
Communicate with You: Send account notifications, updates, newsletters (if you opt in), and respond to inquiries
Ensure Security: Detect fraud, prevent abuse, protect against security threats, and enforce our Terms
Legal Compliance: Comply with legal obligations and respond to lawful requests
Research and Analytics: Conduct research on user behavior and service performance (using aggregated, anonymized data)
AI and Machine Learning: Use anonymized data to train models for enhanced features, such as personalized valuations

3. How We Share Your Information

3.1 We Do Not Sell Your Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3.2 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

Cloud hosting and storage providers
Email delivery services
Analytics providers
Customer support tools
Payment processors (e.g., Stripe)

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.3 Data Aggregation

We may share aggregated, anonymized data that cannot identify you personally with third parties for research, marketing, or other purposes. We ensure anonymization techniques prevent re-identification.

3.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Subpoenas, court orders, or legal processes
Requests from law enforcement or government agencies
Protect our rights, property, or safety
Prevent fraud or abuse of the Service
Comply with legal obligations

3.5 Business Transfers

If StonkPro is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

3.6 With Affiliates

If we have affiliates in the future, we may share under the same privacy standards.

4. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

Encryption of data in transit and at rest
Secure authentication mechanisms
Access controls and role-based permissions
Regular security audits and monitoring
Employee training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach likely to cause harm, we will notify affected users and the OPC (or relevant authorities) within timelines required by law (e.g., promptly under PIPEDA).

5. Data Retention

We retain your information for as long as necessary to:

Provide the Service and fulfill the purposes described in this policy
Comply with legal obligations (tax, accounting, auditing)
Resolve disputes and enforce agreements
Maintain business records

Specifically: Active account data until deletion request plus 30 days for processing; usage logs for 1 year; financial records up to 7 years per CRA requirements. Anonymized data may be retained indefinitely. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal reasons. Some information may remain in backups for a limited period (up to 90 days).

6. Your Privacy Rights

6.1 Access and Correction

You have the right to access and update your personal information through your account settings or by contacting us.

6.2 Data Portability

You may request a copy of your data in a structured, commonly used format.

6.3 Deletion

You can request deletion of your account and associated data at any time, subject to legal retention requirements.

6.4 Opt-Out of Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any promotional email or updating your communication preferences.

6.5 Cookie Controls

Most browsers allow you to control cookies through settings. Note that disabling cookies may limit your ability to use certain features.

6.6 Do Not Track

Some browsers support "Do Not Track" signals. We do not currently respond to Do Not Track signals.

To exercise any rights, submit a verifiable request (e.g., via email with identity proof). We respond within 30 days (PIPEDA) or 45 days (CCPA), extendable if complex. No fees for standard requests.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Essential Cookies: Enable core functionality like authentication and security
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Understand how you use the Service and improve performance
Session Cookies: Maintain your session while you're logged in

You can control cookies through your browser settings, but disabling certain cookies may affect functionality. We obtain consent for non-essential cookies via a consent banner on your first visit, as required by applicable laws.

8. Third-Party Services and Links

8.1 Third-Party Data Sources

We obtain financial data from various third-party sources (SEC filings, market data providers like FMP, etc.). The privacy policies of these providers govern their data collection practices. We do not receive personal information from these sources.

8.2 External Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

8.3 Social Media

If you interact with us through social media, those platforms may collect information about you. Please review their privacy policies.

9. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to our facilities and service providers. We use safeguards such as Standard Contractual Clauses (SCCs) or rely on adequacy decisions for transfers.

10.1 European Users

If you are in the European Economic Area (EEA), we comply with applicable data protection laws, including the General Data Protection Regulation (GDPR). You have additional rights under GDPR, including:

Right to object to processing
Right to restrict processing
Right to lodge a complaint with a supervisory authority

Our lawful basis for processing is detailed in Section 13.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of personal information collected (categories: identifiers like name/email; inferences like investment level; geolocation from IP)
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
Right to Non-Discrimination: Not be discriminated against for exercising your rights

We disclose information for business purposes (e.g., to service providers) but do not sell it. To exercise rights, submit a verifiable request; we verify via account details.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated policy on this page
Updating the "Last Updated" date
Sending an email notification (for significant changes)
Or via in-app notices

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Data Processing Legal Basis

We process your personal information based on the following legal grounds:

Contract Performance: To provide the Service you've requested
Legitimate Interests: To improve the Service, prevent fraud, and ensure security
Consent: When you've given explicit consent (e.g., for marketing communications)
Legal Obligations: To comply with applicable laws and regulations

For EEA users under GDPR: We rely on consent for non-essential processing; contract for core services; legitimate interests for analytics (balanced against your rights).

14. Your California "Shine the Light" Rights

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. However, we do not share personal information with third parties for their direct marketing purposes.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Email: [email protected]
Website: www.stonkpro.com

We will respond to your request within 30 days or as required by applicable law. For GDPR complaints, contact your local supervisory authority (e.g., OPC in Canada for PIPEDA).