Privacy Policy

Vestovix ("we," "us," or "our") operates vestovix.com, an AI-powered stock screener and financial data platform. This Privacy Policy explains what information we collect when you use our Services, how we use it, who we share it with, and what rights you have over your data.

We are committed to handling your personal information with care and transparency. This policy complies with applicable privacy laws including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and the forthcoming Consumer Privacy Protection Act (Bill C-27), the European Union General Data Protection Regulation (GDPR), and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA).

We collect two categories of information:

2.1 Information You Provide Vestovix does not currently require account registration. We collect information only if you contact us directly (e.g., via email), in which case we retain your name, email address, and the content of your message for the purpose of responding to your inquiry.

2.2 Information Collected Automatically When you visit our Site, we and our technology partners automatically collect certain technical data, including:

• IP address and approximate geographic location (country/region level) • Browser type, version, and operating system • Pages visited, time on page, and referring URL • Device type (desktop, mobile, tablet) and screen resolution • HTTP request logs (standard web server records) • Query strings submitted to our AI screener (processed server-side; not linked to your identity)

2.3 Locally Stored Preferences We store a theme preference (dark or light mode) in your browser's localStorage. This data never leaves your device and is not transmitted to our servers.

3.1 What We Use Vestovix uses minimal cookies. We do not use advertising cookies, retargeting pixels, or behavioral tracking cookies for third-party advertising purposes. We may use:

• Session cookies: temporary cookies deleted when you close your browser, used for server-side request handling; • Analytics cookies: anonymous usage statistics (see Section 3.2); • CDN/performance cookies set by our infrastructure providers (e.g., Cloudflare) for security and performance.

3.2 Analytics We may use privacy-focused analytics tools (such as a self-hosted or cookieless analytics solution) to understand aggregate traffic patterns. Where analytics involve cookies, they are used only to count visits and measure page performance — not to track individuals across sites or build advertising profiles.

3.3 Global Privacy Control (GPC) Where technically feasible, Vestovix honors browser-level Global Privacy Control (GPC) signals as an opt-out of sale/sharing under applicable US state laws.

3.4 Managing Cookies You may configure your browser to refuse all cookies or alert you when a cookie is set. Disabling cookies may affect the functionality of certain features. Your LocalStorage theme preference can be cleared via your browser's developer tools or storage settings.

We use the information we collect to:

• Operate, maintain, and improve the Services (including our AI screener and calculators); • Analyze aggregate usage patterns to improve user experience and performance; • Respond to support requests, inquiries, and feedback; • Monitor for and prevent fraud, abuse, and security threats; • Comply with legal obligations and enforce our Terms of Use; • Conduct internal research and analytics to understand how our tools are used.

We do not use your data to:

• Send you unsolicited marketing emails (unless you have explicitly opted in); • Build advertising profiles or sell your data to advertisers; • Make automated decisions about you with legal or similarly significant effects; • Train AI models using your personally identifiable information without consent.

We do not sell your personal information. We do not share personal information with third parties for their own marketing purposes.

We may share data in the following limited circumstances:

5.1 Service Providers We work with trusted third-party service providers who assist in operating our platform (e.g., cloud hosting, CDN, analytics). These providers are bound by data processing agreements and are prohibited from using your data for any purpose other than providing services to us.

5.2 Data Providers Market data is fetched from licensed third-party financial data providers. Your IP address may be transmitted to these providers as part of standard API requests. Their use of that data is governed by their respective privacy policies.

5.3 Legal Requirements We may disclose information if required by law, regulation, legal process, or governmental request — or to protect the rights, property, or safety of Vestovix, our users, or others.

5.4 Business Transfers If Vestovix is acquired, merged, or undergoes a significant corporate restructuring, user data may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

The Services incorporate or link to third-party services, including:

• Licensed market data providers — equity, ETF, forex, crypto, and bond price feeds (subject to each provider's terms). • Anthropic — large language model API (Claude) used to interpret natural-language queries submitted to the AI screener. Privacy policy: anthropic.com/legal/privacy • OpenAI — large language model and image generation API used for select editorial and visual features. Privacy policy: openai.com/policies/privacy-policy • Cloudflare — CDN, DDoS protection, and performance. Privacy policy: cloudflare.com/privacypolicy • Vercel / hosting provider — web infrastructure.

Vestovix is not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before interacting with their platforms.

We retain data for the minimum time necessary for the purpose for which it was collected:

• Server logs (IP addresses, request logs): retained for up to 90 days for security and abuse monitoring, then deleted; • AI screener query cache: queries are cached anonymously for up to 24 hours to improve performance, then overwritten; • Contact/support communications: retained for up to 2 years or as long as necessary to resolve the matter; • Analytics data: retained in aggregate, anonymized form for up to 24 months.

If you have submitted a deletion request, we will process it within 30 days subject to any legal retention obligations.

We implement industry-standard technical and organizational measures to protect information against unauthorized access, disclosure, alteration, or destruction. These include HTTPS encryption for all data in transit, access controls and authentication for production systems, regular security assessments, and minimal data collection practices.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security and you use the Services at your own risk.

In the event of a data breach that creates a real risk of significant harm to you, we will notify affected individuals as required by applicable law.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR:

• Right of Access: You may request a copy of the personal data we hold about you. • Right to Rectification: You may request correction of inaccurate or incomplete data. • Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data, subject to legal retention obligations. • Right to Restriction: You may request that we restrict processing of your data in certain circumstances. • Right to Data Portability: You may request your data in a structured, machine-readable format. • Right to Object: You may object to processing based on legitimate interests. • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

Legal Basis for Processing: We process data based on (a) legitimate interests in operating and improving the Services, (b) compliance with legal obligations, and (c) consent where explicitly obtained.

To exercise these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months. • Right to Delete: You may request deletion of personal information we have collected, subject to exceptions. • Right to Correct: You may request correction of inaccurate personal information. • Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. You may still submit an opt-out request at [email protected]. • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by CPRA. • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

To submit a verifiable consumer request, contact [email protected]. We will respond within 45 days (extendable once by an additional 45 days with notice).

Categories of Personal Information Collected: Identifiers (IP address); Internet activity (pages visited, query strings); Geolocation data (country/region level only).

Vestovix is based in Canada and subject to PIPEDA (Personal Information Protection and Electronic Documents Act). Under PIPEDA, you have the right to:

• Know what personal information we hold about you; • Access your personal information and request corrections; • Withdraw consent for collection, use, or disclosure of your information (subject to legal or contractual restrictions); • Challenge our compliance with PIPEDA.

To exercise these rights, or to file a complaint, contact our Privacy Officer at [email protected]. If unresolved, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Vestovix is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child under the applicable minimum age, we will promptly delete it.

If you believe a child has provided us with personal information, please contact [email protected].

Vestovix is operated from Canada. If you access the Services from outside Canada, your data may be transferred to and processed in Canada and potentially in other jurisdictions where our service providers operate (including the United States).

For EEA/UK users, where required, we rely on appropriate safeguards for international transfers such as Standard Contractual Clauses (SCCs) approved by the European Commission. By using the Services, you acknowledge that your data may be transferred to and processed in Canada and other jurisdictions.

Vestovix's AI stock screener uses large language models to translate natural-language queries (for example, "stocks paying 4-8% dividend yield") into structured database filter criteria. Query text may be:

• Processed by Anthropic (Claude API) to interpret investment criteria. Anthropic's commercial API terms prohibit use of API inputs and outputs to train their models by default; • Cached server-side on Vestovix infrastructure for up to 24 hours in anonymous form (not linked to your IP or browser fingerprint) so repeat queries return faster; • Used in aggregate to monitor system performance and improve query accuracy.

Where visual or editorial features require image generation or supplemental text, queries may also be processed by OpenAI under their commercial API terms, which similarly prohibit training on customer inputs by default.

We do not include account identifiers, IP addresses, or cookies in the data we send to these AI providers — only the query text you typed and our system prompt. We do not use query content to build user profiles, target advertising, or train models on your behalf. Queries are processed ephemerally and are not retained on our systems beyond the 24-hour cache window.

The data processing practices of Anthropic and OpenAI are governed by their respective commercial terms and privacy policies, which apply to all data transmitted via their APIs.

We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated "Last Updated" date. If changes are material, we may provide additional notice on the Site. Your continued use of the Services after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this policy periodically.

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Privacy Officer Email: [email protected] Vestovix

We will acknowledge your request within 5 business days and provide a substantive response within 30 days.