Privacy Policy

1. Scope and Controller

This Privacy Policy explains how ColorVol (we, us, and our) collects, uses, shares, and protects personal information when you use the ColorVol website, dashboard, options analytics tools, AI chat, billing features, and related services, which we call the Service. For the personal information we decide how and why to process, ColorVol acts as the data controller. You can contact us about privacy matters at [email protected].

2. Information We Collect

We collect account information from Google sign-in, such as your email address, name, profile image, provider account identifier, email verification status, and sign-in timestamps. We also collect service data you create or submit, including AI chat messages, selected symbols, model choices, saved trades, shared strategy links, strategy inputs, and support communications.

We collect usage and technical information needed to operate the Service, including request metadata, approximate device or browser information, security logs, rate-limit information, token balances, token ledger entries, subscription status, and error logs. If you purchase a paid plan, Stripe processes your payment details and we store related billing records such as Stripe customer and subscription identifiers, plan, status, billing period, and cancellation state. We do not intentionally collect special categories of personal data, and you should not submit sensitive personal information in AI prompts, strategy notes, or support messages.

3. How We Use Information

We use personal information to provide and secure the Service, authenticate users, create and maintain accounts, operate subscriptions and token credits, process billing, deliver AI responses, save and share strategies at your request, provide support, prevent abuse, diagnose errors, improve reliability, comply with legal obligations, and enforce our Terms of Service.

4. Legal Bases for EU/EEA Users

Where the GDPR or similar law applies, we rely on the following legal bases: contract necessity to create your account, authenticate you, provide the Service, process subscriptions, and respond to your requests; legitimate interests to secure the Service, prevent fraud and abuse, maintain logs, improve reliability, understand usage, and protect our rights; legal obligation to keep records required for tax, accounting, payment, compliance, and dispute purposes; and consent where we introduce optional marketing, non-essential cookies, or other processing that legally requires consent.

5. AI, Market Data, and Shared Content

When you use AI chat, your prompts, recent chat context, selected symbol, model choice, and market context may be sent to OpenRouter and model providers routed through OpenRouter to generate a response. We store chat history and usage records so you can review prior conversations, so we can meter token usage, and so we can investigate errors or abuse. Market data requests may involve third-party market data sources such as Yahoo Finance. Public strategy share links are accessible to anyone who has the link and may include the strategy details and creator name shown by the Service.

6. Cookies and Similar Technologies

We use cookies and similar technologies that are necessary for authentication, session management, security, CSRF protection, and basic Service operation. These are required to provide the Service you request. If we add optional analytics, advertising, or marketing cookies, we will update this Policy and, where required, request consent before using them.

7. How We Share Information

We do not sell personal information. We share personal information only as needed with service providers and recipients that help us operate the Service, including hosting and database providers, Google for authentication, Stripe for payments and billing, OpenRouter and routed AI model providers for AI responses, market data providers, security and infrastructure providers, professional advisers, authorities where legally required, and parties involved in a merger, acquisition, financing, or sale of business assets.

8. International Transfers

We and our service providers may process personal information outside your country, including outside the European Economic Area. Where required, we rely on adequacy decisions, Standard Contractual Clauses, contractual safeguards, or another lawful transfer mechanism. Third-party providers may also apply their own transfer safeguards for data they process as independent controllers or processors.

9. Retention

We keep personal information only for as long as reasonably necessary for the purposes described in this Policy. Account and subscription records are kept while your account is active and for a reasonable period afterward for legal, accounting, tax, fraud-prevention, and dispute purposes. AI chat history, saved strategies, and strategy shares are kept until deleted through available Service features, until you request deletion, or until they are no longer needed. Security, rate-limit, and diagnostic logs are kept for limited periods unless needed to investigate abuse, enforce terms, comply with law, or protect rights.

10. Security

We use reasonable technical and organizational measures designed to protect personal information, including access controls, provider-side security features, encrypted transport such as HTTPS/TLS in production, and TLS/SSL connections to supported database, payment, AI, and infrastructure providers where configured. No online service is completely secure, and you are responsible for keeping your Google account and devices secure.

11. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, restrict, or receive a copy of your personal information; object to certain processing; withdraw consent where processing is based on consent; and complain to a data protection authority. You may also cancel paid subscriptions through the billing portal where available. To exercise privacy rights, contact [email protected]. We may need to verify your identity before acting on a request, and some information may be retained where required or permitted by law.

12. Children

The Service is not directed to children, and we do not knowingly collect personal information from children under the age required to use online services in their country. If you believe a child provided personal information to us, contact [email protected] so we can take appropriate action.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the date at the top of this page. If changes materially affect your rights or how we process personal information, we will provide additional notice where required by law.

14. Contact

For privacy questions, requests, or complaints, contact us at [email protected].