← Back to home

Privacy Policy

Last updated: April 2026 · Governed by GDPR (EU General Data Protection Regulation)

1. Data Controller

The data controller for this website is:

[First Name Last Name]
[Street Number]
[Postal Code City], Germany
Email: privacy@sovarion.ai

2. What Data We Collect

Account data: Name, email address, encrypted password (bcrypt hashed).
Preferences: Watchlist, favorite news sources, explanation style.
Usage data: Pages visited, access times, features used.
Payment data: Processed exclusively by Stripe. We do not store credit card or bank details.

Legal basis: Contract performance (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

3. Registration and User Account

When you register, we collect your name, email, and password. Your password is hashed using bcrypt and never stored in plain text. We also store your preferences (watchlist, favorite sources, explanation style) to personalize the service.

Deletion: Your data will be deleted upon account cancellation, unless legal retention obligations apply.

4. Payment Processing

We use Stripe, Inc. (San Francisco, CA, USA) for payment processing. Credit card and bank details are processed exclusively by Stripe and are never stored on our servers. Stripe is PCI DSS Level 1 certified.

Stripe privacy policy: stripe.com/privacy

5. Hosting and Infrastructure

Frontend: Vercel Inc. (USA) — Privacy Policy
Backend & API: Railway Corp. — Privacy Policy
Database: Neon Inc. (PostgreSQL, hosted in EU — Frankfurt).
AI Processing: Anthropic PBC (Claude). No personal user data is transmitted to Anthropic — only anonymized market data for analysis generation.

6. Cookies

We use only technically necessary cookies for authentication (NextAuth session token). These are required for the service to function and cannot be declined.

We do not use tracking cookies, analytics tools (no Google Analytics), advertising cookies, or any third-party tracking.

7. Third-Party Data Services

To provide market analysis, we use the following data services. No personal user data is transmitted to these services:

  • Finnhub.io — Financial data, news, analyst estimates, insider transactions
  • Twelve Data — Price data and technical indicators
  • Massive API — Real-time price data
  • IG Markets — DAX index data
  • GNews — News aggregation

8. Your Rights (GDPR)

You have the following rights regarding your personal data:

  • Right of access (Art. 15): Request information about your stored data.
  • Right to rectification (Art. 16): Request correction of inaccurate data.
  • Right to erasure (Art. 17): Request deletion of your data.
  • Right to restriction (Art. 18): Request restriction of processing.
  • Right to data portability (Art. 20): Receive your data in machine-readable format.
  • Right to object (Art. 21): Object to the processing of your data.
  • Right to lodge a complaint: With the competent supervisory authority.

Contact: privacy@sovarion.ai

9. Data Security

All data transmissions are encrypted via SSL/TLS. Passwords are hashed with bcrypt. API access is secured via JWT tokens. Maximum 2 concurrent sessions per user.

10. Changes to This Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or our services. The current version always applies.