Privacy Policy

This Privacy Policy ("Policy") governs how the FIP Intelligence application ("application", "we", "our company") collects, uses, protects, and processes users' personal data in accordance with the General Data Protection Regulation (GDPR) EU 2016/679 and applicable data protection laws.

Your privacy is our priority. We are committed to protecting your personal data and providing you with transparent information about how we handle it.

1.1 Investment and Financial Data

As part of providing portfolio tracking and analysis services, you may voluntarily upload the following data:

• Names of stocks, mutual funds, and other investment instruments
• Purchase and sale prices, trade volumes, transaction dates
• Currency denominations of positions and realized gains/losses
• Sector and geographic portfolio allocation
• Dividend yields and related metrics
• Personal notes and tags for individual positions
• Portfolio preference settings and risk tolerance

1.2 Identification and Contact Data

For account registration and providing certain services, we process:

• Email address
• Full name (first and last name)
• Age or date of birth (for verification of access to certain features)
• Preferred interface language
• Time zone for proper data display

1.3 Technical and Analytics Data

We automatically collect technical information necessary for app functionality:

• IP address and approximate geographic location
• Device type, operating system, browser version
• App usage data (features used, time spent, usage frequency)
• Cookies and local storage for preference storage
• Error logs and performance metrics for service improvement

1.4 AI Assistant Interactions

If you use the app's AI assistant, we process:

• Text queries and analysis requests
• Conversation history with AI (only with consent)
• Preferences regarding types of analyses and reports
• Feedback on AI response quality

We process your personal data based on the following legal bases according to Art. 6 GDPR:

2.1 Consent of the Data Subject (Art. 6(1)(a))

We obtain your explicit consent for processing sensitive financial data, using AI analyses, marketing communications, and advanced tracking features.

2.2 Performance of a Contract (Art. 6(1)(b))

Processing is necessary to provide the basic functions of the application that you activated by creating an account.

2.3 Legitimate Interest (Art. 6(1)(f))

We process data based on our legitimate interest in:

• Ensuring application security and integrity
• Preventing fraud and service abuse
• Improving service quality and functionality
• Anonymized analytical purposes

2.4 Legal Obligation (Art. 6(1)(c))

Some data is processed to comply with legal obligations, particularly in accounting, archiving, and tax regulations.

We use your personal data exclusively for the following purposes:

3.1 Providing Core Services

• User account management and authentication
• Storing and synchronizing portfolio data
• Generating personalized analyses and reports
• Providing real-time price and market data updates
• Sending notifications about important portfolio changes

3.2 AI-Assisted Analyses

• Personalizing investment recommendations and risk analyses
• Monte Carlo simulations and quantum modeling
• Detecting patterns in portfolio behavior
• Automated generation of investment reports

3.3 Security and Protection

• Detecting suspicious activities and abuse attempts
• Identity verification during sensitive operations
• Protection against cyber attacks
• Backup and recovery processes

3.4 Service Improvement

• Usage analysis for UX optimization
• Development testing of new features
• Aggregate reporting for business purposes
• Customer support and technical problem resolution

4.1 Types of Automated Processing

• Portfolio Risk Scoring: Automatic risk assessment based on historical data
• AI Investment Assistant: Chatbot providing analyses based on your queries
• Quantum Simulations: Monte Carlo models for price development prediction
• Tax Optimization: Automatic identification of tax-optimal strategies
• Anomaly Detection: Detection of unusual portfolio movements

4.2 Your Rights Regarding Automated Decision-Making

In accordance with Art. 22 GDPR, you have the right to:

• Not be subject to automated decision-making with legal consequences
• Request human intervention in significant automated decisions
• Express your viewpoint on automated processing results
• Contest decisions based on automated processing

We do not sell, rent, or trade your personal data. Sharing occurs only in the following limited cases:

5.1 Technology Service Providers

• Cloud hosting: Amazon Web Services (AWS) for data storage in EU
• AI services: OpenAI and Anthropic for AI assistant (anonymized only)
• Analytics: Google Analytics for usage analysis (anonymized)
• Email communication: SendGrid for transactional emails
• Payment systems: Stripe for payment processing (necessary data only)

5.2 Legal Requirements

We may disclose data to relevant authorities only in cases of:

• Legal obligation or court order
• Protection of our legal interests
• Prevention of fraud or criminal activity
• Protection of user or public safety

5.3 Business Transactions

In case of merger, acquisition, or company sale, you will be informed about potential data transfer with sufficient advance notice.

5.4 Aggregated Data

We may share anonymized and aggregated data for research and development purposes that do not allow your identification.

6.1 Technical Security Measures

• Encryption: All data is encrypted using AES-256 standard
• Transmission: Communication via TLS 1.3 protocol
• Authentication: Two-factor authentication for sensitive accounts
• Monitoring: 24/7 security incident monitoring
• Firewalls: Advanced network security systems
• Penetration testing: Regular security audits

6.2 Organizational Measures

• Data access only for authorized employees
• Regular security and GDPR training
• Signed non-disclosure agreements (NDAs)
• Principle of least privilege access
• Incident response plan for security breaches

6.3 Geographic Data Location

All personal data is stored exclusively on servers within the European Union (specifically in Germany and Ireland) in compliance with GDPR data localization requirements.

6.4 Backup and Disaster Recovery

• Automatic daily backups with 30-day retention
• Geographically distributed backup systems
• Disaster recovery plan with RTO/RPO metrics
• Regular testing of recovery processes

In accordance with GDPR, you have the following rights regarding your personal data:

7.1 Right of Access (Art. 15 GDPR)

You have the right to confirmation of whether we process your personal data, and if so, access to that data including information about processing purposes, data categories, and recipients.

7.2 Right to Rectification (Art. 16 GDPR)

You may request correction of inaccurate personal data or completion of incomplete data.

7.3 Right to Erasure - "Right to be Forgotten" (Art. 17 GDPR)

You may request deletion of your personal data if:

• Data is no longer necessary for original purposes
• You withdraw consent and no other legal basis exists
• Data has been processed unlawfully
• Erasure is necessary to comply with legal obligation

7.4 Right to Restriction of Processing (Art. 18 GDPR)

You may request restriction of processing your data in certain situations, such as disputes about data accuracy.

7.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.

7.6 Right to Object (Art. 21 GDPR)

You may object to processing of your data based on legitimate interest or processing for direct marketing purposes.

7.7 Right to Withdraw Consent

You may withdraw consent to processing at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

8.1 Types of Cookies We Use

Necessary Cookies (essential for functionality):

• Authentication tokens for login
• CSRF protection against attacks
• Language preference storage
• Session ID management

Functional Cookies (enhance user experience):

• Dashboard settings memory
• Application interface personalization
• Filter and sorting storage

Analytics Cookies (performance measurement):

• Google Analytics for understanding feature usage
• Hotjar for user behavior analysis
• Custom metrics for application optimization

8.2 Cookie Management

You can manage cookies through your browser settings or using our Cookie banner on first visit. Please note that disabling necessary cookies may affect application functionality.

8.3 Local Storage

We use localStorage and sessionStorage for storing temporary data such as:

• Financial data cache for faster loading
• Incomplete forms and drafts
• User interface preferences

9.1 Access Conditions

Access to advanced features requires:

• Age verification (18+ years) through ID document
• Consent to additional risk warnings
• Confirmation of investment experience
• Acceptance of disclaimer about hypothetical nature of outputs

9.2 Sensitive Data Processing

For these features, we may process:

• Detailed trading history
• Risk tolerance profiling
• Sophisticated portfolio metrics
• Alternative investment data

9.3 Limitation of Liability

All outputs from quantum models and Dark Pool analyses are:

• Purely hypothetical and illustrative in nature
• Based on historical data without guarantee of future results
• Intended solely for educational and informational purposes
• Not investment advice or recommendations

10.1 Active Accounts

We retain personal data while your account is active and for the period necessary to provide our services.

10.2 Inactive Accounts

• After 12 months of inactivity: Notification of planned deletion
• After 18 months of inactivity: Portfolio data anonymization
• After 24 months of inactivity: Complete account deletion

10.3 Specific Data Categories

• Transaction data: 7 years (tax requirements)
• Communication logs: 2 years
• Security logs: 1 year
• Analytics cookies: 26 months
• AI conversations: 30 days (unless explicitly saved)

10.4 Deletion on Request

You may request immediate deletion of your data at any time, except for data we must retain for legal reasons (e.g., tax purposes).

11.1 Change Notifications

We will inform you of all substantial changes to this Policy through:

• Email to your registered address
• In-app notification upon next login
• Updates on our website

11.2 Effective Date of Changes

Changes become effective 30 days after notification, unless they require your active consent. For substantial changes, we will require new explicit consent.

11.3 If You Disagree with Changes

If you disagree with proposed changes, you have the right to terminate use of the service and request deletion of your data before the changes take effect.

For any questions regarding this Privacy Policy or processing of your personal data, please contact us: