This Privacy Policy explains how Agent of Wall St, Inc. ("Agent of Wall St," "we," "us," or "our") collects, uses, shares, and protects personal information in connection with Agent of Wall St and the websites and services we offer at https://agentofwallst.com (collectively, the "Service"). It supplements our Terms of Service.
1. Information we collect
We collect information in three ways: information you give us, information collected automatically, and information we receive from third parties.
1.1 Information you give us
- Account information. When you create an Account, our authentication partner, Clerk, collects identifiers such as your name, email address, password, and, where you choose, social-login identifiers. We receive a minimal user record from Clerk that we use to identify and contact you.
- Billing information. When you subscribe to a paid plan, our payment processor, Stripe, collects payment-card details, billing address, and tax information directly from you. We do not store full payment-card numbers; we store Stripe customer and Subscription identifiers and metadata such as plan, status, and renewal dates.
- Communications. When you contact us by email, fill in a form, or otherwise correspond with us, we collect the content of those messages and your contact details.
- Content. Any data, files, or other material you submit to the Service in the course of using it.
1.2 Information collected automatically
- Log and device data. We log technical information about your interactions with the Service, including IP address, user-agent string, referring page, request and response status, and timestamps. This data is used to operate, secure, and debug the Service.
- Cookies and similar technologies. We use a small number of strictly necessary cookies for authentication and session management. Where you enable analytics, additional cookies or local-storage identifiers may be set. See Section 5 (Cookies and similar technologies).
- Product analytics (optional). Where enabled, our analytics partner, PostHog, records pageviews, product events, feature-flag checks, and a pseudonymous browser identifier. Session replay is disabled by default. We do not send API keys, secrets, payment data, raw webhook payloads, message bodies, or other sensitive content to analytics.
1.3 Information from third parties
- Identity providers. If you sign in through a social identity provider, we receive the profile fields you authorize.
- Payment providers. Stripe shares Subscription status, charge results, and dispute outcomes with us via webhooks.
- Email provider. Postmark provides delivery, bounce, and complaint events for the transactional emails we send you.
2. How we use information
We use the information described in Section 1 to:
- Provide, operate, secure, and maintain the Service.
- Authenticate users and manage Accounts.
- Process payments and manage Subscriptions.
- Send transactional emails, including account confirmation, billing receipts, security alerts, and important service notices.
- Respond to your requests and provide customer support.
- Monitor and improve the Service, including analyzing usage patterns where you have enabled analytics.
- Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms.
- Comply with legal obligations, enforce our agreements, and protect our rights.
3. Legal bases for processing (EEA, UK, Switzerland)
Where the General Data Protection Regulation (GDPR) or comparable law applies, we rely on the following legal bases:
- Contract. To provide the Service you have signed up for and to process your Subscription.
- Legitimate interests. To secure the Service, prevent fraud and abuse, debug operational issues, and analyze usage in aggregated form to improve the Service. We balance these interests against your rights and expectations.
- Consent. Where we ask for it, for example for optional analytics or non-essential cookies. You may withdraw consent at any time.
- Legal obligation. To comply with applicable law, regulatory requests, and court orders.
4. Service providers and subprocessors
We share personal information with the following categories of service providers, who process it on our behalf under written agreements that restrict their use of the information to the purposes for which we engaged them:
| Provider | Purpose | Categories of data |
|---|---|---|
| Clerk | Authentication and user management | Account identifiers, login events |
| Stripe | Payment processing and billing | Payment card data, billing address, charge history |
| Postmark | Transactional email delivery | Email address, message metadata, delivery events |
| PostHog (optional) | Product analytics | Pseudonymous browser identifier, page and event data |
| Hosting provider, for example Vercel | Service hosting and CDN | All data necessary to serve the Service |
We do not sell personal information, and we do not share it with advertising networks. We may update this list from time to time; the current version is available on request to legal@agentofwallst.com.
5. Cookies and similar technologies
We use the following categories of cookies and local-storage identifiers:
- Strictly necessary. Authentication, session state, and security. These cannot be disabled.
- Functional. User preferences, such as language or theme.
- Analytics (optional). Set by PostHog when product analytics is enabled. You can disable analytics in your account settings, where offered, or by using browser-level controls such as the Do Not Track header.
We do not use advertising cookies.
6. Data retention
- Account data. Retained while your Account is active. After Account closure, we delete or anonymize personal information within a reasonable wind-down period, except for records we must keep for legal, accounting, fraud-prevention, or dispute-resolution purposes.
- Billing records. Retained for as long as required by tax, accounting, and audit obligations, typically seven years.
- Logs. Retained for a limited period, typically up to 90 days, for security and debugging.
- Analytics data. Retained according to our analytics provider's retention configuration; aggregated or pseudonymized data may be retained longer.
- Content you delete. Removed from active systems promptly and from backups in the ordinary course of backup rotation.
7. International data transfers
Our service providers operate in multiple jurisdictions, so your information may be transferred to and processed in a country with different data-protection laws than those where you live. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.
8. Your rights
Depending on where you live, you may have the following rights regarding your personal information:
- Access. Request a copy of the personal information we hold about you.
- Correction. Ask us to correct inaccurate or incomplete information.
- Deletion. Ask us to delete your personal information, subject to legal retention obligations.
- Restriction or objection. Ask us to restrict or object to certain processing.
- Portability. Request a portable copy of certain information you have provided to us.
- Withdraw consent. Where processing is based on consent, withdraw it at any time.
- Lodge a complaint. Lodge a complaint with your local data-protection authority.
California residents. If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including the rights to know, delete, and correct your personal information, and the right not to be discriminated against for exercising those rights. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under the CCPA.
To exercise any right, contact us at legal@agentofwallst.com. We will verify your identity before acting on requests and will respond within the timeframes required by applicable law.
9. Children
The Service is not directed to children under 13, or the minimum age of digital consent in your jurisdiction. We do not knowingly collect personal information from children under that age. If you believe a child has provided us with personal information, contact us at legal@agentofwallst.com and we will take appropriate steps to delete it.
10. Security
We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. These include encryption in transit, authentication via our identity partner, Clerk, isolated payment processing through Stripe, role-scoped service tokens between our internal services, and regular review of access. No system is perfectly secure, however, and we cannot guarantee absolute security.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice, for example by email or by posting a notice in the Service, before the changes take effect. The effective date at the top of this page indicates when the policy was last updated.
12. Contact us
If you have questions or requests about this Privacy Policy or your personal information, contact us at legal@agentofwallst.com or on the web at https://agentofwallst.com.