VOREX TERMINAL — UTC
§ LEGAL · PRIVACY

Privacy Policy

Effective: May 10, 2026 · Version 1.0

Contents

  1. Summary
  2. What we collect
  3. How we use it
  4. Who we share with
  5. Cookies
  6. How long we keep it
  7. Your rights
  8. International transfers
  9. Security
  10. Children
  11. Changes to this Policy
  12. Contact

1. Summary

This is the plain-English version. The rest of the document is the detailed version.

  • We collect the minimum we need to run your account: email, password (hashed), payment-method status, and what you do inside Vorex.
  • We never see your full credit-card number. Stripe handles all payment data.
  • We do not sell your data. We do not show third-party ads. We do not run analytics that profile you across the web.
  • We use essential cookies only — for signing you in and processing payment. No tracking pixels, no ad networks.
  • You can ask us to export or delete your data at any time by emailing support@vorextrading.io.

This Policy explains the details. It applies whenever you use vorextrading.io or the Vorex terminal.

2. What we collect

CategoryWhatWhy
Account Email address, hashed password, account creation date. To create and authenticate your account.
Profile (optional) Display name, trading-style preferences, watchlists. To personalize the terminal.
Subscription Plan name, status (trialing, active, canceled), trial end date, period end date, Stripe customer/subscription ID. To grant the right level of access and bill correctly.
Payment Held by Stripe. We see only: last 4 digits of card, card brand, country, and Stripe's payment status. We do not see or store full card numbers, CVCs, or expiry dates. To process payment.
Usage Which views you open, signals you see, alerts you set, copilot prompts you send (text and timestamps), feature interactions. To run the product, debug issues, and improve features.
Technical IP address (truncated where possible), browser type, device type, timestamps of requests, error logs. For security, abuse prevention, and operational reliability.
Communications Emails you send us, support tickets. To respond to you.

We do not collect: real names (unless you give them to us in a support ticket), home addresses, government ID numbers, social-security numbers, precise location, biometric data, or your funds on any exchange. We have no API write access to your exchange accounts.

3. How we use it

  • Run your account: sign you in, gate your access by subscription status, deliver signals and briefs.
  • Bill you: via Stripe, on the cycle you signed up for.
  • Communicate with you: account-related emails (trial reminders, payment failures, security notices), and product updates if you opt in.
  • Operate and improve the product: diagnose bugs, monitor performance, improve signal quality.
  • Comply with law and protect rights: respond to lawful requests, enforce our Terms, prevent abuse.

Our legal bases (for users in the EU/UK/EEA): performance of our contract with you (running the Service and billing), legitimate interests (security, fraud prevention, product improvement), legal obligations, and consent (where required, e.g. non-essential cookies — which we currently don't use).

4. Who we share with

We share data only with the third-party processors we need to run the Service. We do not sell or rent your personal information.

ProviderWhat they receiveWhy
Supabase Email, hashed password, profile, subscription status, usage data. Authentication and database hosting.
Stripe Email, payment-method details (entered directly into Stripe), billing address. Payment processing.
Anthropic The text of prompts you send to the Copilot, and limited account context. No card details, no email. AI inference for Copilot and Morning Brief.
Netlify Server logs (IP, request URL, status code). Hosting and CDN.
Market-data and news APIs None. We pull data from these providers but don't send them anything about you. Live prices, news headlines, macro data.

We may also share data when legally required (e.g. a valid subpoena), to protect rights or safety, or in connection with a business transfer (merger, acquisition, sale of assets) — in which case we'll notify users and the receiving party will be bound by terms at least as protective as this Policy.

5. Cookies

We use only essential cookies:

  • Authentication cookie (from Supabase) — to keep you signed in.
  • Stripe session cookie — during checkout and the billing portal.

We do not use ad-tech cookies, conversion-tracking pixels, or third-party analytics that profile you across the web.

The cookie notice on the site asks you to acknowledge these essential cookies; you can clear them in your browser at any time (though doing so will sign you out).

6. How long we keep it

  • Account data: for as long as your account exists.
  • Subscription / billing records: as required by tax and accounting rules (typically 7 years).
  • Usage logs: 90 days for live debugging, then aggregated or deleted.
  • Closed signals and the public ledger: retained indefinitely as part of the public performance record (no personal data).

You can ask us to delete your account at any time. Anonymized or aggregate data we have derived from your usage may be retained for analytics, but in a form that no longer identifies you.

7. Your rights

Depending on where you live, you may have the following rights:

  • Access — ask what data we hold on you.
  • Correction — fix anything inaccurate.
  • Deletion — ask us to delete your account and personal data (subject to legal-retention obligations).
  • Export — get a machine-readable copy of your data.
  • Opt out of marketing emails — every marketing email has an unsubscribe link; account / billing emails are mandatory.
  • Object to processing based on our legitimate interests.
  • Withdraw consent where we rely on consent.
  • Complain to your local data-protection authority.

To exercise any of these, email support@vorextrading.io. We'll respond within 30 days.

If you're in California, you have rights under the CCPA/CPRA, including the right to know what's collected, deletion, correction, and to not be discriminated against for exercising those rights. We do not "sell" or "share" personal information as those terms are defined under California law.

8. International transfers

Vorex is operated from the United States. Our processors operate globally. If you access the Service from outside the U.S., your data may be transferred to and processed in the U.S. and other countries. Where required, transfers from the EU/UK/EEA rely on Standard Contractual Clauses or equivalent safeguards put in place by our processors.

9. Security

We take security seriously. Concrete measures include:

  • All traffic is encrypted in transit (TLS 1.3, HSTS enabled).
  • Passwords are hashed at rest (Supabase Auth).
  • Row-level security on database tables; service-role keys only used in server-side functions.
  • No card data passes through our servers — Stripe handles it directly.
  • Access to production systems is limited to the operators who need it, with multi-factor authentication required.

No system is perfectly secure. If you believe your account has been compromised, email us immediately at support@vorextrading.io.

10. Children

Vorex is not for anyone under 18. We don't knowingly collect data from minors. If you believe a minor has created an account, email us and we'll delete it.

11. Changes to this Policy

We may update this Policy occasionally. We'll post the new version on this page with a new "Effective" date. For material changes we'll notify you by email or in-app at least 14 days in advance.

12. Contact

Privacy questions or requests? Email support@vorextrading.io.

Vorex Research
vorextrading.io