GEX Edge
Get access
Note: This document is a v1 template prepared in good faith. It has not yet been reviewed by counsel for your jurisdiction. If you operate in a regulated industry or sell to consumers outside the U.S., have an attorney review before you rely on it.

Legal

Privacy Policy

Effective date: May 1, 2026

This Privacy Policy explains what GEX Edge ("we", "us") collects from you, why we collect it, and how we handle it. We aim to collect the minimum information needed to run a paid analytics product.

1. Information we collect

  • Email address. Required to create an account and send sign-in magic links and billing receipts.
  • Payment information. Card details and billing address are collected and stored by Stripe — we do not see or store full card numbers. We retain the Stripe customer ID, subscription ID, and current subscription status for entitlement checks.
  • Usage data. Symbols you query, watchlist items, and timestamped GEX snapshots are stored in your account so you can revisit them. We log API request metadata (timestamp, endpoint, response status) for reliability and abuse prevention.
  • Device and request data. Standard server logs include IP address, user agent, and request paths. Used for rate limiting and security investigations.
  • Analytics events. If we enable a privacy-respecting product analytics tool (e.g. PostHog), we record anonymized page-view and feature-use events to understand product behavior in aggregate. We do not sell this data.

2. How we use your information

  • To authenticate you (magic links).
  • To process payments and manage subscriptions (via Stripe).
  • To provide the Service — including delivering GEX data, generating commentary, and remembering your watchlist.
  • To monitor reliability, detect abuse, and respond to support requests.
  • To send transactional email (sign-in links, billing receipts, critical service notices). We do not send marketing email without opt-in consent.

3. Sharing with third parties

We use a small set of vendors to operate the Service. Each only receives the data needed to perform their function:

  • Stripe — payment processing, subscription management, customer portal.
  • FlashAlpha (and any future data providers) — we send the symbol you request to fetch market data. Your identity is not shared with the data provider.
  • Anthropic — when generating AI commentary, we send the deterministic GEX snapshot summary (symbol, levels, regime classification) to the Claude API. We do not send your email, payment info, or account ID.
  • Hosting / infrastructure — Vercel (hosting), Neon (Postgres), Upstash (Redis cache), Resend (transactional email), Sentry (error monitoring) if enabled, PostHog (analytics) if enabled.

We do not sell your personal information. We may disclose information if compelled by valid legal process, or to protect our rights or the safety of users.

4. Cookies and similar technologies

We use a small number of essential cookies to keep you signed in and to remember preferences. We do not use advertising or cross-site tracking cookies.

5. Data retention

We keep account data for as long as your account is active. After you delete your account, we remove personal information within 30 days except where retention is required by law (e.g. tax records related to subscription payments). Anonymized usage logs may be retained longer for security and analytics aggregates.

6. Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete the personal information we hold about you, and to object to or restrict certain processing. To exercise these rights, email us at hello@gexedge.com and we will respond within 30 days.

7. Security

We use industry-standard practices: TLS in transit, hashed authentication tokens (the raw magic-link token is never stored), and access controls on production systems. No system is perfectly secure; you use the Service at your own risk.

8. Children

The Service is for users 18 and older. We do not knowingly collect information from anyone under 18. If you believe a child has provided us with information, contact us and we'll delete it.

9. International users

We operate primarily from the United States. By using the Service, you consent to your information being processed in the U.S. and any other country where we or our vendors operate.

10. Changes to this Policy

We may update this Policy from time to time. Material changes will be noted by updating the "Effective date" above and, where appropriate, by emailing active subscribers.

11. Contact

Questions about this Policy or your data? Email hello@gexedge.com.