Privacy Policy
Effective date: July 1, 2026
This Privacy Policy explains what information VantaEdge.ai collects, why we collect it, and how we handle it. We deliberately collect the minimum needed to run a research platform well.
1. Information we collect
We collect the following categories of information:
- —Account data: name, email address, and a salted, hashed password (we never store plaintext passwords).
- —Product data: strategies, backtest configurations and results, reports, and activity events you generate while using the Service.
- —Billing data: subscription status and purchase history. Card details are handled entirely by Stripe and never touch our servers.
- —Lead data: information you voluntarily submit through research request forms (name, email, interest, budget range, message).
- —Technical data: standard server logs (IP address, user agent, timestamps) used for security and reliability.
2. How we use information
We use your information to:
- —Provide, secure, and improve the Service, including running backtests and generating reports you request.
- —Process payments and manage subscriptions via Stripe.
- —Respond to research requests and support messages.
- —Send transactional emails (account, billing). Marketing email is only sent with consent and always includes an unsubscribe link.
- —Detect abuse and comply with legal obligations.
3. What we do not do
We do not sell your personal data. We do not share your strategies or research with other users. We do not use your private strategy configurations to train public models.
4. Third-party processors
We rely on a small set of processors to operate: hosting infrastructure (e.g. Render), PostgreSQL database hosting, Stripe for payments, and — where configured — OpenAI for AI commentary generation and Resend for transactional email. Each processor receives only the data required to perform its function.
5. Data retention and deletion
Account and product data are retained while your account is active. You may request deletion of your account and associated personal data at any time via the contact form; we will delete or irreversibly anonymize it within 30 days, except where retention is legally required (e.g. billing records).
6. Security
Passwords are hashed with bcrypt. Session tokens are stored only as keyed hashes. All traffic is encrypted in transit via TLS. Access to production data is restricted and logged. No system is perfectly secure — if we become aware of a breach affecting your data, we will notify you without undue delay.
7. Cookies
We use a single first-party, httpOnly session cookie to keep you signed in. We do not use third-party advertising cookies or cross-site trackers.
8. Your rights
Depending on your jurisdiction (including under GDPR and CCPA), you may have rights to access, correct, export, restrict, or delete your personal data, and to object to certain processing. Contact us through the Research Desk form to exercise any of these rights and we will respond within the legally required timeframe.
9. Changes
We may update this policy as the Service evolves. Material changes will be announced on the Service or by email before they take effect.