Privacy Policy

Last updated: January 12, 2026

Rabris AI ("we," "our," or "us") is committed to protecting your privacy and securing your financial data. As a Finance AI chat application, we understand the sensitive nature of financial information and have implemented comprehensive security measures to safeguard your data. This privacy policy explains how we collect, use, protect, and share your information when you use our services.

1. Information We Collect

1.1 Account & Identity Information

When you create an account, we collect:

  • Email address and encrypted password
  • Name and profile information
  • Account preferences and settings

1.2 Financial Query Data

To provide AI-powered financial insights, we process:

  • Stock symbols and tickers you inquire about
  • Market sectors and industries of interest
  • Investment preferences and risk tolerance indicators
  • Chat conversations with our AI assistant

Important: We do NOT collect your actual brokerage account credentials, portfolio holdings, or execute trades on your behalf.

1.3 AI Interaction Data

To improve our AI models and provide personalized assistance:

  • Conversation history with the AI assistant
  • Questions asked and responses provided
  • Feedback on AI-generated insights
  • Usage patterns and feature interactions

1.4 Technical & Usage Data

We automatically collect:

  • IP address, browser type, and device information
  • Session duration and feature usage statistics
  • Error logs and performance data
  • Cookies for authentication and preferences

1.5 Payment Information

We do NOT store your credit card or payment details. All payment processing is handled by PCI-DSS compliant third-party processors (Stripe, PayPal). We only receive confirmation of successful payments and subscription status.

2. How We Use Your Information

2.1 AI-Powered Financial Analysis

Your queries and conversation history are used to provide personalized stock analysis, market insights, and investment research through our integrated AI models (GPT, Claude, Gemini, DeepSeek). This data helps the AI understand context and provide more relevant financial guidance tailored to your interests.

2.2 Service Delivery & Improvements

We analyze aggregated usage data to enhance our platform, develop new features, fix bugs, and optimize AI model performance. This includes improving response accuracy, reducing latency, and adding requested financial data sources.

2.3 Communications

We use your contact information to:

  • Send critical security alerts and system updates
  • Provide subscription and billing notifications
  • Respond to support inquiries
  • Share important market event notifications (if enabled)
  • Send optional newsletters and feature updates (opt-out available)

2.4 Security & Fraud Prevention

We monitor account activity, login patterns, and system access to detect unauthorized use, prevent fraudulent activities, and protect both your account and our platform from security threats.

3. AI Model Data Usage & Third-Party Processing

Important Notice: When you interact with our AI assistant, your queries and conversations are processed by third-party AI providers (OpenAI, Anthropic, Google, DeepSeek).

• Your conversations may be sent to external AI model APIs for processing

• We implement data anonymization where possible before sending to AI providers

• AI providers have their own privacy policies governing data usage

• We do not share personally identifiable financial account information with AI providers

• Conversations are encrypted in transit using industry-standard protocols

• You can request deletion of your conversation history at any time

We strongly recommend NOT sharing sensitive personal financial details (account numbers, passwords, social security numbers) in AI conversations.

4. Data Security Measures

4.1 Encryption & Transmission Security

All data transmitted between your device and our servers is encrypted using TLS 1.3 with 256-bit encryption. Stored data is encrypted at rest using AES-256 encryption standards. Your password is hashed using bcrypt with salt.

4.2 Access Controls & Authentication

We implement multi-factor authentication (MFA), role-based access controls, and the principle of least privilege. Only authorized personnel with legitimate business needs can access user data, and all access is logged and monitored.

4.3 Infrastructure Security

Our infrastructure is hosted on SOC 2 Type II certified cloud platforms with regular security audits, intrusion detection systems, automated vulnerability scanning, and 24/7 security monitoring.

4.4 Regular Security Audits

We conduct quarterly security assessments, penetration testing, and code reviews. Our security practices are continuously updated to address emerging threats and maintain compliance with financial data protection standards.

5. Third-Party Services & Data Sharing

5.1 Financial Data Providers

We integrate with licensed financial data providers (Bloomberg, Yahoo Finance, Alpha Vantage) to retrieve market data, stock prices, news, and company filings. We only share necessary query parameters (stock symbols, date ranges) with these providers.

5.2 Infrastructure & Analytics

We use trusted third-party services for:

  • Cloud hosting and database management (AWS, Google Cloud)
  • Analytics and performance monitoring (Vercel Analytics, Google Analytics)
  • Customer support and communication
  • Payment processing (Stripe, PayPal)

5.3 Legal Obligations

We may disclose your information if required by law, court order, subpoena, or government request. We will notify you of such requests unless legally prohibited from doing so.

Note: We never sell your personal information or financial query data to third parties for marketing purposes.

6. Your Privacy Rights & Controls

6.1 Access & Data Portability

You can request a complete copy of your data in machine-readable format (JSON) at any time. This includes your conversation history, account information, and usage data. We will provide this within 30 days of your request.

6.2 Data Correction & Updates

You can update your account information, email, and preferences at any time through your account settings. If you notice any inaccuracies in your data, contact us for immediate correction.

6.3 Data Deletion & Account Closure

You can request account deletion at any time. Upon deletion:

  • Personal information is deleted within 30 days
  • Conversation history is permanently removed
  • Some data may be retained for 90 days in backups for recovery purposes
  • Financial transaction records may be retained for legal compliance (typically 7 years)
  • Aggregated, anonymized analytics data may be retained indefinitely

6.4 Communication Preferences

You can opt-out of marketing emails and newsletters at any time by clicking "unsubscribe" in any email or updating your notification preferences. Critical security and billing notifications cannot be disabled.

6.5 Conversation History Controls

You can delete individual conversations or clear your entire chat history. Deleted conversations are removed from our active systems within 24 hours and from backups within 90 days.

7. Data Retention Policy

7.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide services, comply with legal obligations, resolve disputes, and enforce our agreements.

7.2 Inactive Accounts

If your account is inactive for 24 months, we may send notifications before archiving or deleting your data. You can prevent this by logging in periodically.

7.3 Deleted Accounts

After account deletion, most personal data is removed within 30 days. Backup copies may persist for up to 90 days. Transaction records and anonymized analytics may be retained longer for legal and business purposes.

7.4 Legal & Compliance Requirements

Certain financial records, payment information, and transaction logs must be retained to comply with tax, accounting, and financial regulations, typically for 7 years from the date of transaction.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to maintain your session, remember preferences, and analyze platform usage.

Essential Cookies: Required for authentication and core functionality (cannot be disabled)

Preference Cookies: Remember your settings and customizations

Analytics Cookies: Help us understand usage patterns and improve the platform

Performance Cookies: Monitor system performance and identify issues

You can control cookies through your browser settings, but disabling essential cookies may impact platform functionality.

9. Children's Privacy

Rabris AI is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately. If you believe a child has provided us with information, please contact us at [email protected].

10. International Data Transfers

Rabris AI operates globally, and your data may be transferred to, stored in, and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Compliance with GDPR for European users
  • Adherence to applicable data protection laws in your jurisdiction
  • Encryption for all cross-border data transfers

11. Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes via email or prominent notice on our platform at least 30 days before the changes take effect. Your continued use of Rabris AI after changes indicates acceptance of the updated policy.