InvestSign
InvestSign
Sign inCreate account
Legal

Privacy Policy

Last updated 9 May 2026

This page describes what InvestSign collects, why we collect it, how long we keep it, and the rights you have over it under the EU General Data Protection Regulation (GDPR) and equivalent regimes.

Who we are

InvestSign is operated by InvestSign Labs. Contact for any privacy question: privacy@investsign.io.

What we collect

1. Account data (when you sign up)

  • Your email address.
  • A bcrypt hash of your password — we never see the plaintext.
  • The timestamp of account creation and the timestamp of each sign-in.

2. Product data (while you use the app)

  • Watchlists, saved filters, paper portfolios, and any settings you explicitly create. Visible only to you.
  • Audit log entries for admin actions on shared resources (data sources, refresh policies, recommendations).

3. Analytics data — only if you consented

When you accept the analytics cookie category we record:

  • Page paths you visit.
  • Coarse interactions (matrix cell opened, signal row clicked, etc.).
  • The first three octets of your IPv4 address (last octet zeroed) or the first 48 bits of your IPv6 address. We do not store full IPs.
  • Your User-Agent string, capped at 255 characters. No fingerprinting, no canvas / WebGL probing.

Analytics data is recorded in our own database. We do not integrate Google Analytics, Mixpanel, Segment, or any other third-party tracker.

Why we collect it

  • Account data — to authenticate you and to operate the service. Lawful basis: performance of contract (Art. 6(1)(b)).
  • Product data — to power the features you used to create it. Lawful basis: performance of contract.
  • Analytics data — to improve the product. Lawful basis: your consent (Art. 6(1)(a)).

How long we keep it

  • Account data: until you delete your account.
  • Product data: until you delete it, or 30 days after account closure.
  • Analytics data: 90 days, then automatically pruned.
  • Audit log: 12 months for admin compliance reasons, then pruned.

Who we share it with

  • Anthropic — when the LLM-backed pillars or recommendation feature run, signal evidence (anonymised, no PII) is sent to Anthropic’s API. Their privacy policy governs that processing.
  • Infomaniak — our infrastructure provider hosts the server. Data is stored in the EU.
  • We do not sell, share, or rent any personal data for marketing or advertising. Ever.

Your rights

Under GDPR you have the right to:

  • Access the data we hold on you.
  • Rectify inaccurate data.
  • Erase your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Withdraw consent for analytics at any time on the Cookie Policy page.
  • Lodge a complaint with your local data-protection authority.

Email privacy@investsign.io and we’ll action any of the above within 30 days.

Cookies

See the dedicated Cookie Policy for the per-cookie list, purpose, and retention period.

Changes to this policy

Material changes are announced in-app and recorded in the docs/CHANGELOG.md entry of the relevant phase. The “Last updated” date at the top reflects the most recent substantive change.

Disclaimer

InvestSign is an informational research tool. Nothing on this site constitutes investment advice, a recommendation to trade, or a solicitation. See the Terms of Service.