Back
V
NPERLegal
Legal

Privacy Policy

This policy explains what data NPER collects, why we collect it, who we share it with, and the rights you have over it. Written plainly. Updated whenever something material changes.

Last updated · May 13, 2026
Short version: we collect the data we need to run a trading-info platform — your email, your interests, your votes, your chat messages, basic usage signals. We don't sell it. We use a small set of named subprocessors (Supabase, Stripe, Anthropic, Vercel, Yahoo Finance). You can export or delete your account from settings or by emailing us.

01A two-paragraph summary

NPER is operated by NPER Group(the "Service", "we", "us"). We are the data controller for the personal data described in this policy.

We collect three categories of data: (1) what you tell us — your email, password, nickname, avatar, interests, and any messages you post; (2) what your use of the Service generates — sentiment votes, watchlist symbols, backtest configurations, and basic usage logs; and (3) what your device and browser send — IP address, user-agent, and necessary cookies. We do not collect payment-card numbers directly; Stripe handles those.

02What we collect

Account data

  • Email address — required for login, password recovery, and important account notifications.
  • Password — stored as a salted hash; we never see the plaintext.
  • Display name & avatar — shown on your public profile and in chat. Optional.
  • Trading interests — the categories you pick during onboarding (e.g. Stocks, Crypto, Day Trading). Used to tailor the daily briefing and discoverability.

Usage & product data

  • Sentiment votes— which option you picked on a community poll, when you voted, and a snapshot of the crowd's split at vote time (used to compute your Edge score).
  • Watchlist & alerts — tickers you save and price-alert rules you create.
  • Quant Lab activity — backtest configurations and custom strategy recipes you save. Recipes are stored both in your browser (localStorage) and, when shared, on our servers.
  • Chat messages & group memberships — what you post in public or invitation-only chat rooms, and which rooms you belong to.
  • Follow graph — who you follow and who follows you.

Technical data

  • IP address — to enforce rate limits and detect abuse.
  • Browser & device info — user-agent string, screen size, language. Used for responsive design and crash diagnostics.
  • Session cookies — see Cookies Policy.
  • Server logs — request paths and status codes, retained for security and debugging.

Payment data

We use Stripe to process payments. We never receive or store your full card number. Stripe gives us a customer ID, the last four digits of the card, the billing country, and your subscription status — which we use to grant the right plan tier on your account.

What we do NOT collect

  • Brokerage credentials, trading account balances, or live order flow from your broker. NPER does not execute trades.
  • Health, biometric, or precise geolocation data.
  • Government identification numbers.
  • Behavioral tracking from sites outside of NPER.

03How we use it

We use the data above for the purposes listed here, and no others:

  • Run the Service. Authenticate you, serve your briefing, render charts, run your backtests, deliver chat messages, tally sentiment votes, generate AI replies.
  • Personalize. Tailor the daily briefing and newsfeed to your interest categories, surface the symbols you watch.
  • Bill you. If you subscribe to a paid plan, send the relevant data to Stripe to charge your payment method.
  • Keep things working. Detect abuse, throttle bots, debug crashes, study aggregate usage to decide what to build next.
  • Talk to you. Send account notifications (password resets, billing receipts), and — only if you opt in — product updates or marketing emails.
  • Comply with the law. Respond to subpoenas, court orders, and statutory requests where we are required to.
We don't sell your personal data.We don't share it with advertisers. We don't train third-party AI models on your private chat content. The only third-party AI inference we use (Anthropic) sees the prompt needed to generate the response and discards it per their retention policy — your messages are not used to train their models.

04Who we share it with

We rely on a small set of named "subprocessors" — vendors who process data on our behalf to deliver the Service. Each is listed below with what they receive and what they do with it. Their own privacy policies apply to that processing.

SupabaseDatabase + auth (chat rooms, sentiment polls, follows, user records). Hosted on AWS within the operator-selected region. Receives: email, password hash, profile fields, chat content, votes, follow graph.
StripePayments. Receives: email, billing address, card details (handled entirely by Stripe), subscription history. We receive back only the customer ID, last-four, country, and status.
VercelHosting + CDN. Receives: every HTTP request to the Service — IP address, user-agent, request path, response status. No application-level personal data is stored by Vercel.
AnthropicAI inference for Prof. NPER and the daily briefing summaries. Receives: the prompt we construct on the server (which may include public-market context and a small slice of recent conversation if you're chatting with Prof. NPER). Not used for model training, per Anthropic's commercial terms.
Yahoo Finance (via yahoo-finance2)Market quotes and historical data. Receives: the ticker symbols you query. Does not receive your account identity.

05Cookies & similar tech

We use a small number of essential cookies — for login session, for your saved color-scheme preference, and for CSRF protection on sensitive forms. We do not use advertising cookies or cross-site tracking pixels. See the full breakdown in our Cookies Policy.

06How long we keep it

We keep your data only as long as we have a reason to:

  • Account data — for as long as your account is open. When you delete your account, we erase identifying fields within 30 days and retain only anonymized aggregates needed for historical reporting (e.g. total votes cast on a poll).
  • Chat messages — kept while the room exists. When you leave a room or delete a message it disappears from live views; we retain backup copies for up to 30 days.
  • Server logs — 30 days for routine access logs, 12 months for security-relevant events.
  • Billing records — kept for the period required by applicable tax and accounting law (typically 7 years).
  • Backups — encrypted daily backups roll off on a 35-day cycle.

07Your rights

Depending on where you live, you may have some or all of the following rights. We honor them globally — not just where law requires us to:

  • Access — request a copy of the personal data we hold about you.
  • Correct — update inaccurate or incomplete data, directly from settings or by emailing us.
  • Delete — close your account and have your personal data erased (with the retention exceptions noted in §6).
  • Export — download a machine-readable archive of your account data.
  • Object — tell us to stop using your data for a particular purpose (e.g. marketing emails).
  • Withdraw consent — where processing is based on consent, withdraw it without affecting prior processing.
  • Lodge a complaint — with your local supervisory authority (for EU users, your national Data Protection Authority).

To exercise any of these rights, email privacy@npergroup.com. We'll verify your identity and respond within 30 days.

08International transfers

Our subprocessors operate globally. Your data may be transferred to and processed in countries outside your country of residence, including the United States. Where required, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms to ensure your data carries the protections of your home jurisdiction.

09Security

We follow industry-standard security practices: encrypted connections (TLS), encrypted storage at rest, salted password hashing, principle-of-least-privilege access controls, regular dependency scanning, and rate-limited authentication endpoints.

No system is perfect. If you spot a vulnerability, please disclose it responsibly to security@npergroup.com— we'll credit responsible reporters in our security page.

10Children

NPER is not intended for users under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently done so, contact privacy@npergroup.comand we'll delete it.

11Changes to this policy

When this policy changes, we update the "Last updated" date at the top. Material changes — for example, a new subprocessor with broader data access — are also announced by email at least 14 days in advance, so you have time to review and, if you disagree, close your account.

12How to reach us

For anything privacy-related — questions, complaints, or to exercise any of the rights in §7 — email privacy@npergroup.com.

Contact
Questions about this document?
NPER Group privacy@npergroup.com
Registered address — to be updated before public launch.