Privacy Policy
Effective date: May 25, 2026
1. Who We Are
Mr. Guy Invests (“we,” “us,” or “our”) operates the financial data and education platform available at mrguyinvests.com. This Privacy Policy explains what personal information we collect when you use the Service, how we use it, who we share it with, and the rights you have over your data.
For data privacy enquiries or to exercise your rights, contact the data controller at: support@mrguyinvests.com
By using Mr. Guy Invests you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
2. Information We Collect
Account information: When you register we collect your name (if provided) and email address. Passwords are stored using bcrypt hashing — we never store your password in plain text.
Portfolio and watchlist data: Stocks, assets, and positions you add to your portfolio or watchlist are stored in our database associated with your account.
Inputs to AI features: When you use AI-powered analysis, chat, or Q&A features your queries and any context you provide are transmitted to our AI provider(s) to generate a response. See Section 4 for details on those providers and how inputs are handled.
Billing information: If you subscribe to Mr. Guy Invests Pro, payment is processed by Stripe. We store only your Stripe customer ID and subscription status — we never see or store your full card number.
Usage analytics: We collect information about how you interact with the Service in two ways. Vercel Analytics collects anonymised, cookieless page-view data. Additionally, for logged-in users, we record page visits in our own database (the pages you navigate to, timestamps, and your account ID) to understand feature usage and improve the product.
Onboarding survey responses: When you first sign up, we ask about your investing experience level and goals. These responses are stored anonymously — they are not linked to your account — and are used only for aggregate product analytics. Because they are not linked to you, they cannot be attributed to your account and are not removed when you delete your account.
IP address and device data: Our servers and hosting provider automatically record your IP address, browser type, operating system, and referring URL as part of standard web server logs. This data is used for security, fraud prevention, and aggregate analytics.
Session cookies: We use secure session cookies required for authentication. See Section 6 for details.
What we do not collect: We do not collect Social Security numbers, government-issued ID numbers, brokerage account credentials, or any other sensitive financial account identifiers.
3. How We Use Your Information
- To create and operate your account and provide the Service
- To power AI-driven analysis and personalized features using your portfolio data and query inputs
- To personalise your dashboard, watchlist, alerts, and content recommendations
- To manage your Pro subscription and billing via Stripe
- To send transactional emails — such as email verification, password reset, and subscription receipts — via our email provider
- To generate aggregate, anonymised analytics that help us understand how the product is used and guide product decisions
- To detect fraud, enforce usage limits, and protect the security of the Service
- To comply with legal obligations
We do not sell, rent, or share your personal information with third parties for their marketing or advertising purposes.
Legal basis for processing (GDPR)
If you are located in the EEA or UK, the following legal bases apply:
| Processing activity | Legal basis |
|---|---|
| Account creation & authentication | Contract |
| Portfolio, watchlist & AI features | Contract |
| Billing & subscription management | Contract |
| Transactional emails | Contract |
| Page-level usage analytics | Legitimate interests (improving the Service) |
| Security logging & fraud prevention | Legitimate interests (protecting the Service) |
| Legal compliance | Legal obligation |
4. Third-Party Services
We rely on the following third-party providers to deliver the Service. Each provider operates under its own privacy policy and data processing terms.
Vercel — cloud hosting, deployment, and infrastructure. Vercel processes server logs including IP addresses. Vercel Analytics and Speed Insights collect anonymised page-view and performance data.
Neon / PostgreSQL — managed database hosting. Your account data, portfolio data, and watchlist data are stored here.
Stripe — payment processing and subscription management. When you subscribe, your payment details are submitted directly to Stripe. We receive only a customer ID and subscription status. Stripe's privacy policy governs all payment data.
Resend — transactional email delivery. Your email address is shared with Resend solely to deliver emails we send you (verification links, password resets, subscription notices).
Anthropic Claude API — AI-generated analysis and responses. Queries you submit to AI features are sent to Anthropic's servers for processing. We do not store your AI inputs beyond the current session; Anthropic may retain inputs subject to their own data retention policies.
xAI (Grok API) — AI-generated features. Certain AI features route queries through xAI's servers. The same session-only retention policy applies on our end; xAI's policies govern their handling.
DeepSeek API — AI-generated analysis. Certain AI analysis features route queries through DeepSeek's servers. DeepSeek is operated by a Chinese company and is subject to Chinese data laws, which may include government access to data. The same session-only retention applies on our end; DeepSeek's policies govern their handling. EEA/UK users should be aware that no EU adequacy decision exists for China.
Third-party market data providers and SEC EDGAR — stock prices, financial data, and public regulatory filings. These are read-only data sources; we do not share your personal information with them.
We are not responsible for the independent privacy practices of these third-party providers. We encourage you to review their privacy policies directly.
5. Data Retention
Your account data — including your email address, name, portfolio data, watchlist, and preferences — is retained for as long as your account is active. You may request deletion of your account and all associated personal data at any time (see Section 7). Upon a valid deletion request we will remove your personal data from our systems within 30 days.
AI inputs: We do not store queries or responses from AI features beyond the current browser session. Your inputs are sent to the applicable AI provider in real time and are not persisted in our database after the session ends.
Stripe independently retains billing records as required by financial and tax regulations. Server logs are retained for a limited period for security and debugging purposes.
6. Cookies and Tracking
We use functional session cookies that are strictly necessary to keep you authenticated while you use the Service (managed via NextAuth.js). We do not use advertising cookies, third-party tracking cookies, or behavioural profiling cookies.
Vercel Analytics collects anonymised performance and page-view data using privacy-preserving methods that do not require persistent cookies or fingerprinting.
For logged-in users, we also record page navigation events in our own database to understand how features are used (see Section 2). This is first-party tracking tied to your account and is not shared with third parties. You may opt out by contacting us at support@mrguyinvests.com.
A cookie notice is displayed on your first visit. You may accept or decline non-essential analytics at any time.
7. Children's Privacy
The Service is available to users aged 13 and older. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has registered an account, we will promptly delete that account and any associated personal data.
If you are a parent or guardian and believe your child under 13 has created an account, please contact us immediately at support@mrguyinvests.com so we can remove the account. Users aged 13–17 should review this Privacy Policy with a parent or guardian.
8. Your Rights
Depending on your location you may have the following rights regarding your personal data. To exercise any of them, contact us at the address in Section 11.
Delete your account: You may request deletion of your account and all associated personal data at any time. We will process the request within 30 days.
Export your data: You may request a copy of the personal data we hold about you in a portable, machine-readable format.
Opt out of analytics: You may opt out of usage analytics collection by contacting us. Note that strictly necessary session cookies required for authentication cannot be disabled without affecting your ability to sign in.
Access and correction: You may request access to your personal data or ask us to correct inaccurate information.
GDPR (EEA / UK) rights: If you are located in the European Economic Area or United Kingdom, you have rights under the GDPR including the right to access, rectify, erase, restrict processing, and object to processing of your personal data, as well as the right to data portability.
CCPA (California) rights: California residents have the right to know what personal information we collect and how it is used, the right to delete personal information, and the right to opt out of sale of personal information. We do not sell personal information.
9. Security
We implement industry-standard security measures including bcrypt password hashing, HTTPS encryption on all connections, and JWT-based secure session management. Access to production data is restricted to authorised personnel only.
No system is 100% secure and we cannot guarantee the absolute security of your information. In the event of a data breach that materially affects your personal data, we will notify affected users as required by applicable law.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes we will update the effective date at the top of this page and, where appropriate, notify registered users via email. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.
11. Contact Us
For privacy-related questions, data deletion requests, or data export requests, please contact us at: support@mrguyinvests.com