Privacy Policy

Last updated: March 16, 2026

1. Introduction

Alpha Pulsx ("we," "us," "our," or the "Company"), operating from British Columbia, Canada, is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information when you use our website, platform, and services (collectively, the "Service").

This Privacy Policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal privacy law, and the Personal Information Protection Act (PIPA) of British Columbia. For users in California, we also address your rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

By using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: Email address and password (stored as a bcrypt hash; we never store your plaintext password)
  • User preferences: Saved tickers, default timeframe, risk profile, theme preference, notification preferences
  • Communications: Any information you provide when contacting us via email

Account Security: You are responsible for maintaining the confidentiality of your password and for all activity that occurs under your account. You agree to use a strong, unique password and to notify us immediately of any unauthorized use. Alpha Pulsx shall not be liable for any loss or damage arising from your failure to maintain adequate account security.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, signals viewed, timestamps of access
  • Device information: Browser type, operating system, device type
  • Log data: IP addresses, access times, referring URLs

2.3 Information We Do NOT Collect

  • Payment card information: All payment processing is handled by Stripe. We do not receive, access, store, or process your credit card number, debit card number, bank account details, or any other payment card information. Please review Stripe's Privacy Policy for details on how they handle your payment data.
  • Social Security numbers or government IDs
  • Brokerage account information or trading history

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service provision: To create and manage your account, provide access to features, process subscriptions, and deliver signals and analysis
  • Communication: To send you account-related emails (verification, password resets, billing notifications), and service updates
  • Improvement: To analyze usage patterns and improve the Service, fix bugs, and develop new features
  • Security: To detect and prevent fraud, unauthorized access, and other security threats
  • Legal compliance: To comply with applicable laws, regulations, and legal processes

We do NOT sell your personal information to third parties. We do NOT use your personal information for targeted advertising. We do NOT use your personal information for any purpose other than those described in this Privacy Policy without your consent.

No Automated Decision-Making or Profiling: We do not use your personal information for automated decision-making or profiling that produces legal effects or similarly significant effects on you. Our algorithmic signals are generated from publicly available market data and are delivered identically to all subscribers — they are not personalized based on your personal information.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Upon account deletion:

  • Your account data and preferences will be deleted within 30 days
  • Anonymized usage data may be retained for analytics purposes
  • We may retain certain information as required by law, or to resolve disputes, enforce agreements, or protect our legal rights

Retention of Backups: Routine system backups containing your data may persist for up to 90 days after account deletion as part of our standard backup and disaster recovery procedures. These backups are stored securely and are not used for any purpose other than disaster recovery. Backups are automatically overwritten on a rolling basis.

If you request deletion of your personal data, we will process your request in accordance with applicable privacy laws (see Section 7 below).

5. Third-Party Services

We use the following third-party services to operate the platform:

  • Stripe: For payment processing and subscription management. Stripe processes your payment card information directly; we do not receive or store it. See Stripe's Privacy Policy.
  • Yahoo Finance: For market data, price quotes, and financial data used to generate signals and charts. We query Yahoo Finance for publicly available market data; we do not share any of your personal information with Yahoo Finance.
  • Email service provider: For transactional emails (verification, password reset, notifications). Your email address is shared with our email provider solely for the purpose of delivering these emails.

Each third-party service has its own privacy policy governing the data they collect and process. We encourage you to review their respective policies.

6. Cookies

Alpha Pulsx uses essential session cookies only for authentication and session management. These cookies are strictly necessary for the Service to function and cannot be disabled.

Specifically, we use:

  • Authentication token cookie (httpOnly): A secure, httpOnly cookie containing a JWT (JSON Web Token) to maintain your login session. This cookie expires after 7 days.

We do NOT use:

  • Tracking cookies
  • Analytics cookies (e.g., Google Analytics)
  • Advertising cookies
  • Third-party cookies for profiling or behavioral targeting

Do Not Track (DNT) Signals: Some web browsers transmit "Do Not Track" (DNT) signals to the websites you visit. Because Alpha Pulsx does not use tracking cookies, analytics cookies, advertising cookies, or any form of cross-site behavioral tracking, the DNT signal is not applicable to our Service. We do not track your browsing activity across third-party websites, and we do not change our data collection or use practices in response to DNT signals.

7. Your Rights

7.1 Rights Under PIPEDA (All Canadian Users)

Under PIPEDA, you have the right to:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Withdraw consent: Withdraw your consent to the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions)
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada

Consent Withdrawal Process: If you withdraw your consent to the collection, use, or disclosure of your personal information, we may no longer be able to provide you with some or all of the Service. Upon consent withdrawal: (a) your account may be deactivated if the withdrawn consent is essential to Service operation (e.g., consent to process your email address for authentication); (b) data that is no longer needed will be deleted within 30 days; (c) data that we are required by law to retain (e.g., legal acceptance records, billing records, or data needed to resolve disputes) will be retained only for the minimum period required by applicable law; and (d) anonymized or aggregated data that cannot be used to identify you may be retained indefinitely. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal.

7.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following additional rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA

7.3 Rights Under GDPR (European Economic Area Residents)

Alpha Pulsx is not primarily directed at residents of the European Economic Area (EEA). However, if you are located in the EEA and access the Service, the following applies under the General Data Protection Regulation (GDPR):

  • Lawful basis: Our lawful basis for processing your personal data is your consent (provided at account registration) and the performance of a contract (these Terms of Service)
  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate personal data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request restriction of the processing of your personal data
  • Right to data portability: Request your personal data in a structured, commonly used, machine-readable format
  • Right to object: Object to processing of your personal data
  • Right to lodge a complaint: Lodge a complaint with a supervisory authority in your member state

To exercise any GDPR right, contact us at alphapulsx@gmail.com. We will respond within 30 days.

7.4 Additional Rights (All Users)

  • Data portability: Request a copy of your data in a machine-readable format
  • Account deletion: Request complete deletion of your account and all associated data

8. How to Exercise Your Rights

To exercise any of your privacy rights, you may:

We will respond to your request within 30 days, as required by PIPEDA. For CCPA requests, we will respond within 45 days.

Identity Verification: We may require verification of your identity before fulfilling any privacy request, including data access, correction, or deletion requests. This is to protect your account from unauthorized or fraudulent requests. Verification may include confirming your email address or other account details.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Passwords are hashed using bcrypt (industry-standard cryptographic hashing)
  • Authentication tokens are signed with secure secrets (JWT)
  • Session cookies are httpOnly and secure
  • HTTPS encryption for all data in transit
  • Regular security reviews and updates
  • Principle of least privilege for data access

No Guarantee of Security: While we take reasonable measures to protect your information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your personal information, and any transmission is at your own risk. You acknowledge and accept the inherent security risks of providing information online.

Data Breach Notification: In the event of a data breach that affects your personal information, we will notify you and relevant regulatory authorities in accordance with applicable laws, including PIPEDA and PIPA (BC). Notification will be provided as soon as reasonably practicable after discovery of the breach, and will include a description of the breach, the information involved, and steps we are taking in response.

10. International Data Transfers

Alpha Pulsx operates from British Columbia, Canada. If you access the Service from outside Canada, your personal information may be transferred to, stored, and processed in Canada or in the jurisdiction where our servers or third-party service providers are located.

Data Storage Location: Your data is stored on servers located in Canada and/or the United States. Our hosting infrastructure operates servers in these jurisdictions. Third-party service providers such as Stripe may also store data in their own facilities.

By using the Service, you consent to the transfer of your information to Canada and other jurisdictions that may have different data protection laws than your country of residence. We will take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 18 (or the age of majority in their jurisdiction, whichever is higher). We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe that your child under 18 has provided us with personal information, please contact us at alphapulsx@gmail.com, and we will take steps to delete such information.

As a financial information service, all users must be of legal age to independently make financial decisions in their jurisdiction. No exceptions are made for minors with parental consent.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of any material changes by updating the "Last updated" date at the top of this policy.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Information and Privacy Officer

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact our Privacy Officer:

Alpha Pulsx — Privacy Officer
British Columbia, Canada
Email: alphapulsx@gmail.com

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner of British Columbia.