Overview
Overpriced.ai ("we", "us", "our") is an AI-powered investment research platform currently in limited beta. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your personal information. By using the Service, you consent to the practices described in this policy.
Data We Collect
We collect the following categories of information:
Information You Provide
- Account Information: Email address and name provided during registration.
- Waitlist Information: Email address and name submitted through our waitlist form.
- AI Chat Inputs: Questions and prompts you submit to our AI chat and research agents.
- Support Communications: Any messages you send to us via email.
Information Collected Automatically
- Usage Data: Pages visited, features used, stock tickers analyzed, and general interaction patterns — used to improve the platform.
- Device Information: Browser type, operating system, and screen resolution — used for compatibility and responsive design.
- Log Data: IP address, access times, and referring URLs — used for security and abuse prevention.
Account-Linked Data
- User Data: Watchlists, portfolio holdings, paper trades, price alerts, research reports, and user settings are stored server-side in our Supabase database, linked to your account. This data is protected by row-level security policies so only you can access it.
How We Use Your Data
- To provide, maintain, and improve the Service.
- To authenticate your identity and manage your account.
- To process your AI analysis and research requests.
- To monitor for abuse, fraud, and security threats.
- To communicate important updates about the platform (e.g., beta status changes, new features, or Terms updates).
- To analyze aggregate usage patterns and improve the user experience.
We do not sell your personal data to third parties. We do not use your data for advertising. We do not build marketing profiles from your activity.
Third-Party Services
We use the following third-party services to operate the platform. Each processes data according to their own privacy policies:
- Supabase: Authentication, user management, and database storage. Your email and account data are stored on Supabase infrastructure.
- Anthropic (Claude): AI-powered chat, analysis, and research report generation. Your queries and relevant financial context are sent to Anthropic's API for processing.
- Google (Gemini): Fallback AI model for chat functionality. Queries may be sent to Google's API when the primary AI provider is unavailable.
- xAI (Grok): Sentiment analysis of news and social media. Stock ticker data is sent to xAI's API for processing.
- Financial Modeling Prep (FMP): Financial data provider. Stock ticker symbols are sent to retrieve publicly available market data.
- Vercel: Hosting and deployment infrastructure. Standard web server logs are collected.
- Stripe: Payment processing (for future paid plans). We do not store credit card numbers — all payment data is handled directly by Stripe.
AI Data Processing
When you use our AI features (chat, research, sentiment analysis), please be aware:
- Your queries and prompts are sent to third-party AI providers for processing.
- We do not use your queries to train our own AI models.
- Third-party AI providers may have their own data retention and usage policies. We recommend reviewing the privacy policies of Anthropic, Google, and xAI for details.
- Do not share sensitive personal or financial information (account numbers, passwords, SSNs) in AI chat conversations.
Data Retention
- Account Data: Retained for as long as your account is active. Deleted upon account deletion.
- Waitlist Data: Retained until you are granted access or request removal.
- Research Cache: AI-generated research reports may be cached temporarily to improve performance and reduce redundant API calls.
- Usage Logs: Retained for up to 90 days for security and debugging purposes, then automatically purged.
- User Data (Watchlists, Portfolio, Alerts, etc.): Stored server-side and retained for as long as your account is active. Deleted upon account deletion or via the Settings page.
Data Security
We implement industry-standard security measures to protect your data, including:
- Encrypted data transmission (HTTPS/TLS) for all communications.
- Secure authentication managed by Supabase with session-based access control.
- Environment-level API key protection — no secrets are exposed to the client.
- Invite-only access to limit the attack surface during beta.
No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security of your data. You are responsible for keeping your login credentials confidential.
Cookies & Local Storage
- Authentication Cookies: We use secure, HTTP-only cookies to maintain your login session. These are essential for the Service to function.
- localStorage: May be used for non-critical UI preferences only. Your watchlist, portfolio, paper trades, alerts, and settings are stored server-side in Supabase, linked to your account.
- We do not use third-party tracking cookies, advertising cookies, or analytics cookies.
Your Rights
You have the following rights regarding your personal data:
- Access: You can request a copy of the personal data we hold about you.
- Deletion: You can delete your account and all associated data from the Settings page. Upon deletion, all personal data is permanently removed from our systems.
- Correction: You can request correction of inaccurate personal data by contacting us.
- Portability: You can request your data in a portable format.
- Withdrawal of Consent: You may stop using the Service at any time.
To exercise any of these rights, contact us at support@overpriced.ai.
Children's Privacy
The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a user is under 18, we will promptly delete their account and associated data.
International Data Transfers
Your data may be processed and stored in the United States or other countries where our third-party service providers operate. By using the Service, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a prominent notice on the platform. Continued use of the Service after changes constitutes acceptance of the updated policy. The "Last updated" date at the top of this page indicates when the policy was last revised.