Gainwise

Privacy Policy

Last updated: April 3, 2026

1. Introduction

Gainwise ("we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform at gainwise.io ("the Service").

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address, name (via Google OAuth or email signup)
  • Portfolio data: Stock tickers, share quantities, cost basis, sectors you enter
  • Onboarding preferences: Risk tolerance, investment timeline, experience level
  • Subscription data: Billing information processed through Stripe (we do not store credit card numbers)

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, analysis and research counts
  • Device data: Browser type, operating system, screen resolution (via Google Analytics)
  • Cookies: Authentication tokens, session data, and analytics cookies (see Section 7)
  • Log data: IP address, access times, referring URLs

3. How We Use Your Information

  • To provide and operate the Service, including AI-generated analyses and briefs
  • To personalize your experience (news, research, learning content)
  • To send your portfolio data to AI providers for analysis processing
  • To process payments and manage subscriptions
  • To send transactional emails (weekly briefs, account notifications)
  • To monitor usage for tier limits and abuse prevention
  • To improve the Service through anonymized analytics
  • To comply with legal obligations

4. Third-Party Services

We share data with the following third-party services to operate the platform:

Supabase

Database and authentication. Stores your account and portfolio data. Data encrypted at rest and in transit.

OpenRouter / Anthropic (Claude)

AI analysis provider. Your holdings data is sent for processing. These providers do not retain or train on your data per their terms of service.

Stripe

Payment processing. Handles all billing data. We never see or store your full credit card number.

Google Analytics (GA4)

Web analytics. Collects anonymized usage data, page views, and device information. You can opt out using browser settings or extensions.

Vercel

Hosting and deployment. Processes requests and may collect server-level logs including IP addresses.

Financial Data APIs

Stock quotes and market data. Your ticker list is sent to retrieve pricing data. No personal information is shared.

5. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Portfolio data: Retained while your account is active. Deleted upon account deletion.
  • AI-generated content: Briefs and analyses are retained for your access. Deleted upon account deletion.
  • Analytics data: Retained per Google Analytics default policies (14 months).
  • Server logs: Retained for up to 30 days for security and debugging.

6. Your Rights

Depending on your location, you may have the following rights:

All Users

  • Access your personal data
  • Request correction of inaccurate data
  • Delete your account and all associated data
  • Export your portfolio data

California Residents (CCPA)

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt out of the sale of personal information (we do not sell personal data)
  • Right to non-discrimination for exercising these rights

European Economic Area Residents (GDPR)

  • Right of access, rectification, erasure, and data portability
  • Right to restrict or object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at privacy@gainwise.io.

7. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication and basic Service functionality. Cannot be disabled.
  • Analytics cookies: Google Analytics (GA4) cookies that help us understand how the Service is used. You can opt out by declining analytics cookies in the cookie banner, using browser settings, or installing the Google Analytics Opt-out Browser Add-on.
  • Local storage: We store cached research and news results in your browser's local storage for performance. This data never leaves your device.

8. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit (TLS/HTTPS) and at rest
  • Authentication is handled through Supabase with secure token management
  • Database access is protected by Row Level Security (RLS) policies
  • We do not store passwords (authentication via Google OAuth or Supabase Auth)
  • Payment data is handled entirely by Stripe (PCI DSS compliant)

No system is 100% secure. If you become aware of a security vulnerability, please report it to security@gainwise.io.

9. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

10. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place for international transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

For privacy-related questions or requests, contact us at privacy@gainwise.io.