Privacy Policy

Risks Vision (“we”, “us”, “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered risk analysis and market intelligence platform (the “Service”).

This policy applies to all users of the Service, including visitors to our website, registered account holders, and anyone whose data we process in connection with the Service. It also describes our practices regarding artificial intelligence systems and third-party AI integrations that may process your data to deliver the Service.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Service.

The data controller responsible for your personal data in connection with the Service is Risks Vision. For privacy-related inquiries, data subject requests, or concerns about how we handle your data, you may contact us at:

• Privacy / DPO: privacy@risksvision.xyz
• General: support@risksvision.xyz

We will respond to legitimate requests within the timeframes required by applicable law (e.g., generally within 30 days for GDPR-style requests).

We collect information that you provide directly, that we obtain automatically when you use the Service, and that we receive from third parties where relevant.

Information you provide

• Account and profile data (e.g., email address, name, password)
• Payment and billing information (processed by our payment providers)
• Communications with us (e.g., support tickets, contact forms)
• Content you submit to the Service (e.g., chat messages, portfolio inputs, queries to AI assistants, risk parameters)

User-generated code and strategy parameters (“strategy data”)

If you use features such as the Strategy Builder, sandbox, or related tools, we collect the prompts, parameters, mathematical definitions, and generated or edited code that you provide (“User-Generated Code and Strategy Parameters”). This may include natural-language prompts, indicator settings, risk rules, and code artifacts produced in the product workflow.

Storage format. To support versioning, rollback, auditing, and backtesting, strategy data may be stored in our systems (including databases such as PostgreSQL) in forms required for operation—this can include structured storage and, where needed for your workflow, human-readable or plain-text representations of prompts and strategy logic. We apply access controls and security measures described in this policy.

Market data vs. your analysis data

We distinguish between: (a) market and platform datasets—such as curated market feeds, news, sentiment features, or analytical datasets we license or maintain (including columnar files such as Parquet where used internally)—which are part of Risks Vision's data assets and are not your personal property; and (b) your analysis outputs—such as backtest results, metrics, logs, and reports generated from your strategy data and your use of the Service, which are linked to your account.

Visibility of backtests. Your backtest and simulation results are treated as private to your account unless you choose to share them (for example, through a public strategy listing, marketplace, leaderboard, or similar feature if and when we offer it). We do not make your private backtest results publicly visible by default.

Information we collect automatically

• Usage data (features used, pages visited, session duration)
• Device and technical data (IP address, browser type, operating system)
• Log data (access times, errors, security-relevant events)

We do not sell your personal data. We use the data above to provide, secure, and improve the Service and to comply with legal obligations.

How we use AI. The Service uses artificial intelligence (including large language models and other ML systems) to provide risk analysis, market insights, chat-based assistance, and related features. Your queries, inputs, and certain context may be processed by these systems to generate responses and analyses.

Third-party AI providers.

We may use third-party AI and infrastructure providers (e.g., cloud and API providers that host or power AI models) to operate the Service. When we do, we ensure that:

• We only send data necessary to deliver the requested functionality
• We use contractual and technical safeguards so that providers process data in line with our instructions and applicable law
• We do not allow providers to use your personal data or your content to train their own general-purpose models unless we have clearly disclosed that and, where required, obtained your consent

Google Cloud and Gemini.

We use Google Cloud services and Google's Gemini family of models (for example via APIs associated with Google Cloud Vertex AI, Google AI Studio, or comparable Google Cloud–hosted endpoints). Your prompts, strategy-related text, and other inputs you send to AI features may be transmitted to and processed on Google's infrastructure to generate responses. The specific product terms, data-processing terms, and region settings that apply depend on how your workspace is configured.

Training and model improvement. For applicable Google Cloud enterprise and API offerings, Google's documentation and terms generally state that customer content submitted through those services is not used to train or improve Google's public foundation models in the way that consumer free-tier products sometimes describe. Because terms evolve by product and region, you should review the then-current Google Cloud and Gemini API terms that apply to your account. Nothing in this policy overrides those third-party terms.

No sale or use of your content for external training.

We do not sell your chat history, portfolio data, strategy data, or other content to third parties for training AI models. Any use of aggregated or anonymized data for improving our Service will be done in a way that does not identify you.

If we introduce new AI features or providers that involve different data practices, we will update this policy and, where legally required, seek your consent or offer opt-out options.

Where applicable data protection laws (e.g., GDPR, UK GDPR) require a legal basis, we rely on:

• Contract: Processing necessary to provide the Service and perform our contract with you
• Legitimate interests: Improving the Service, security, analytics, and communicating with you, where balanced against your rights
• Consent: Where we ask for your consent (e.g., optional marketing, non-essential cookies, or specific AI uses if we introduce them)
• Legal obligation: Where we must process data to comply with law

You may withdraw consent at any time where it applies; withdrawal does not affect the lawfulness of processing before withdrawal.

We use the data we collect to:

• Provide, operate, and maintain the Service (including AI-powered features)
• Authenticate you and manage your account
• Process payments and enforce our terms
• Store, version, execute, and backtest User-Generated Code and Strategy Parameters as described in Section 3
• Respond to your requests and support inquiries
• Send service-related and, where permitted, marketing communications
• Monitor and improve performance, security, and user experience
• Comply with legal obligations and protect our rights
• Conduct analytics in aggregated or anonymized form

We will not use your personal data for purposes materially different from those described here without updating this policy and, where required by law, obtaining your consent.

We may share your data only in the following circumstances:

• Service providers: Vendors that help us operate the Service (hosting, AI/ML providers, payment processors, analytics, support tools) under strict confidentiality and data-processing terms
• Legal and safety: When required by law, court order, or government request, or to protect the rights, safety, or property of Risks Vision, our users, or the public
• Business transfers: In connection with a merger, sale of assets, or acquisition, subject to the same privacy commitments

We do not sell or rent your personal data to third parties for their marketing or other unrelated purposes.

Your strategy intellectual property. Risks Vision does not sell, license, or disclose your User-Generated Code and Strategy Parameters, or your private mathematical or trading logic (“alpha”), to third parties, hedge funds, or data brokers for their independent commercial exploitation. Service providers (such as cloud or AI hosts) may process such data solely to provide the Service under our instructions, as described in Section 4. If you voluntarily publish or share content through a marketplace, leaderboard, or similar feature, additional terms shown at the time of sharing may apply.

We retain your data only for as long as necessary to fulfill the purposes in this policy, unless a longer retention period is required or permitted by law.

• Account data: For the duration of your account plus a reasonable period afterward for support, disputes, and legal compliance
• Usage and logs: For a limited period to support security, debugging, and improvement
• AI interactions: As needed to provide the Service and improve quality (e.g., in anonymized or aggregated form), in line with this policy
• Strategy code and versions: User-Generated Code and Strategy Parameters, including prior iterations produced through versioning, loops, or rollback features, may be retained so you can restore earlier versions and reproduce backtests. When you delete your account, we will delete or irreversibly destroy associated strategy artifacts and linked backtest outputs stored in our primary databases (including PostgreSQL where applicable) and object storage (including Google Cloud Storage buckets or equivalent), subject to backup rotation and legal retention requirements.

After you delete your account or request deletion, we will delete or anonymize your personal data in line with our retention schedule and legal obligations, except where we must retain it for legal, regulatory, or legitimate business purposes.

We implement technical and organizational measures to protect your data against unauthorized access, loss, alteration, or disclosure, including:

• Encryption in transit (e.g., TLS) and at rest where appropriate
• Access controls and authentication
• Regular review of our security practices and vendor agreements
• Training and policies for personnel who handle personal data

Isolation of execution (sandbox / Cloud Run). Where we execute user-generated code or backtests in isolated runtimes (for example ephemeral containers or serverless environments on Google Cloud Run or similar), we design those environments to reduce cross-tenant risk: jobs are typically short-lived, segregated from other users' data, and restricted so your strategy execution cannot read another customer's private datasets. Network and egress policies may limit or block general-purpose outbound internet access from execution environments where doing so is necessary to protect Risks Vision's market data, your data, and platform integrity. Exact technical controls may evolve with the product.

No system is completely secure. We cannot guarantee absolute security but we will notify you and relevant authorities of a personal data breach where required by law.

Depending on your location, you may have the following rights in relation to your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your data, subject to legal and legitimate retention needs
• Restriction: Request that we limit how we use your data in certain circumstances
• Portability: Request a copy of your data in a structured, machine-readable format where technically feasible
• Object: Object to processing based on legitimate interests or, where applicable, to direct marketing
• Withdraw consent: Where processing is based on consent, withdraw it at any time
• Complaint: Lodge a complaint with a supervisory authority in your country

To exercise these rights, contact us at privacy@risksvision.xyz. We may need to verify your identity. You can also use in-product settings (e.g., account deletion, preferences) where available.

We use cookies and similar technologies (e.g., local storage) to provide the Service, remember your preferences, analyze usage, and improve security.

Essential: Necessary for the Service to function (e.g., authentication, security). These typically do not require consent under laws that distinguish essential from non-essential cookies.

Analytics and performance: Help us understand how the Service is used. Where required, we will obtain your consent before using non-essential analytics cookies.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

IDE and execution telemetry. When you use code-oriented features (for example the Strategy Builder or sandbox), we may collect limited technical telemetry such as build or compile failures, Python syntax or runtime errors, execution timeouts, and similar diagnostic events from isolated execution environments (e.g., Cloud Run). This information is used strictly to debug the system, improve reliability, and enhance AI-assisted code generation. We do not use this telemetry to profile your personal finances, and we do not treat it as a substitute for knowing your account balances or positions unless you explicitly provide that data elsewhere in the Service.

Your data may be processed in countries other than your country of residence, including where our service providers or AI infrastructure are located. Where we transfer data from the EEA, UK, or other regions with strict transfer rules, we implement appropriate safeguards (e.g., standard contractual clauses, adequacy decisions) as required by applicable law.

You may request details of the safeguards we use for such transfers by contacting privacy@risksvision.xyz.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at privacy@risksvision.xyz and we will delete it promptly.

We may update this Privacy Policy from time to time. We will post the updated policy on this page and indicate the “Last Updated” date. For material changes, we will provide additional notice (e.g., by email or a prominent notice in the Service) where required by law.

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated policy, except where further consent or other steps are required by law.

For privacy questions, data subject requests, or complaints about our handling of your data:

• Privacy / Data protection: privacy@risksvision.xyz
• Support: support@risksvision.xyz

Last Updated: April 13, 2026