Privacy Policy
Plain-language summary: bipsai is a research tool. We collect the minimum needed to run the app, we do not sell or share your personal information, and we have no access to brokerage accounts or trade history — the app does not connect to any.
Capitalized terms used but not defined in this Privacy Policy — including "Service" — have the meaning given in our Terms of Use.
01Who we are & scope
Pocket Atelier LLC ("bipsai," "we," "us"), 5900 Balcones Drive, Ste 100, Austin, TX 78731, USA, operates the bipsai mobile application (iOS and Android) and the bipsai website (bipsai.app). For users in the European Economic Area and the United Kingdom, Pocket Atelier LLC is the data controller for the personal data described here. This Privacy Policy explains what information we collect when you use these services, how we use it, and your choices. By using bipsai, you agree to the practices described here.
02Information we collect
Account information
When you create an account, we collect the identifier provided by your sign-in method: an email address (via a one-time sign-in code or single sign-on) or a tokenized identifier from a third-party sign-in provider, plus the display name you set during onboarding. We do not store passwords. We do not collect brokerage credentials, financial-account data, holdings, or transaction history.
In-app data
- Watchlists and preferences — the tickers you track and the in-app settings you configure.
- In-app activity — a timestamped record of the analyses you open, associated with your account to enforce your plan's monthly analyses quota (measured per billing cycle). For accounts without a subscription, we also record the single ticker you choose for your one-time sample analysis. This activity record is held against your account (it is not the anonymous website analytics described in §03) and is deleted when you delete your account.
- Subscription status — your current plan tier (Standard, Pro, or Premium). To verify and sync your subscription, we share a pseudonymous internal account identifier (not your name or email) with a third-party subscription-management provider. That provider processes, on our behalf, transaction metadata (purchase timestamp, product identifier, renewal status), basic device characteristics (device type and OS version), and the country or region of purchase (derived from your IP address or app-store locale) to validate purchases, prevent fraud, and show the correct local currency.
- Push notifications — if you enable alerts, we collect the push token issued to your device, and we send your alert notifications — which include the ticker symbol and alert details (for example, "AAPL rose above $200") — through a third-party push-notification delivery service and the Apple or Google push systems to reach your device.
- Support correspondence — if you contact us (for example, by email), we collect your message and the email address you write from, to handle your request.
What we do not collect
We do not collect brokerage credentials, portfolio holdings, order history, or any data from financial accounts. bipsai is a read-only research tool; it does not connect to or interact with any brokerage.
03Analytics
Our website uses a privacy-focused, cookieless, self-hosted analytics tool. It records aggregate page views and referrer information. It does not set tracking cookies, does not build advertising profiles, does not identify individual visitors, and does not share data with third parties for advertising. No cross-site tracking takes place. This website analytics is separate from the account-linked in-app activity record described in §02.
04Operational telemetry
Our backend records request metadata (HTTP method, endpoint, status code, latency) and cost/observability metrics for reliability monitoring and abuse prevention. We avoid logging request content, but these operational logs and telemetry may include your IP address, device or client information, account or session identifiers, the ticker symbols involved in your requests, and timestamps. We retain them for as long as they are needed for reliability, abuse prevention, and cost accounting.
05Account deletion & data retention
You may delete your bipsai account at any time — directly in the app (Settings → Delete Account), on the web at bipsai.app/delete-account, or by emailing support@bipsai.app. When you do, we erase your personal data from our active systems in a single cascade: your account record (email address, display name, plan tier, and federated sign-in provider identifier), your federated identities, your sessions, your watchlists and their tickers, your alerts, your analysis-usage records, your in-app preferences, and your push notification tokens.
Deleting your account removes your profile and all of the account data listed above from bipsai's systems. The app store retains your purchase records under its own control, as required for its accounting and transaction validation. Our subscription-management provider, acting as our processor, retains the limited purchase records needed to validate entitlements and for financial accounting. These purchase records are not used for any other purpose.
A small set of operational records survives the cascade. Security records of one-time sign-in codes — the email address a code was sent to, the requesting IP address, and timestamps — are kept for abuse prevention and rate limiting. Cost-accounting, fair-use, and observability records (the operational telemetry described in §04) are keyed to a pseudonymous internal account identifier rather than your name or email; they can include the ticker symbols of the analyses and refreshes they record, and are retained for financial bookkeeping, abuse prevention, and reliability. None of these records is used for any other purpose. Free-trial eligibility is enforced by the app store per Apple ID or Google account; we do not use the records we retain to police it.
How long we keep data
- Account & profile data — until you delete your account.
- Analysis-usage records — bare timestamps of the analyses you open, kept to enforce your plan's monthly quota; automatically pruned once they age past the current monthly billing window (at most about 70 days), or immediately when you delete your account.
- Operational logs & telemetry — retained for as long as needed for security, abuse prevention, reliability, and cost accounting; the sign-in-code and cost-accounting records that survive account deletion are described above.
- Support correspondence — kept only as long as needed to handle your request and for a reasonable record afterward.
- Purchase records — retained by the app store and our subscription-management provider as required for accounting and validation (as described above).
06Data providers
The research content in bipsai — market data, fundamentals, analyst ratings, movers, news, and earnings transcripts — is sourced from a third-party market-data provider. Some content is derived from public SEC filings, which are in the public domain. Where sentiment is displayed, it is derived from third-party news coverage, first-party company press releases, and the latest earnings-call transcript; bipsai does not use social-media data for sentiment. These providers operate under their own privacy policies; bipsai does not control them.
07AI synthesis & processing
bipsai's research output — the Bips Lens, the bull and bear theses, news and sentiment summaries, and filing summaries — is generated using third-party large-language-model providers. We send these providers only the security you are viewing and the public market information needed to generate its analysis; we do not include your email address, account identifier, watchlist, or other personal information in the prompts sent to these models. We access these providers under their commercial API terms and do not use your interactions for advertising. These providers may retain prompts and outputs briefly to detect and prevent abuse of their services.
08Payments
Subscriptions are purchased and billed directly through the app store from which you downloaded bipsai. bipsai does not process payments and does not receive your card number, billing address, or any other payment details. Manage or cancel your subscription in your app store account settings.
09How we share information
We do not sell or share your personal information, as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA) — in particular, we do not share it for cross-context behavioral advertising. We share information only in these circumstances:
- Infrastructure & hosting — our cloud hosting, database, and storage provider processes data on our behalf under contract and is not permitted to use it for its own purposes.
- AI / synthesis providers — to generate analyses, we send the security you are viewing and public market information about it (no personal information) to large-language-model providers, as described in §07.
- Authentication & email delivery — when you sign in by email, we send your email address to a transactional-email provider so it can deliver your one-time sign-in code. Sign-in through a third-party identity provider is handled by that provider.
- Subscription management — we use a third-party subscription-management provider to process and verify your in-app purchases across platforms. We share a pseudonymous internal account token so it can validate your plan tier (Standard, Pro, or Premium); it processes transaction metadata, device characteristics, and country of purchase on our behalf. We never receive, store, or have access to your card details or billing address — those are handled exclusively by the app store.
- Push notifications — to deliver the alerts you enable, we send the alert content (including the ticker symbol) and your device's push token to a push-notification delivery service and the Apple or Google push systems.
- App store — the app store from which you downloaded bipsai processes your subscription purchases; we never receive your payment details.
- Legal and safety — when required by law, court order, or to protect the rights, safety, and integrity of bipsai and its users.
10Security
We protect your information with encryption in transit (HTTPS/TLS), access controls and least-privilege practices, and contractual data-protection terms with the service providers that process data on our behalf. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.
11Your choices & rights
You can manage notification preferences in the app, control bipsai's access to device features such as push notifications through your device's system settings, and delete your account at any time (Settings → Delete Account). To exercise any privacy right, email support@bipsai.app; an authorized agent may submit a request on your behalf.
California residents (CCPA/CPRA)
In the past 12 months we collect these categories of personal information: identifiers (email, account and session identifiers), commercial information (your plan tier), internet/app activity (watchlists, in-app preferences, and the in-app activity record of the analyses you open, described in §02), geolocation (approximate country or region), and device/network identifiers (push tokens, device characteristics, and IP address). We collect them from you and your device and from our subscription-management provider, and use them to provide, secure, and operate the Service. We disclose them to the service providers listed in §09. We do not sell or share personal information and do not use sensitive personal information for purposes that would trigger a right to limit it. California residents have the right to know/access, delete, and correct their personal information, to opt out of sale or sharing (which we do not do), to limit the use of sensitive personal information, and to not be discriminated against for exercising these rights.
12Notice to European & UK users
If you are in the European Economic Area or the United Kingdom, the following applies. The data controller is Pocket Atelier LLC, 5900 Balcones Drive, Ste 100, Austin, TX 78731, USA (support@bipsai.app).
Legal bases for processing
- Performance of a contract — to create and manage your account, watchlists, and alerts, and to provide your Standard, Pro, or Premium subscription.
- Legitimate interests — to secure the Service, prevent abuse, maintain operational telemetry, and keep the Service reliable.
- Consent — to send push notifications you enable; you can withdraw consent at any time through your device settings.
- Legal obligation — where we must process data to comply with applicable law.
International data transfers
bipsai is operated from the United States, and your personal data is processed and stored in the United States. Where personal data is transferred from the EEA or UK to the US, we rely on appropriate safeguards — such as Standard Contractual Clauses and/or providers certified under the EU-US Data Privacy Framework — to protect it.
Your EU/UK rights
You have the right to access, rectify, erase, restrict, or port your personal data, to object to processing based on legitimate interests, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority — your national or regional Data Protection Authority (in the UK, the Information Commissioner's Office). To exercise any of these rights, email support@bipsai.app.
Automated decisions
bipsai does not make automated decisions that produce legal or similarly significant effects for you; the research outputs the Service generates are informational only.
13Children
bipsai is intended for adults. You must be at least 18 years old to use the Service; it is not directed to anyone under 18, and we do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has provided information to us, contact us and we will delete it promptly.
14Changes to this policy
We may update this Privacy Policy from time to time. The effective date at the top of this page reflects the most recent version. For material changes, we will provide notice in the app.
15Contact
Questions about this policy? Email support@bipsai.app, or write to: Pocket Atelier LLC, 5900 Balcones Drive, Ste 100, Austin, TX 78731, USA.