1. Who this policy covers
Copinance (“Copinance,” “we,” “us”) is the controller of personal data collected through copinance.com and the Copinance application, except where a third party acts as an independent controller under its own notice. Questions or privacy requests can be sent to [email protected].
This policy does not cover third-party websites, market-data services, Google sign-in, or AI providers when you use their services under their own terms and privacy policies.
2. Data we collect
- Account data: Google account identifier, email address, name, profile image, sign-in events, account role, and account status. Copinance does not receive your Google password.
- Preferences and workspace data: financial-literacy level, interface scale, theme, watchlist symbols, saved workspace settings, selected symbols, and weekly digest records.
- Coach and AI data: prompts, messages, selected model, page and market context, tool events, generated answers, and attachments you choose to submit. Chat history is saved only when chat persistence is enabled for the deployment.
- User-supplied AI credentials: provider name, an encrypted API key, and a short masked preview. The full key is not displayed after it is saved.
- Technical and security data: IP address, request identifiers, timestamps, browser and device information, error and security events, and server logs.
- Optional analytics data: page visits, approximate location, device and browser characteristics, and interaction events. Google Analytics is not loaded unless you allow analytics cookies.
- Communications: information you include when contacting us or responding to a service message.
We do not ask for brokerage credentials, payment-card data, government identifiers, or details about your actual trades. Please do not put sensitive personal information in Coach prompts or attachments.
3. Why we use it
- Provide sign-in, account security, saved preferences, watchlists, and requested features.
- Ground Coach responses in the page and market context you choose to send.
- Generate and, where enabled, save conversations and weekly educational digests.
- Operate, debug, secure, measure, and improve the service.
- Prevent abuse, enforce our Terms, and comply with legal obligations.
- Send transactional service email when enabled. We do not sell mailing lists.
Where the GDPR, UK GDPR, Türkiye’s Law No. 6698 (KVKK), or similar laws apply, our legal bases are performance of our agreement with you, our legitimate interests in operating and securing the service, compliance with law, and consent where required—particularly for optional analytics. You may withdraw consent at any time without affecting earlier lawful processing.
4. AI processing deserves special clarity
Coach output is generated with third-party AI models. When you use Coach, your prompt, relevant conversation history, attachments, and selected market or page context may be sent to the model provider shown in the interface, such as OpenAI or Google Gemini. If you supply your own provider key, that key is used to authenticate the request; it is not included in the prompt.
Do not use Coach for confidential, legally privileged, medical, or highly sensitive personal information. AI output can be incomplete or wrong and is not used by Copinance to make legal, employment, credit, insurance, or other decisions with legal or similarly significant effects about you.
6. International transfers
Providers may process data outside your country, including in the United States and the European Economic Area. Where required, we use recognized safeguards such as adequacy decisions, standard contractual clauses, or applicable contractual and organizational measures. You may contact us for more information about safeguards relevant to your data.
7. How long we keep data
- Active account, watchlist, preference, digest, and encrypted credential records are kept while the account is active and as needed to provide the service.
- Deleting a conversation archives it; the archived conversation is scheduled for automatic deletion after 90 days. Messages associated with it are removed with the conversation as part of that purge process.
- Choosing “Delete account” immediately deactivates access. Because this is a soft deactivation in the current product, contact us if you also want the underlying account data erased. We then delete or anonymize data unless it must be retained for security, dispute, backup, or legal reasons.
- Security logs, revoked-token records, caches, and backups are kept for limited periods based on operational and security needs, then rotated or overwritten.
- Analytics retention is controlled in Google Analytics. Analytics cookies in this application are configured for no more than 180 days.
We periodically review retention and aim not to keep identifiable data longer than its stated purpose requires.
8. Your choices and rights
Depending on where you live, you may have rights to access, correct, delete, port, or restrict personal data; object to certain processing; withdraw consent; and complain to a data-protection authority. Türkiye residents may also exercise the rights in Article 11 of the KVKK. EEA and UK residents may complain to their local supervisory authority.
You can change profile preferences, remove saved AI keys, delete individual conversations, or deactivate your account in the app. For a copy, correction, objection, or full erasure request, email [email protected]. We may need to verify that the account is yours. Authorized agents may submit requests where local law permits. We will not discriminate against you for exercising a privacy right.
You can reject or withdraw optional analytics at any time through Cookie preferences. Browser controls can also clear locally stored preferences, although doing so may sign you out or reset the interface.
9. Security and children
We use safeguards designed for the nature of the service, including encrypted transport, HttpOnly session cookies, CSRF protection, access controls, and encryption of saved AI credentials. No internet service can promise absolute security. If you believe your account is at risk, sign out and contact us promptly.
Copinance is intended for adults and is not directed to children under 18. We do not knowingly collect personal data from children. A parent or guardian who believes a child has provided data should contact us so we can investigate and delete it.
10. Changes and contact
We may update this policy as the product or law changes. We will change the date above and provide a more prominent notice when a change materially affects your rights or how data is used.
Privacy questions and requests: [email protected].