SuperAgenticFinancial Research Agent — Experimental Beta

Privacy Policy

Last updated: February 16, 2026

1. Introduction

This Privacy Policy describes how SuperAgentic (“we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you use our AI-powered financial research service (“the Service”). We are committed to transparency about our data practices.

SuperAgentic is an experimental research project operated by an individual. We process data in accordance with applicable privacy laws including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), and other applicable regulations.

2. Information We Collect

2.1 Information You Provide Directly

Data Type	Examples	Purpose
Account information	Name, email address, password (hashed)	Account creation and authentication
Profile information	Profile image (via Google OAuth)	Display in UI
Conversation content	Chat messages, queries, prompts	Providing the Service (AI analysis)
User-generated skills	Prompt templates, skill metadata	Enabling custom skill functionality
Saved prompts	Shortcut templates	User productivity features
Feedback	Message ratings (like/dislike), general feedback text	Service improvement
Waitlist submissions	Name, email, organization	Managing beta access

2.2 Information Collected Automatically

Data Type	Examples	Purpose
Usage data	Features used, tools invoked, credit consumption	Service operation and analytics
Device information	Browser type, operating system	Compatibility and debugging
Authentication data	Session tokens, login timestamps	Security
AI interaction metadata	LLM provider used, model ID, token counts	Cost management and quality assurance

2.3 Information from Third Parties

Google OAuth: If you sign in with Google, we receive your name, email, and profile image from Google.
Financial data providers: We query Finnhub, Alpha Vantage, FMP, and SEC EDGAR on your behalf. These providers do not receive your personal information — only the financial query parameters (e.g., stock ticker symbols).

3. How We Use Your Information

Purpose	Legal Basis (GDPR)
Provide and operate the Service	Contract performance (Art. 6(1)(b))
Process your queries via third-party AI providers	Contract performance (Art. 6(1)(b))
Maintain your conversation history	Contract performance (Art. 6(1)(b))
Evaluate AI output quality (automated, platform-absorbed)	Legitimate interest (Art. 6(1)(f))
Generate conversation titles (automated)	Legitimate interest (Art. 6(1)(f))
Manage your credit balance and usage	Contract performance (Art. 6(1)(b))
Send service notifications and updates	Legitimate interest (Art. 6(1)(f))
Improve the Service based on aggregated usage patterns	Legitimate interest (Art. 6(1)(f))
Respond to your feedback and support requests	Contract performance (Art. 6(1)(b))
Ensure security and prevent fraud	Legitimate interest (Art. 6(1)(f))
Comply with legal obligations	Legal obligation (Art. 6(1)(c))

We do NOT:

Sell your personal data to third parties
Use your conversations to train AI models without your explicit opt-in consent
Share your personal data with advertisers
Create advertising profiles based on your usage

4. AI Processing Disclosure

4.1 How Your Data Is Processed by AI

When you send a message, your conversation is transmitted to one of our third-party AI providers (Anthropic, OpenAI, or Google — depending on your selected provider) for processing. The AI provider generates a response which is streamed back to you.

4.2 What Is Sent to AI Providers

Your current message and relevant conversation history
System instructions (our prompt, not your personal data)
Tool results (financial data retrieved on your behalf)

4.3 AI Provider Data Practices

Provider	Uses API Data for Training?	Data Retention
Anthropic (Claude)	No (API data never used for training)	7 days (abuse monitoring)
OpenAI (GPT-4o)	No (API data not used by default)	30 days (abuse monitoring)
Google (Gemini)	Varies by product; we use API tier	Per Google’s API terms

We use API-tier access with all providers, which provides stronger data protections than consumer-tier access. None of our AI providers use API-submitted data for model training by default.

4.4 Platform AI Processing

We use AI for the following platform-internal purposes at no cost to you:

Generating conversation titles (using a lightweight AI model)
Evaluating output quality (using AI judges that assess response accuracy)
Analyzing aggregated feedback (admin function)

These platform-absorbed AI calls process your conversation content but are not shared with any party beyond the AI provider.

4.5 Future AI Training

We do not currently use your data to train or fine-tune AI models. If we introduce this capability in the future, we will:

Notify you in advance with a clear explanation
Require explicit, affirmative opt-in consent (not opt-out)
Provide granular controls over what data may be used
Never train on data from users who have not consented

5. Data Sharing and Third Parties

We share your data only with the following categories of service providers, solely as necessary to operate the Service:

Category	Providers	Data Shared
AI Processing	Anthropic, OpenAI, Google	Conversation content
Financial Data	Finnhub, Alpha Vantage, FMP, SEC EDGAR	Query parameters only (no PII)
Hosting	Vercel	Application data, IP addresses
Database	Neon (PostgreSQL)	All stored data (encrypted)
Authentication	Google (OAuth only)	OAuth tokens, profile data
Payments (future)	Stripe (when implemented)	Payment information

We do not sell, rent, or trade your personal information. We may disclose information if required by law, legal process, or government request.

6. Data Retention

Data Type	Retention Period	Deletion Method
Account data	Until account deletion + 30 days	Permanent deletion
Conversations	Until deleted by you or account deletion + 30 days	Soft-delete, then permanent
User-generated skills (private)	Until deleted by you or account deletion + 30 days	Permanent deletion
Community-shared skills	Survives account deletion (anonymized)	Anonymized to “deleted user”
Feedback	Until account deletion or no longer needed	Permanent deletion
Credit transaction logs	7 years (financial record-keeping)	Automatic deletion
System logs	90 days	Automatic rotation

7. Data Security

We implement reasonable technical and organizational measures to protect your data, including:

Encryption in transit (TLS/HTTPS for all connections)
Encryption at rest (database encryption via Neon)
Hashed passwords (never stored in plaintext)
Session-based authentication with secure, httpOnly cookies
Access controls limiting data access to authorized functions
Regular security reviews

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

8.1 Rights for All Users

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate personal data
Deletion: Request deletion of your personal data and account
Data Export: Request your data in a structured, machine-readable format (JSON)

8.2 Additional Rights for EU/EEA Residents (GDPR)

Right to restrict processing: Request limitation of how we process your data
Right to object: Object to processing based on legitimate interest
Right to object to automated decision-making: Request human review of significant automated decisions
Right to lodge a complaint: With your local supervisory authority

8.3 Additional Rights for California Residents (CCPA/CPRA)

Right to know: What personal information we collect, use, and disclose
Right to delete: Request deletion of personal information
Right to opt-out: Of sale or sharing of personal information (we do not sell your data)
Right to non-discrimination: We will not discriminate against you for exercising your rights
Right to correct: Inaccurate personal information

We do not sell or share (as defined by CCPA) your personal information. We do not use sensitive personal information for purposes beyond what is necessary to provide the Service.

To exercise any of these rights, contact us at privacy@superagentichat.com. We will respond within 30 days (or within legally required timeframes).

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. For transfers of EU/EEA personal data, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements with all third-party processors
The EU-U.S. Data Privacy Framework (where applicable)

10. Cookies and Tracking Technologies

We use cookies and similar technologies as described in our Cookie Policy. Essential cookies (authentication, security) are used without consent as they are strictly necessary for the Service. Non-essential cookies (analytics) require your consent.

11. Children’s Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights, we will:

Notify affected users without undue delay (and within 72 hours for EU residents where required)
Notify the relevant supervisory authority where required by law
Provide details of the breach, its likely consequences, and the measures taken

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The “Last updated” date will always reflect the most recent revision.

14. Contact

For privacy-related questions, data subject requests, or complaints:

privacy@superagentichat.com