IMPORTANT NOTICE: The investment ideas, insights, and signals generated by Intelxo are produced by AI models processing publicly available market data. They do not constitute personalized financial advice, solicitation, or a recommendation to buy or sell any security. Always consult a qualified financial professional before making investment decisions.
1. INTRODUCTION
Intelxo, Inc. (“Intelxo”, “we”, “us”, or “our”) operates the Intelxo platform — a stock market intelligence service that uses artificial intelligence to analyze public financial data, earnings reports, SEC filings, news sentiment, social signals, and macroeconomic indicators to generate investment research, pattern alerts, and market insights.
This Privacy Policy applies to all users who access or use our web application, mobile application, browser extensions, API, and any related services (collectively, the “Services”). By using the Services, you acknowledge that you have read and understood this policy.
This policy is incorporated into and subject to our Terms of Service. Terms used but not defined here have the meanings given to them in the Terms of Service.
2. INFORMATION WE COLLECT
We collect information you provide directly, information generated through your use of the platform, and technical information from the devices and connections you use to access our Services.
Account Data — Name, email address, password (hashed), billing information, subscription tier. Collected at registration.
Profile Data — Investment preferences, risk tolerance, sectors of interest, portfolio size indicator, professional designation. Provided optionally by you.
Usage Data — Screens viewed, queries submitted, signals bookmarked, watchlists created, filters applied, reports generated. Collected automatically.
Search & Query Data — Stock tickers searched, natural language queries entered, AI prompt inputs. Collected automatically.
Interaction Data — Clicks, session duration, scroll depth, feature engagement, export activity. Collected automatically.
Technical Data — IP address, browser type and version, operating system, device identifiers, time zone, locale. Collected automatically.
Communication Data — Support tickets, feedback submissions, survey responses, email replies. Provided by you.
Integration Data — OAuth tokens for connected broker accounts or portfolio trackers (read-only). Provided by you with explicit consent.
We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, health data, genetic data, or biometric data. We do not require you to link a real brokerage account to use core platform features.
3. HOW WE USE YOUR DATA
We use the information we collect for the following purposes, each grounded in a specific legal basis:
Service Delivery — To authenticate you, provide access to your subscription tier, execute queries, generate personalized insight feeds, and deliver alerts. (Legal basis: Contract Performance)
AI Personalization — To tailor our AI models’ output to your stated sector preferences, query history, and interaction patterns — surfacing market signals more relevant to your investing style. (Legal basis: Legitimate Interest)
Model Improvement — To improve the accuracy, relevance, and quality of our AI-generated insights by analyzing aggregated, anonymized usage patterns and query-outcome data. (Legal basis: Legitimate Interest)
Security & Fraud Prevention — To monitor for unauthorized access, account takeover attempts, and abuse of the platform’s infrastructure. (Legal basis: Legitimate Interest)
Billing & Subscriptions — To process payments, manage your subscription, send receipts, and handle refund requests. (Legal basis: Contract Performance)
Communications — To send transactional emails, product updates, and — where you have opted in — marketing communications. (Legal basis: Consent / Contract)
Legal Compliance — To fulfill obligations under applicable laws, respond to lawful requests by public authorities, and enforce our Terms. (Legal basis: Legal Obligation)
Analytics & Research — To understand platform performance, measure feature adoption, and guide product development through aggregated analytics. (Legal basis: Legitimate Interest)
We will not use your personal data for purposes materially different from those described here without providing notice and, where required by law, obtaining your consent.
4. AI & AUTOMATED PROCESSING
Intelxo’s core value proposition is built on automated AI systems. We believe in transparency about how these systems interact with your data.
AI Processing Disclosure: Our AI models process your query inputs, watchlist composition, and interaction signals to generate personalized market insights and scoring outputs. No automated decision produces legally or similarly significant effects on your rights — all output is informational in nature.
What our AI processes:
- Natural language queries you submit to the platform’s research assistant
- Your watchlist and portfolio data to contextualize signal relevance
- Your interaction history to rerank and surface more relevant signals
- Publicly available market data, news, social media discourse, and filings
What our AI does not do:
- Execute trades or place orders on your behalf
- Access real-time portfolio positions without your explicit OAuth authorization
- Build individual investor profiles that are shared with third-party ad networks
- Generate outputs that constitute licensed financial advice or brokerage services
Where we use AI to send you personalized alerts or recalibrate your insight feed, you may opt out of AI-driven personalization in your account settings. You will continue to receive generic, non-personalized market data.
Our AI training pipelines use aggregated, anonymized behavioral signals. We implement differential privacy techniques and data minimization to ensure that no individual user’s data can be reconstructed from trained model weights.
5. DATA SHARING & DISCLOSURE
We do not sell your personal data. We do not rent, trade, or exchange your data with data brokers or advertising networks. We share data only in the following circumstances:
Infrastructure Providers (AWS, GCP) — For hosting, storage, and compute. Safeguards: Data Processing Agreements; encryption at rest and in transit.
Payment Processors (Stripe) — For secure payment processing and subscription management. Safeguards: PCI DSS compliance; card data never touches our servers.
Analytics Providers (PostHog, Datadog) — For product analytics, error monitoring, and performance tracking. Safeguards: Data Processing Agreements; IP masking enabled.
Email Service Providers (Postmark) — For transactional and marketing email delivery. Safeguards: Data Processing Agreements; minimal data shared.
Customer Support Tools (Intercom) — For support ticket management and in-app chat. Safeguards: Data Processing Agreements; access limited to support staff.
Legal & Regulatory Authorities — For compliance with valid legal process, court orders, or regulatory requests. We review all requests for validity and scope and notify users where legally permitted.
Business Transfers — In connection with a merger, acquisition, or sale of substantially all assets. Any acquirer is bound to honor this policy; users will be notified in advance.
All third-party service providers are vetted for security compliance and operate under contractual obligations consistent with applicable data protection law, including GDPR Article 28 Data Processing Agreements where applicable.
6. MARKET DATA & PUBLIC SOURCES
Intelxo’s AI systems ingest and process large volumes of publicly available data to generate market intelligence. The public data sources we process include, but are not limited to:
- SEC filings (EDGAR database): 10-K, 10-Q, 8-K, DEF 14A, and derivative disclosures
- Exchange price and volume data from licensed market data feeds
- Earnings call transcripts from public corporate events
- Publicly available news articles and financial press releases
- Public social media discourse on X/Twitter, Reddit, and financial forums (via official APIs)
- Macroeconomic indicators from government sources (BLS, Federal Reserve, ECB, Eurostat)
- Patent filings, insider transaction disclosures (Form 4), and short interest reports
This data is sourced through licensed APIs, official government portals, and web crawling of publicly accessible content in compliance with the terms of service of each source. None of this public data ingestion involves collecting your personal information — it is entirely market and company-level data.
If you submit a natural language query containing personal information, we treat that query input as personal data subject to this policy and do not use it to train our models without explicit opt-in consent.
7. COOKIES & TRACKING TECHNOLOGIES
We use cookies and similar tracking technologies to operate the platform, remember your preferences, and understand how users engage with our features.
Essential Cookies — Session authentication, CSRF protection, load balancing. Duration: Session / 30 days. Required: Yes.
Functional Cookies — UI preferences, timezone, display settings, watchlist state. Duration: 1 year. Required: No.
Analytics Cookies — Feature usage tracking, anonymized session recording, error capture. Duration: 90 days. Required: No.
Marketing Cookies — Measuring ad campaign effectiveness and attribution (not retargeting). Duration: 30 days. Required: No.
You can manage your cookie preferences at any time through our Cookie Preference Center, accessible from the footer of any page. Withdrawing consent for non-essential cookies does not affect your ability to use core platform features.
We honor browser-level “Do Not Track” signals for analytics purposes. We do not use cross-site tracking pixels or share behavioral data with advertising exchanges.
8. DATA SECURITY
Intelxo implements a defense-in-depth security architecture designed for the sensitivity of financial data.
Encryption in Transit — All data is encrypted using TLS 1.3. We enforce HTTPS and implement HSTS with preloading.
Encryption at Rest — All databases, object storage, and backup systems use AES-256 encryption. Keys are managed via hardware security modules (HSMs).
Authentication Security — Passwords are hashed using bcrypt. We support and strongly recommend TOTP-based two-factor authentication. Enterprise plans support SAML 2.0 SSO.
Network Controls — Infrastructure is segmented into isolated VPCs. All traffic flows through a Web Application Firewall (WAF) and DDoS mitigation layer.
Access Controls — Internal employee access to production data is governed by least-privilege principles, requires MFA, and is logged, audited, and reviewed quarterly.
Penetration Testing — We conduct annual third-party penetration tests and participate in a responsible disclosure program. Critical vulnerabilities are remediated within 30 days.
Incident Response — In the event of a data breach affecting your personal data, we will notify you and applicable regulators within 72 hours of confirmed discovery, as required by GDPR Article 33.
9. DATA RETENTION
Account & Profile Data — Retained for the duration of your account plus 30 days after deletion.
Query & Usage Logs — Retained for 13 months on a rolling basis.
Billing Records — Retained for 7 years to satisfy tax and financial record obligations.
Support Correspondence — Retained for 3 years.
Security & Access Logs — Retained for 12 months.
Anonymized Analytics — Retained indefinitely (no personal data involved).
When your account is deleted, we initiate a 30-day purge cycle after which personal data is irreversibly deleted from our production systems. Backup systems are purged on a 90-day rolling cycle. Certain data subject to legal hold obligations may be retained beyond these periods as required by law.
10. YOUR RIGHTS
Depending on your location, you have the following rights with respect to your personal data. We honor these rights for all users globally.
Right to Access — Request a copy of all personal data we hold about you, including categories, processing purposes, and recipients.
Right to Rectification — Request correction of inaccurate or incomplete personal data. You can also update most data directly in account settings.
Right to Erasure — Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
Right to Object — Object to processing based on legitimate interests, including AI-driven personalization and analytics.
Right to Restriction — Request that we restrict processing of your data while a dispute or objection is being considered.
Right to Portability — Receive your personal data in a structured, machine-readable format (JSON or CSV).
AI Opt-Out — Opt out of AI-driven personalization at any time via your account settings.
Right to Complain — Lodge a complaint with your local supervisory authority (e.g., AEPD in Spain, CNIL in France, ICO in the UK).
To exercise any of these rights, submit a request to [email protected] or use the Data Rights portal in your account settings. We will respond within 30 days. We may request identity verification before fulfilling certain requests.
California Residents (CCPA/CPRA): You have the right to know what personal information is collected, sold, or disclosed; the right to opt out of sale (we do not sell data); the right to non-discrimination for exercising your rights; and the right to limit use of sensitive personal information. Use the “Do Not Sell or Share My Personal Information” link in our footer or email [email protected].
11. INTERNATIONAL DATA TRANSFERS
Intelxo is headquartered in the United States. If you access our Services from outside the United States — including from the European Economic Area (EEA), United Kingdom, or Switzerland — your personal data may be transferred to and processed in the United States.
For transfers from the EEA, UK, or Switzerland, we rely on the following mechanisms:
Standard Contractual Clauses (SCCs) — We execute the European Commission’s Standard Contractual Clauses (2021/914) with all processors receiving EEA personal data.
UK International Data Transfer Agreement (IDTA) — For transfers from the UK, we rely on the UK IDTA or the EU SCCs with the UK Addendum.
EU-U.S. Data Privacy Framework — Where applicable service providers are certified under this framework, we rely on it as a transfer basis.
You may request a copy of the applicable transfer safeguards by contacting [email protected].
12. CHILDREN’S PRIVACY
The Intelxo platform is designed for and directed solely to adults aged 18 and older. We do not knowingly collect, process, or retain personal information from individuals under the age of 18.
If we become aware that we have inadvertently collected personal information from a person under 18, we will take immediate steps to delete such information. If you believe we have collected data from a minor, please contact us immediately at [email protected].
13. REGULATORY COMPLIANCE
GDPR (EU) — We operate as a Data Controller under Regulation (EU) 2016/679. We have appointed a Data Protection Officer (DPO) reachable at [email protected].
CCPA / CPRA (California) — We are compliant with the California Consumer Privacy Act and its amendment, the California Privacy Rights Act, including opt-out mechanisms and a designated privacy contact.
UK GDPR — We comply with the UK GDPR and the Data Protection Act 2018. We have appointed a UK representative as required for non-UK established controllers.
MiFID II / ESMA (EU) — Our platform is designed to comply with applicable EU financial transparency obligations. Intelxo does not operate as an investment firm and does not provide regulated investment advice within the meaning of MiFID II.
FINRA / SEC (USA) — Intelxo is not a registered broker-dealer or registered investment adviser. Our AI-generated market intelligence constitutes impersonal investment information, not regulated investment advice.
14. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. For material changes — defined as changes that significantly affect your rights or how we use your data — we will provide at least 30 days’ advance notice via:
- A prominent banner in the Intelxo web and mobile application
- An email notification to the address associated with your account
- An updated “Last Revised” date at the top of this document
Your continued use of the Services after any changes constitutes acceptance of the updated policy. All prior versions are archived and available upon request.
15. CONTACT US
For any questions, concerns, or data subject requests:
Privacy Team: [email protected] Data Protection Officer: [email protected]
Intelxo, Inc. Response time: within 2 business days for general inquiries; within 30 days for formal data subject requests.
© 2026 Intelxo, Inc. All rights reserved.