Back

Privacy Policy for HelloStocks

Privacy Policy
Last Updated: 1st November 2025

Introduction
Welcome to HelloStocks’ privacy policy. HelloStocks respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your personal data when you visit our website (https://www.hellostocks.ai) or subscribe to our services—regardless of your location. It also explains your privacy rights and how the law protects you.

If you are a resident of the United Kingdom or European Economic Area (EEA), this policy explains your rights under the UK GDPR (and, where applicable, the EU GDPR) and the Privacy and Electronic Communications Regulations (PECR).
If you are a resident of the United States, this policy explains your rights under California law (CCPA/CPRA) and, where applicable, similar state laws (e.g., Virginia, Colorado, Connecticut, Utah).

1. Important Information and Who We Are

Controller
HelloStocks Ltd is the data controller responsible for your personal data (“HelloStocks”, “we”, “us”, “our”).

Contact Details
Controller: HelloStocks Ltd
Email: charles@hellostocks.ai
Postal Address: 13, Cross Park Road, Wembury, Devon, United Kingdom, PL9 0EU

Third-Party Links
Our website may include links to third-party websites, plug-ins, or services. We are not responsible for their privacy practices. Please review their privacy policies before providing any personal data.

Children’s Privacy
We do not knowingly collect personal data from children. In the UK, our services are for users aged 18+. In the US, we comply with COPPA and do not knowingly collect personal data from children under 13. If you believe we have collected such data, contact us and we will delete it.

2. The Data We Collect About You
We collect only the personal data necessary to provide and improve our services:

  • Identity Data (e.g., name, username)
  • Contact Data (e.g., email address, postal address)
  • Financial Data (e.g., last 4 digits/brand of payment card—processed by our payment processors; we do not store full card numbers)
  • Transaction Data (e.g., subscription purchases, refunds, dates, amounts)
  • Technical Data (e.g., IP address, device identifiers, browser type/version, time zone, OS, referrers)
  • Profile Data (e.g., saved preferences, portfolio settings, feature flags)
  • Usage Data (e.g., pages viewed, features used, clickstream, session duration)
  • Marketing & Communications Data (e.g., opt-ins, email preferences, unsubscribes)

We do not intentionally collect Special Category Data (e.g., health, religion, ethnicity) or criminal conviction data.

3. How We Collect Your Data

  • Direct Interactions: You provide data when you create an account, subscribe, contact support, or fill forms.
  • Automated Technologies: Cookies, SDKs, and similar technologies collect Technical/Usage Data. See Section 11 (Cookies & Similar Technologies).
  • Third Parties: We receive data from payment processors, analytics providers, authentication providers (e.g., Google login), and hosting/infra partners.

4. How We Use Your Personal Data (Purposes & Legal Bases)

  • Provide and administer the service (account creation, authentication, subscriptions, access control) — Contract (UK/EU); Legitimate Interests where needed.
  • Payment processing and fraud preventionContract; Legitimate Interests; Legal Obligation (tax/audit).
  • Customer support and service communicationsContract; Legitimate Interests.
  • Product analytics and improvementLegitimate Interests (to understand usage and improve performance/features).
  • Marketing communicationsConsent (where required); Legitimate Interests (e.g., “soft opt-in” to existing UK customers under PECR). You can opt out at any time.
  • Compliance, legal claims, and securityLegal Obligation; Legitimate Interests.

If we rely on consent, you can withdraw it at any time (this will not affect processing already carried out).

5. Disclosures of Your Personal Data

We may share data with:

  • Service Providers / Processors: hosting and infrastructure (e.g., Vercel), databases (e.g., MongoDB Atlas), analytics, logging/monitoring, email (e.g., Mailgun), authentication (e.g., NextAuth/Google), payment processing (e.g., Stripe), and our separately hosted analytics app infrastructure (e.g., PythonAnywhere).
  • Professional Advisors: lawyers, accountants, auditors.
  • Authorities: where required by law or to protect rights, users, or security.
  • Business Transfers: If we undergo a merger, acquisition, or asset sale, your data may be transferred under appropriate safeguards.

We require processors to implement appropriate security and only process data under our instructions.

6. International Transfers
If we transfer personal data outside the UK/EEA, we use appropriate safeguards, such as:
UK IDTA or UK Addendum to EU SCCs for UK transfers;
EU Standard Contractual Clauses (SCCs) for EEA transfers;
• Additional measures where required (e.g., encryption in transit/at rest).

7. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. These include access controls, encrypted transport (HTTPS), and secure, audited third-party services. No method of transmission or storage is 100% secure.

8. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy, including to meet legal, accounting, or reporting obligations. For example, financial and transactional records may be retained up to 6 years for tax/audit. When data is no longer needed, we will securely delete or anonymise it.

9. Your Rights — UK/EEA Users
Subject to conditions and exceptions under the UK/EU GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Restrict processing
  • Object to processing (including direct marketing)
  • Data portability (receive data you provided to us in a structured, commonly used format)
  • Withdraw consent where processing is based on consent

How to exercise: Email charles@hellostocks.ai with your request. We may need to verify your identity. We aim to respond within 1 month (extendable in complex cases as permitted by law).

Right to complain: You can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would appreciate the chance to address your concerns first.

10. Your Rights — US Residents (CCPA/CPRA & Similar State Laws)
Under the CCPA/CPRA (and similar laws in VA/CO/CT/UT), you may have the right to:

  • Know/Access: the categories and specific pieces of personal information we collected about you, the categories of sources, our business/commercial purposes, and the categories of third parties with whom we share it.
  • Delete: request deletion of personal information (subject to exceptions, e.g., security, legal obligations).
  • Correct: request correction of inaccurate personal information.
  • Opt-out of “Sale” or “Sharing” of personal information: We do not sell personal information for money. If we engage in cross-context behavioral advertising considered “sharing”, we will provide a “Do Not Sell or Share My Personal Information” link and honour Global Privacy Control signals.
  • Limit Use/Disclosure of Sensitive PI: We do not use “sensitive” personal information for purposes requiring this right.
  • Non-Discrimination: we will not discriminate against you for exercising your rights.

Methods to exercise:
• Email charles@hellostocks.ai with your request; and
• [If applicable] Use our privacy request web form: [Insert link].
We will verify requests by reasonably matching information you provide with information we maintain. You may use an authorised agent (with written authorisation and verification). We generally respond within 45 days (extendable as allowed by law).

Notice at Collection (California): Categories, Purposes, Sources, Sharing
Categories Collected: Identifiers (name, email, IP), commercial information (transactions), internet/network activity (Usage/Technical Data), geolocation derived from IP (coarse), inferences (preference segments), and account/profile data.
Sources: You (direct), your devices/browser (cookies/SDKs), payment/auth providers, analytics, and service providers.
Purposes: As listed in Section 4 (service delivery, payments, security/fraud prevention, analytics/improvement, marketing with consent/opt-out, legal compliance).
Sharing/Sale: We do not sell personal information for monetary value. We may disclose limited data to service providers and for security, analytics, and essential site functionality. If we “share” for cross-context behavioral advertising in the future, we will honour opt-out signals and provide required links.

11. Cookies & Similar Technologies (PECR/ePrivacy & US)
We use cookies, SDKs, and similar technologies to:

  • Essential: sign-in, security, load balancing.
  • Preferences/Functionality: remember settings.
  • Analytics/Performance: understand usage and improve features.
  • Marketing (only with consent where required): deliver or measure emails/ads.

Consent & Controls:
• In the UK/EEA, we seek consent for non-essential cookies via a banner and respect your choices.
• You can manage cookies via your browser settings.
• Marketing emails include an unsubscribe link; you can also email charles@hellostocks.ai.

For more information on cookies, please click here to visit our cookies page.

12. Automated Decision-Making & Profiling
We do not use automated decision-making that produces legal or similarly significant effects. We may create basic inferences (e.g., feature preference segments) to improve your experience and measure product usage. You can object to direct marketing profiling at any time.

13. International Users
Our core operations are in the UK. If you access the service from outside the UK/EEA/US, you are responsible for ensuring your use complies with local laws, and you consent to processing and transfer as described in this policy.

14. Changes to This Privacy Policy
We may update this policy from time to time. We will post the updated version with a new “Last Updated” date, and, where appropriate, notify you by email or in-product notice.

15. Contact Us
If you have any questions or wish to exercise your rights, contact us at:
HelloStocks Ltd
Email: charles@hellostocks.ai
Postal Address: 13, Cross Park Road, Wembury, Devon, United Kingdom, PL9 0EU