Privacy Policy

Last updated: December 28, 2024

This policy applies to all users of the CFI service worldwide

1. Introduction

Alphamesh ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Consensus Fragility Index ("CFI") service (the "Service").

This policy applies to information we collect through our website at cfi.alphamesh.io, our applications, and any related services, sales, marketing, or events.

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use our Service, you may provide:

  • Account information: Email address (required for login; name is optional and may be derived from your email)
  • Authentication credentials: Managed securely by our authentication provider (Auth0)
  • Payment information: If applicable, processed by our payment provider (not stored by us)
  • Communications: Messages you send to us, feedback, and support requests
  • Chat session data: We log when you use the chat feature for rate limiting purposes

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

  • Device information: Browser type, operating system, device identifiers
  • Usage data: Pages visited, features used, time spent, click patterns
  • Log data: IP address, access times, referring URLs, error logs
  • Location data: General geographic location based on IP address (not precise location)

2.3 Information We Do NOT Collect

We do not collect:

  • Your financial account information or trading history
  • Social Security numbers or government identification numbers
  • Biometric data
  • Precise geolocation data
  • Information from children under 18 years of age

3. How We Use Your Information

We use your information for the following purposes:

Service Provision

  • Create and manage your account
  • Provide access to CFI features and functionality
  • Process transactions and send related information

Service Improvement

  • Analyze usage patterns to improve the Service
  • Develop new features and functionality
  • Conduct research and analytics

Communication

  • Send service-related notices and updates
  • Respond to your inquiries and support requests
  • Send marketing communications (with your consent)

Security and Compliance

  • Detect and prevent fraud, abuse, and security incidents
  • Enforce our Terms of Service
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

Contract PerformanceProcessing necessary to provide the Service you requested (account management, service delivery)
Legitimate InterestsProcessing for our legitimate business interests (service improvement, analytics, security) where not overridden by your rights
ConsentWhere you have given explicit consent (marketing communications, optional features)
Legal ObligationProcessing necessary to comply with applicable laws and regulations

5. AI and Automated Processing

CFI uses artificial intelligence and machine learning technologies to analyze market data and generate insights. You should be aware of how AI interacts with your data:

What AI Processes

  • AI analyzes publicly available market data, news, and financial information
  • AI does NOT process your personal information to generate fragility scores
  • Your usage patterns may be analyzed in aggregate (not individually) to improve the Service

Automated Decision-Making

We do not use automated decision-making that produces legal effects or similarly significantly affects you based solely on automated processing of your personal data. The Service provides informational outputs only; no automated decisions are made about you personally.

AI Service Providers

When you use AI-powered features (such as natural language queries), your queries may be processed by our AI service provider (Anthropic). These queries are not associated with your personal information and are processed in accordance with our data processing agreements.

6. Data Sharing and Third Parties

We share your data with the following categories of third parties, solely for the purposes described:

  • Authentication providers - to securely manage your login and account access
  • Cloud hosting providers - to store and deliver the Service
  • AI/ML service providers - to power analysis features (queries only, no personal identifiers)
  • Financial data providers - to obtain market data (no personal data shared with them)

We do NOT sell your personal information.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share data as necessary to provide the Service as described above.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your country.

When we transfer personal data from the EEA, UK, or Switzerland to other countries, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all third-party service providers
  • Technical and organizational security measures
  • Compliance with applicable data transfer frameworks

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Account information (email, login history)Until account deletion + 30 days
Chat session logsUntil account deletion + 30 days
Feedback submissions36 months from submission
Server logs90 days
Billing records (if applicable)7 years (legal requirement)

After the retention period, data is securely deleted or anonymized. We may retain anonymized, aggregated data indefinitely for analytics purposes.

9. Data Security

We implement industry-standard technical and organizational security measures to protect your personal data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Secure authentication with Auth0 and optional multi-factor authentication
  • Regular security assessments and penetration testing
  • Access controls and employee training
  • Incident response and monitoring procedures
  • Secure infrastructure on reputable cloud providers

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Your Privacy Rights

10.1 Rights for All Users

Regardless of your location, you have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Opt-out: Unsubscribe from marketing communications
  • Account closure: Close your account at any time

10.2 Additional Rights (EEA, UK, Switzerland)

Under GDPR and equivalent laws, you additionally have the right to:

  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent at any time (where consent is the legal basis)
  • Complaint: Lodge a complaint with your local data protection authority

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know

You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it.

Right to Delete

You may request deletion of your personal information, subject to certain legal exceptions.

Right to Correct

You may request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing

We do not sell or share your personal information as defined by the CCPA/CPRA. Therefore, there is no need to opt-out.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require verification of your identity and confirmation of the agent's authority.

Categories of Personal Information Collected: Identifiers (name, email, IP address), Internet activity (usage data, browsing history on our Service), Geolocation (general location from IP), Professional information (if provided). See Section 2 for details.

12. How to Exercise Your Rights

To exercise any of your privacy rights, you may:

  • Email us at privacy@alphamesh.io with your request
  • Use the account settings in the Service (where available)
  • Submit a request through our support channels

We will respond to your request within 30 days (or 45 days for complex requests, with notice). We may need to verify your identity before processing your request.

Note: Some requests may be subject to legal limitations. For example, we may retain certain data for legal compliance, fraud prevention, or legitimate business purposes.

13. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service. Here is what we use:

Essential CookiesRequired

Required for authentication, security, and basic functionality

Functional CookiesOptional

Remember your preferences (theme, settings)

Analytics CookiesOptional

Help us understand how the Service is used (aggregated data)

We do NOT use advertising or third-party tracking cookies. You can manage cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

14. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child under 18, please contact us at privacy@alphamesh.io.

15. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovery (where required by law)
  • Provide details about the nature of the breach and affected data
  • Describe measures taken to address and mitigate the breach
  • Offer guidance on steps you can take to protect yourself
  • Notify relevant regulatory authorities as required by law

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email (for material changes)
  • Post a prominent notice on the Service
  • Provide at least 30 days notice before changes take effect

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Alphamesh - Privacy Team

Email: privacy@alphamesh.io

General inquiries: info@alphamesh.io

For EEA/UK residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

By using CFI, you acknowledge that you have read and understood this Privacy Policy.