Privacy Policy

StockSetupLists.com (the “Service”) is operated by Zero Vector Apps LLC (“we,” “us”). This policy explains what personal information we collect, how we use it, and the rights you have over it.

We deliberately collect the minimum information needed to operate the Service. Specifically:

• Account information. Your email address and a unique account identifier. If you sign in with a third-party provider (e.g., Google), we receive only the basic profile information that provider sends us.
• Authentication tokens. Short-lived session tokens stored in your browser or app and verified on each request.
• User preferences. Settings you save in the product, such as your saved indicators and UI preferences.
• Entitlement status. Whether your account has access to paid features.
• Server logs. Operational logs (request paths, timestamps, response codes, error traces) retained for up to 90 days for debugging and security. These may include IP addresses.

Market data displayed on the Service is licensed from a third-party data provider and contains no information about you.

We deliberately keep our use of cookies and browser storage narrow. We do not currently use any third-party analytics, advertising, behavioral-tracking, or marketing cookies on this site.

The only browser storage we rely on is what's strictly necessary to operate the Service:

• Authentication state stored in your browser's local storage (not cookies) by our authentication provider, so your sign-in survives page reloads. Without this you would be signed out on every refresh.
• Session and CSRF protection cookies set transiently by the authentication provider's sign-in flows. These exist only for the duration of the sign-in and are not used to track you.

Because everything we store is strictly necessary to authenticate you and deliver the Service you requested, we do not show a cookie-consent banner. The ePrivacy Directive and analogous laws exempt strictly-necessary storage from the consent requirement. If we ever add non-essential tracking (analytics, advertising), we will add a consent mechanism before turning it on and update this section.

You can clear our storage at any time from your browser's settings; doing so will sign you out.

• To authenticate you and keep your account secure.
• To remember your preferences across sessions.
• To determine whether you are entitled to access paid features.
• To operate, debug, and improve the Service (logs, error tracking).
• To communicate with you about service updates and, if you have opted in, occasional product communications.
• To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use your personal information to train AI models.

We rely on a small number of third-party service providers to operate the Service. They process information only on our behalf and only as needed to provide their services. The categories of providers we use are:

• Cloud hosting and database providers — to host the Service and store account data.
• Authentication providers — to manage account sign-in and identity.
• AI model providers — to generate the market digest from aggregate, non-personal market data. No personal information is sent.
• Market data providers — to supply the price and reference data the Service analyzes. No user data is shared.
• Payment and subscription processors — to handle billing for paid features (when paid features go live).

Where required, we rely on industry-standard processor agreements with these providers, including the Cloud Data Processing Addendum that governs our use of cloud hosting, database, and authentication services. That addendum incorporates the EU Standard Contractual Clauses for cross-border data transfers.

We keep your personal information only as long as we need it. Specific retention windows:

• Account information and preferences — retained while your account is active and for up to 24 months after your last sign-in, then purged.
• Legal-acceptance audit records (the timestamped record of your Terms / Privacy acceptances) — retained for the longer of (a) the life of your account or (b) the period required by applicable law for evidentiary purposes, typically up to 7 years after account deletion.
• Server logs — retained for up to 90 days.
• Backups — may persist for up to 30 additional days before being overwritten by routine retention cycles.

Right to delete your account. You can permanently delete your account at any time from the Settings screen (in-app) or by emailing support@zerovectorapps.com . Deletion immediately revokes your ability to sign in and purges your account document, preferences, and acceptance subcollection from active storage. Backup copies are overwritten within 30 days as part of routine retention.

Published market analysis (setup lists and digests) is retained indefinitely as part of the Service's record. It contains no personal information.

Depending on where you live, you may have rights under laws such as the GDPR (EU/UK) or the CCPA (California), including:

• To request a copy of the personal information we hold.
• To correct inaccurate information.
• To request deletion of your account and personal data.
• To opt out of non-essential communications.

To exercise any of these rights, contact us at the address below. We will respond within the timeframes required by applicable law.

California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know what categories of personal information we have collected about you, the sources, the purposes for which it was collected, and the categories of third parties with whom we share it.
• Right to delete personal information we have collected about you, subject to limited exceptions.
• Right to correct inaccurate personal information we hold about you.
• Right to opt out of sale or sharing of your personal information.
• Right to limit use of sensitive personal information for purposes other than providing the Service.
• Right to non-discrimination for exercising any of these rights.

We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. We do not use your personal information for cross-context behavioral advertising.

Categories of personal information we collect (CCPA categories, with business purpose):

• Identifiers (email address, account identifier) — to authenticate you and operate your account.
• Internet or other network activity information (request paths, timestamps, response codes, IP address in server logs) — for security, debugging, and service operation.
• User-provided content (saved preferences and settings) — to personalize the Service to your configuration.
• Inferences and account status (entitlement status indicating access level) — to deliver paid features.

To exercise any California right, email support@zerovectorapps.com with the subject line "California Privacy Request" and your account email. You may also designate an authorized agent to submit a request on your behalf, subject to verification.

We use industry-standard safeguards (encryption in transit, scoped service accounts, audit logging, least-privilege access) to protect your information. No system is perfectly secure; we cannot guarantee absolute security.

If we discover a security incident that compromises your personal information, we will:

• Investigate, contain, and assess the scope of the incident without undue delay.
• Notify affected individuals in accordance with applicable law, including the Florida Information Protection Act (FIPA, Fla. Stat. §501.171), which generally requires notification within 30 days of determining a breach has occurred.
• Notify the Florida Attorney General and any other state, federal, or foreign authorities (including supervisory authorities under the GDPR) where required by law.

Notifications will describe, to the extent known, the categories of information involved, the date of the incident, the steps we are taking, and the steps you can take to protect yourself.

The Service is hosted in the United States. By using the Service from outside the US, you understand that your information will be transferred to and processed in the US, which may have data protection laws that differ from those of your country.

The Service is not directed to children under 18 and we do not knowingly collect personal information from them. If you believe we have inadvertently collected information from a minor, contact us and we will delete it.

We may update this policy from time to time. Material changes will be announced on the Service and will take effect on the updated effective date shown above. Your continued use of the Service after changes take effect constitutes acceptance.

Privacy questions or requests: support@zerovectorapps.com .