Privacy Policy

Last updated: April 2026

1. Information We Collect

We collect information you provide directly: email address, name, and investment preferences when you create an account. We also collect usage data including tickers searched, analyses requested, and platform interaction patterns.

2. How We Use Your Information

Your data is used exclusively to provide and improve the SoiKio analysis service. We use search and interaction data to personalise your experience (e.g., morning brief content). We never sell, share, or monetise your personal data or investment activity.

3. Data Storage & Security

Data is stored in a secure PostgreSQL database with row-level security enabled on all tables. Authentication is handled with encrypted credentials. All data in transit is encrypted via TLS 1.3.

4. Cookies

We use functional cookies for session management, A/B variant assignment, and preserving your searched ticker during signup. We do not use third-party tracking cookies. You can clear cookies at any time through your browser settings.

5. Your Rights

Under GDPR (UK/EU), you have the right to access, correct, delete, or export your personal data. Under CCPA (California), you have additional rights regarding data sale (we do not sell data). Contact privacy@soikio.com for any data requests.

6. Jurisdictions

SoiKio is operated by DATAXYZCONNECT LTD, registered in the United Kingdom. This privacy policy complies with FCA (UK), SEC (US), and MAS (Singapore) data protection requirements as applicable to our service classification.

7. Third-Party Processors

We share data with the following processors to operate the SoiKio service:

  • Supabase Inc. (US) — database hosting, authentication, and real-time features.
  • Anthropic PBC (US) — AI analysis via the Claude API. Only financial market data is sent to Anthropic for analysis; no personal user data (emails, names) is included in AI prompts.
  • Cloudflare Inc. (Global) — web hosting, CDN, and edge caching.
  • Stripe Inc. (US) — payment processing.
  • Google LLC (US) — Google Drive for report storage.

8. Data Retention

We retain different categories of data for different periods:

  • User accounts — retained until account deletion is requested.
  • Analysis results — retained for 12 months.
  • Market data (intraday) — 30 days.
  • Ingestion logs — 90 days.
  • Market snapshots — 365 days.
  • Audit logs — 24 months.
  • Gate sessions — 90 days.

9. Legal Basis for Processing (Article 6 GDPR)

  • Account data (email, name) — Contractual necessity (Art. 6(1)(b)).
  • Usage data (tickers searched, analyses) — Legitimate interest (Art. 6(1)(f)) for service improvement.
  • Email capture (pre-signup) — Consent (Art. 6(1)(a)).
  • AI analysis via Anthropic — Contractual necessity (Art. 6(1)(b)).
  • Analytics cookies — Consent (Art. 6(1)(a)).
  • Security logging — Legitimate interest (Art. 6(1)(f)).

10. International Data Transfers

SoiKio is operated by DATAXYZCONNECT LTD, registered in the United Kingdom. Data may be transferred to the United States via our processors (Supabase, Anthropic, Cloudflare, Stripe). These transfers are safeguarded by the UK-US Data Bridge and Standard Contractual Clauses (SCCs) where applicable.

11. Automated Decision-Making (Article 22 GDPR)

AI-generated investment analysis on our platform uses automated processing but does not constitute automated decision-making with legal effects. All analysis outputs are informational only; users make their own investment decisions. You may request human review of any AI-generated analysis by contacting privacy@soikio.com.

12. Contact

For privacy enquiries: privacy@soikio.com