Privacy Policy

1. What we collect

Account information. Your name and email address to create and manage your account. Optional: your TOTP secret if you enable two-factor authentication. We store passwords only as bcrypt hashes and TOTP secrets encrypted at rest.

Workspace and team data. Workspace names, member roles, and invites. Other members of your workspace can see your name and email.

Uploaded documents. PDFs, spreadsheets, and other files you upload for analysis. Temporary files used during analysis are deleted after processing. Files you explicitly attach to a deal are retained as part of that deal.

Analysis results. The outputs generated from your analysis (memos, financial data, scores) are stored in our database so you can access your history. These are scoped to your account and/or workspace and are not shared with other users.

Payment information. Processed entirely by Stripe. We never see or store card numbers, CVCs, or billing addresses. We receive only a Stripe customer ID and subscription status.

Usage metadata. Counts of analyses run per week (for plan limits), timestamps of authentication events, IP addresses associated with login attempts (for security). We do not run third-party advertising trackers.

Security audit log. Every authentication event, admin action, billing change, and workspace invite is written to an immutable audit log with actor, IP, timestamp. This is a core security control; see our Security page.

2. How we use your data

• To provide and improve the IB Copilot service
• To manage your account, workspace, and subscription
• To enforce usage limits and fair-use controls
• To communicate with you about your account (e.g., password resets, security notices)
• To detect and prevent abuse, fraud, and security incidents
• To meet legal and accounting obligations (billing records, audit retention)

We do not sell, rent, or share your data with third parties for marketing purposes. We do not train AI models on your data.

3. Subprocessors

To deliver the service, we rely on a small number of carefully vetted subprocessors. Each handles a specific, scoped function:

• Railway — application hosting and primary database.
• Vercel — frontend hosting.
• Stripe — all payment processing.
• Twilio SendGrid — transactional email delivery.
• Anthropic, OpenAI — AI model inference. Data sent is covered by their enterprise no-training agreements.
• Sentry — error tracking (PII scrubbed before transmission).
• UptimeRobot — uptime monitoring (sees only public URLs).

Current list is also available on our Security page. Enterprise customers can request 30 days' notice before material changes.

4. How we protect your data

• TLS 1.3 encryption for all network traffic
• Database volumes encrypted at rest by our infrastructure provider
• Application-level encryption (Fernet) on sensitive fields: MFA secrets, password reset tokens
• Passwords stored as bcrypt hashes with per-password salts
• Logs scrubbed of secrets before reaching our logging provider
• Per-workspace role-based access control (owner / admin / member / viewer)
• Automatic lockout after repeated failed login attempts; two-factor auth available
• Weekly automated vulnerability scans; annual manual security review

Full control inventory: ibcopilot.ai/security.

5. Data retention

• Account data — kept until you delete your account.
• Deals and analyses — kept until you or your workspace admin deletes them, or until your account is closed.
• Uploaded temporary files — deleted immediately after processing.
• Security audit log — 365 days (may be retained longer where required by law).
• Login attempt history — 30 days.
• Expired password reset tokens — purged within 7 days of expiry.
• Billing records — retained for 7 years as required by US tax law.

6. Your rights

Depending on where you live, you have various rights over your personal data:

• Access — download a structured archive of all the data we hold about you. Self-serve at /settings/privacy.
• Deletion — permanently erase your account and associated data. Self-serve at the same URL.
• Correction — edit profile fields from /settings. For fields you can't edit directly, email support@ibcopilot.ai.
• Portability — the export format (JSON in a ZIP) is interoperable and machine-readable.
• Objection / restriction — contact support@ibcopilot.ai to restrict specific uses of your data. Where the use is essential to providing the service, we will explain what you can expect if the restriction is applied.
• Complaint — you may lodge a complaint with your local supervisory authority (e.g. an EU Data Protection Authority).

We respond to verified requests within 30 days. We may ask you to re-authenticate before taking irreversible actions.

7. International data transfers

Our primary infrastructure is in the United States. If you access IB Copilot from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses and equivalent mechanisms with our subprocessors where required by law. EU-resident deployment options are available for enterprise customers on request.

8. Children

IB Copilot is a professional product used by people over 18. We do not knowingly collect information from minors. If you believe we have collected information from someone under 18, contact support@ibcopilot.ai and we will delete it.

9. Changes to this policy

We may update this policy to reflect new features, legal requirements, or operational changes. Material changes are announced by email to registered users at least 30 days before they take effect. The "last updated" date at the top of this page always reflects the current version.

10. Contact

Privacy, data, and general inquiries: support@ibcopilot.ai
Security issues: security@ibcopilot.ai (see also our vulnerability disclosure policy)

Data controller: IB Copilot. For EU/UK residents, written requests may be sent to the contact email above.