NEPSESIGNAL
    Privacy

    Privacy Policy

    Short version: we collect the minimum we need to run the platform, we never sell your data, and you can email us anytime to delete your account.

    Effective 31 May 2026

    1. What we collect

    • Account info — email, display name, and a hashed password (or your OAuth identifier if you sign in with Google).
    • Your inputs — watchlists, BOIDs you save for IPO lookups, paper-trading portfolios, feedback posts, chat queries.
    • LLM API keys — if you choose to plug in your own OpenAI / Gemini / OpenRouter / NVIDIA key, we store it encrypted at rest and only use it to fulfil your own requests.
    • Usage data — pages viewed, requests made, IP address, browser type, referrer. Standard server-log stuff.

    2. How we use it

    To run the Service — show you your watchlist, answer your AI queries with your own LLM key, send transactional email (password resets, IPO alerts you've opted into), detect abuse, and improve features. That's it.

    3. What we don't do

    • We don't sell or rent your personal data — ever.
    • We don't share your watchlist, portfolio, or BOIDs with third parties for marketing.
    • We don't pipe your AI chats to a vendor you didn't authorise. Bring-your-own-key means the request goes to your provider, not ours.
    • We don't run third-party ad-tracking pixels (no Facebook Pixel, no Google Ads remarketing).

    4. Cookies

    We use a small set of first-party cookies / localStorage items: one to keep you signed in, one to remember your theme preference (light / dark), and a cache key for query results so the app loads fast on refresh. We use privacy-friendly analytics (no cross-site tracking) to count visitors and see which pages are popular.

    5. Third parties we rely on

    We use a handful of vendors strictly to run the platform — cloud hosting, email delivery, error monitoring, and CDN/DDoS protection. Each one gets only the data it needs, and contracts oblige them to keep it confidential. We do not share your data with any party outside this operational scope.

    6. Your rights

    You can request to see, export, correct, or delete the data we hold on you at any time. Email info@nepsesignal.com and we'll handle it within 30 days. Account deletion wipes your watchlists, BOIDs, saved API keys, and paper-trading history.

    7. Data retention

    Account data lives as long as your account does. Server logs are kept for up to 90 days for security and debugging, then rotated out. Backups roll on a 30-day cycle.

    8. Security

    Passwords are hashed (never stored in plain text). LLM API keys are encrypted at rest. All traffic between you and the platform is HTTPS. No system is 100% bulletproof, but we apply industry-standard practice and patch quickly when an issue surfaces.

    9. Children

    The Service is not directed at children under 18. If you believe a child has given us personal data, email us and we'll delete it.

    10. Changes to this policy

    If we make material changes, we'll bump the "Effective" date at the top and post a notice on the platform. Continued use after the change means you accept the updated policy.

    11. Contact us

    Questions or requests? We're one email away.

    See full contact details →

    Disclaimer · Nepse Signal provides market data and analysis for informational purposes only — not investment advice. Trading securities involves risk, including loss of principal. Always make your own decisions and consult a licensed professional before acting. Read our full Terms of Use.