PRIVACY POLICY

Effective Date: March 28, 2025
Last Updated: March 28, 2025

1. INTRODUCTION

DeepStreet.io ("DeepStreet," "we," "our," or "us"), located at 151 Bodman Pl, Suite 201, Red Bank, NJ 07701, USA, respects your privacy and is committed to protecting your Personal Information. This Privacy Policy explains how we collect, use, disclose, secure, and otherwise process Personal Information when you access or use our website, deepstreet.io, associated mobile applications (if any), and related online services, including participation in our author programs (collectively, the "Services").

"Personal Information" generally means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

Please read this Privacy Policy carefully. By accessing, using, or providing information to us through the Services, you acknowledge that you have read, understood, and agree to the collection, use, disclosure, and other processing of your Personal Information as described in this Privacy Policy. If you do not agree with the terms herein, please do not access or use the Services or provide Personal Information to us.

2. INFORMATION WE COLLECT

We collect various types of Personal Information depending on how you interact with our Services. The categories of Personal Information we may collect include:

2.1 Information You Provide Directly:

• Identifiers and Contact Information: Such as your first and last name, email address, username, and any other identifiers you provide when registering for an account, subscribing to newsletters, participating in author programs, or contacting us.
• Account Credentials: Such as your username and password used to access your account on the Services.
• Profile Information: Information you voluntarily add to your user profile, which may include professional affiliations, expertise descriptions, social media links, or other details if you participate in our author programs or choose to share.
• User-Generated Content: Any content you create, post, or submit through the Services, such as comments, articles, forum posts, or messages.
• Communication Information: Records and copies of your correspondence if you contact us (e.g., emails, support tickets).

2.2 Information Collected Automatically:

• Usage and Interaction Data: Details of your visits to and interactions with our Services, including traffic data, logs, content viewed or interacted with (including specific stocks, tickers, or financial topics), pages visited, clicks, scrolling activity, session duration, reading patterns, feature usage, and referring/exit URLs.
• Device and Technical Information: Information about your computer, mobile device, and internet connection, including IP address, operating system type and version, browser type and version, device identifiers (like MAC address or advertising ID), screen resolution, language settings, and general location derived from IP address.

2.3 Information from Third Parties:

• Third-Party Service Providers: We may receive information from service providers who assist us in operating the Services, such as analytics providers or security services.
• Financial Data Providers: We integrate financial market data (e.g., stock prices, market trends) from third-party APIs. This is generally aggregated market data, not your personal financial account information.
• Business Partners: We may receive information from partners with whom we collaborate on specific services or features.

2.4 Financial Data Considerations:

• Market Information: We process financial market and trading information obtained via third-party APIs for display and analysis within the Services.
• Content Preferences: We infer your interests in financial topics, sectors, or specific securities based on your usage patterns to personalize your experience.
• No Sensitive Financial Account Data: We do not collect or store sensitive financial account information like bank account numbers, brokerage account details, or full credit card numbers through the standard use of our Services. If specific premium services require payment, payment processing will be handled by a third-party payment processor subject to their own privacy policy, and we typically only receive confirmation of payment and limited transaction details (e.g., last four digits of a card).

3. HOW WE COLLECT YOUR INFORMATION

We collect the Personal Information described above through various means:

• Directly from You: When you voluntarily provide it to us (e.g., filling out forms, registering, posting content, contacting support).
• Automatically: As you navigate through and interact with our Services, using technologies like cookies, web beacons, pixels, and server logs (see Section 8 for details).
• From Third-Party Sources: As described in Section 2.3.

4. LEGAL BASIS FOR PROCESSING (FOR EEA, UK, AND SWISS USERS)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your Personal Information based on the following legal grounds under the General Data Protection Regulation (GDPR) or applicable local laws:

• Performance of a Contract: Processing is necessary to provide the Services you requested, manage your account, and fulfill our contractual obligations to you (e.g., Article 6(1)(b) GDPR).
• Legitimate Interests: Processing is necessary for our legitimate interests, provided these interests are not overridden by your fundamental rights and freedoms (e.g., Article 6(1)(f) GDPR). Our legitimate interests include:
  • Providing, maintaining, improving, and personalizing the Services.
  • Understanding how our Services are used to enhance user experience.
  • Ensuring the security and integrity of our Services.
  • Conducting analytics and business intelligence.
  • Communicating with users about the Services (non-promotional).
  • Marketing our Services (where consent is not required).
  • Preventing fraud and enforcing our terms.
  • Complying with legal and regulatory requirements indirectly related to core service provision.
• Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject (e.g., responding to lawful requests from authorities, certain record-keeping requirements) (e.g., Article 6(1)(c) GDPR).
• Consent: Processing is based on your specific, informed, and freely given consent for one or more particular purposes (e.g., for certain types of cookies or direct marketing communications) (e.g., Article 6(1)(a) GDPR). You have the right to withdraw your consent at any time.

5. HOW WE USE YOUR INFORMATION

We use the Personal Information we collect for various business and operational purposes, including:

• Providing and Managing Services: To operate, maintain, deliver, and improve the features and functionality of our Services; create and manage your account; authenticate users.
• Personalization: To tailor the content, recommendations, financial insights, and advertisements (if applicable) you see based on your preferences, interests, and interactions.
• Analytics and Improvement: To monitor and analyze usage trends, user behavior, and technical performance to understand how users interact with the Services, diagnose problems, develop new features, and improve overall quality.
• Communication: To communicate with you regarding your account, service updates, security alerts, policy changes, transactional matters, and to respond to your inquiries and provide customer support.
• Marketing and Promotions: To send you promotional materials, newsletters, or information about products and services that may interest you, subject to your preferences and applicable law (you may opt-out as described in Section 9).
• Security and Fraud Prevention: To protect the security and integrity of our Services, systems, and users; detect, investigate, and prevent fraudulent activities, unauthorized access, and other illegal conduct.
• Legal Compliance and Enforcement: To comply with applicable laws, regulations, subpoenas, court orders, or other legal processes; respond to lawful requests from public and government authorities; enforce our Terms of Service; protect our rights, privacy, safety, or property, and/or that of you or others.
• Financial Content Delivery: To provide relevant financial market data, analysis tools, and curated content based on user interests and market trends. Note: This is for informational and educational purposes only and does not constitute personalized investment advice.

6. HOW WE SHARE YOUR INFORMATION

We do not sell your Personal Information in the traditional sense. We also do not "share" Personal Information for cross-context behavioral advertising as defined by the CPRA. We may disclose your Personal Information to the following categories of third parties under specific circumstances:

6.1 Service Providers

We share Personal Information with third-party vendors, consultants, and other service providers who perform services on our behalf. These providers are contractually obligated to protect your information and use it only for the specific services they provide to us, such as:

• Cloud Hosting & Infrastructure: Providers like Supabase, Xano, AWS, Google Cloud, Azure for data storage and application hosting. (Data shared: potentially all categories depending on the service).
• Analytics Providers: Services like PostHog, Google Analytics to help us understand usage patterns. (Data shared: Usage Data, Device/Technical Info, potentially pseudonymized identifiers).
• Communication Platforms: Email delivery services (for newsletters, notifications), customer support platforms. (Data shared: Contact Info, Communication Info).
• Security Providers: Services that help protect against fraud, spam, and security threats. (Data shared: Usage Data, Device/Technical Info, IP addresses).
• Payment Processors: (If applicable for premium services) To process payments securely. (Data shared: Transaction details as needed, processed primarily by the processor).

6.2 Legal and Regulatory Disclosures

We may disclose your Personal Information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation, regulation, court order, subpoena, or other valid legal process.
• Cooperate with law enforcement, government authorities, or regulatory bodies (including financial regulators like the SEC or FINRA, where applicable to our record-keeping or reporting obligations).
• Protect and defend the rights, property, or safety of DeepStreet.io, our users, or the public.
• Enforce our Terms of Service or other agreements.
• Detect, prevent, or otherwise address fraud, security, or technical issues.

6.3 Business Transfers

In the event of a proposed or actual merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your Personal Information may be disclosed or transferred as part of the transaction, subject to standard confidentiality agreements. We will notify you via email and/or a prominent notice on our Services of any change in ownership or uses of your Personal Information, as well as any choices you may have.

6.4 With Your Consent

We may share your Personal Information with other third parties when we have your explicit consent to do so.

6.5 Publicly Shared Information

Information you voluntarily make public through the Services (e.g., comments, public profile information, articles if you are an author) may be accessible to others.

7. DATA RETENTION

We retain your Personal Information only for as long as necessary to fulfill the purposes for which it was collected, including providing the Services, managing your account, complying with our legal obligations, resolving disputes, enforcing our agreements, and for legitimate business purposes. The criteria used to determine our retention periods include:

• The duration of your active relationship with us (e.g., maintaining an account).
• The necessity of the data to provide the Services.
• The existence of a legal, regulatory, contractual, or similar obligation to retain the data (e.g., mandatory record-keeping laws, litigation holds).
• Whether retention is advisable based on our legal position (e.g., regarding statutes of limitations, potential litigation, or regulatory investigations).

When Personal Information is no longer required for these purposes, we will securely delete or anonymize it in accordance with applicable laws and our internal policies. Anonymized data may be retained indefinitely for analytics and improvement purposes.

8. COOKIES AND SIMILAR TECHNOLOGIES

We and our third-party partners use cookies, web beacons (pixels), log files, and similar tracking technologies (collectively, "Cookies") to collect information automatically, enhance your experience, and analyze usage patterns.

8.1 What are Cookies?

• Cookies: Small text files stored on your device (computer or mobile).
• Web Beacons (Pixels): Tiny electronic images embedded in web pages or emails that allow us to track actions like opening an email or visiting a page.

8.2 Types of Cookies We Use:

• Essential/Strictly Necessary Cookies: Required for the basic functionality of the Services (e.g., user authentication, security, maintaining sessions). These cannot be disabled through our systems.
• Functional Cookies: Allow us to remember your choices and preferences (e.g., language, username) to provide enhanced, personalized features.
• Analytics/Performance Cookies: Help us understand how users interact with the Services by collecting information about page visits, traffic sources, performance metrics, and error tracking. This helps us improve the Services. (e.g., PostHog, Google Analytics).
• Targeting/Advertising Cookies: Used by us or third parties to deliver content or advertisements that may be relevant to your interests based on your browsing activities. We currently do not deploy third-party targeting/advertising cookies for cross-context behavioral advertising.

8.3 Your Cookie Choices:

• Browser Settings: Most web browsers allow you to manage your cookie preferences. You can typically set your browser to refuse some or all cookies, or to alert you when cookies are being sent. Instructions are usually found in the 'Help', 'Tools', or 'Edit' menus of your browser. Please note that disabling essential cookies may impact the functionality of the Services.
• Cookie Consent Tool: We may provide a cookie consent banner or management tool allowing you to customize your non-essential cookie preferences.
• Opt-Out Links: For third-party analytics or advertising cookies, you may be able to opt-out directly via their websites (e.g., Google Analytics Opt-out Browser Add-on, NAI opt-out page, DAA opt-out page at aboutads.info/choices).

8.4 Do Not Track (DNT):

Some web browsers incorporate a "Do Not Track" feature. Because there is no uniform standard for DNT signals, our Services do not currently respond to DNT browser settings or signals. We will continue to monitor industry standards and may adapt our practices if a standard emerges.

9. YOUR PRIVACY RIGHTS AND CHOICES

Depending on your jurisdiction, you may have certain rights regarding your Personal Information. We provide the following options to all users where feasible:

• Access and Update Account Information: You can review and update certain account information by logging into your account settings.
• Opt-Out of Promotional Communications: You can opt-out of receiving promotional emails from us by following the unsubscribe instructions included in those emails or by contacting us directly. Please note that you may still receive essential service-related and transactional communications.
• Cookie Management: You can manage cookies as described in Section 8.3.

Specific Jurisdictional Rights:

9.1 Residents of the EEA, UK, and Switzerland:

Under the GDPR and applicable local laws, you have the following rights:

• Right to Access: Request a copy of the Personal Information we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete Personal Information.
• Right to Erasure ('Right to be Forgotten'): Request deletion of your Personal Information under certain conditions (e.g., if it's no longer necessary for the purposes collected, or if you withdraw consent).
• Right to Restrict Processing: Request limitation of our processing of your Personal Information under certain conditions.
• Right to Data Portability: Request to receive your Personal Information in a structured, commonly used, machine-readable format and to transmit it to another controller where processing is based on consent or contract and carried out automatically.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right related to Automated Decision-Making: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (unless necessary for contract, authorized by law, or based on explicit consent).
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
• Right to Lodge a Complaint: Lodge a complaint with a supervisory authority in your country of residence, place of work, or place of the alleged infringement.

9.2 Residents of California:

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), you have the following rights:

• Right to Know/Access: Request information about the categories and specific pieces of Personal Information we have collected, used, disclosed, and sold/shared about you in the preceding 12 months; the categories of sources; the business purposes; and the categories of third parties involved.
• Right to Delete: Request deletion of your Personal Information, subject to certain exceptions (e.g., necessary to complete a transaction, detect security incidents, comply with legal obligations).
• Right to Correct: Request correction of inaccurate Personal Information we maintain about you.
• Right to Opt-Out of Sale/Sharing: Request to opt-out of the "sale" of your Personal Information and the "sharing" of your Personal Information for cross-context behavioral advertising. As stated above, DeepStreet.io does not currently "sell" Personal Information or "share" Personal Information for cross-context behavioral advertising.
• Right to Limit Use and Disclosure of Sensitive Personal Information (SPI): Request limitation of the use and disclosure of SPI to only that which is necessary to perform the services or provide the goods reasonably expected by an average consumer. We only use SPI like account credentials for necessary service provision and security.
• Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA/CPRA rights.
• Shine the Light: California residents may request information regarding the disclosure of Personal Information to third parties for their direct marketing purposes once per calendar year. We do not share Personal Information with third parties for their own direct marketing purposes.
• Authorized Agent: You may designate an authorized agent to make requests on your behalf. We will require verification of both your identity and the agent's authority.

9.3 Residents of Nevada:

Nevada residents have the right to opt-out of the "sale" of certain "covered information" (as defined under Nevada law) to third parties who intend to license or sell that information. We do not engage in such sales. If you are a Nevada resident and wish to submit such a request should our practices change, please contact us.

9.4 How to Exercise Your Rights:

To exercise any applicable privacy rights, please contact us using the methods provided in Section 15 ("Contact Information"). We will respond to your request consistent with applicable law. To protect your privacy and security, we may need to verify your identity before processing your request. This may involve asking you to provide information matching our records or logging into your account. We aim to respond within the timeframes required by law (e.g., typically within 30-45 days for CCPA/GDPR requests, potentially extendable). If we deny your request, we will explain the reasons. You may have the right to appeal a denial in certain jurisdictions.

10. DATA SECURITY

We implement reasonable and appropriate technical, administrative, and physical safeguards designed to protect the Personal Information we process from unauthorized access, use, disclosure, alteration, loss, or destruction. These measures include, but are not limited to:

• Use of encryption for certain data in transit (e.g., SSL/TLS) and at rest where appropriate.
• Implementation of access controls and authentication mechanisms.
• Regular security monitoring and assessments of our systems.
• Internal policies and procedures regarding data handling and security.
• Employee training on data protection and security best practices.

However, please be aware that no security system is impenetrable. We cannot guarantee the absolute security of your information, and transmission of information via the internet is not completely secure. Any transmission is at your own risk. You are also responsible for maintaining the confidentiality of your account credentials and notifying us immediately of any suspected unauthorized access or use.

11. INTERNATIONAL DATA TRANSFERS

DeepStreet.io is headquartered in the United States, and our primary data processing activities occur in the United States. If you access our Services from outside the United States, your Personal Information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers are located. These countries may have data protection laws that are different from, and potentially less protective than, the laws of your country of residence.

For transfers of Personal Information from the EEA, UK, or Switzerland to the United States or other countries not deemed adequate by the European Commission or relevant authorities, we rely on appropriate transfer mechanisms as required by applicable law. These may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission (and the UK Addendum where applicable).
• Your explicit consent for the transfer, after having been informed of the possible risks.
• Other legal bases permitted by applicable law.

By using our Services, you acknowledge and consent to the transfer of your Personal Information to the United States and potentially other jurisdictions as described herein, subject to the implementation of required safeguards where applicable.

12. CHILDREN'S PRIVACY

Our Services are not directed to or intended for use by individuals under the age of 16 (or the relevant age of majority for privacy consent in your jurisdiction). We do not knowingly collect Personal Information from children under 16. If we learn that we have inadvertently collected Personal Information from a child under 16 without verifiable parental consent, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child under 16 has provided us with Personal Information, please contact us immediately at privacy@deepstreet.io.

13. FINANCIAL DATA COMPLIANCE AND DISCLAIMERS

While our Services involve financial content and data, please note:

• Not Investment Advice: DeepStreet.io does not provide personalized financial, investment, legal, or tax advice. All content and data provided through the Services are for informational and educational purposes only. You should consult with qualified professionals before making any financial decisions.
• Accuracy of Information: We strive to provide accurate and up-to-date financial market data obtained from third-party sources, but we do not guarantee its accuracy, completeness, or timeliness. Market data may be delayed.
• Regulatory Compliance: We aim to comply with applicable regulations concerning the publication of financial information and record-keeping where required. This may involve retaining certain communication records or usage data as mandated by law, separate from our general retention policies.

14. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, service offerings, legal requirements, or other factors. If we make material changes, we will notify you by:

• Posting the updated Privacy Policy on our Services and updating the "Last Updated" date at the top.
• Sending an email notification to the email address associated with your account (if you have one).
• Displaying a prominent notice within the Services prior to the change becoming effective.

Your continued use of our Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically for any updates.

15. CONTACT INFORMATION

If you have any questions, comments, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

By Mail:DeepStreet.ioAttn: Privacy Compliance151 Bodman Pl, Suite 201Red Bank, NJ 07701USA

By Email:privacy@deepstreet.io

By Phone:(732) 555-0199

EEA/UK Representative:We have not designated a formal representative in the EEA or UK at this time but can be reached via the contact methods above.

16. DATA BREACH NOTIFICATION

In the event of a data breach involving your Personal Information that poses a risk to your rights and freedoms, we will take appropriate steps to mitigate the impact and will notify you and relevant regulatory authorities as required by applicable law. Notifications will describe the nature of the breach, the likely consequences, the measures we have taken or propose to take, and provide contact information for further inquiries.

17. THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party websites, applications, financial data sources (e.g., SEC EDGAR), news articles, or other external services that are not operated or controlled by DeepStreet.io. This Privacy Policy does not apply to the practices of these third parties. We are not responsible for the privacy policies or practices of such third parties. We encourage you to review the privacy policies of any third-party service before providing any Personal Information to them.

18. GOVERNING LAW

This Privacy Policy and any disputes related thereto shall be governed by and construed in accordance with the laws of the State of New Jersey, USA, without regard to its conflict of law provisions. This choice of law does not deprive consumers of the protection afforded to them by mandatory provisions of the law of their country of habitual residence where applicable.

19. SEVERABILITY

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such finding shall not affect the validity, legality, or enforceability of the remaining provisions, which shall continue in full force and effect.

‍