Privacy Policy.

Veridion Markets ("Veridion," "we," "us") respects your privacy. This policy explains what data we collect, how we use it, who we share it with, and the rights you have over it. We wrote this in plain English. If anything's unclear, write to privacy@veridionmarkets.com.

01Who we are

Veridion Markets is a financial-information platform operated by Veridion Markets LLC (Delaware). Our website is veridionmarkets.com. Veridion is not a registered investment adviser. Nothing on the platform constitutes investment advice.

02What we collect

Account data

• Email address — for account login and product communications.
• Hashed password — stored as a one-way salted hash. We never see or store your plaintext password.
• Account creation date + last sign-in timestamp.

Product data

• Watchlists, portfolios, alerts, notes you create on the platform.
• Preferences — sectors selected, custom Score weights, theme.
• AI usage — tokens consumed per AI call, for cost tracking + tier rate-limiting. We do not store the content of your chat messages beyond what's required to deliver the immediate response.

Payment data

• We never see your credit card. All payment information is handled by Stripe (PCI DSS Level 1 certified). We store only the Stripe customer ID and subscription status returned by their API.

Technical data

• IP address (used for rate limiting and abuse prevention; never sold).
• Browser type, device type, referrer URL.
• Page-view analytics via a privacy-preserving analytics provider (aggregated, no individual tracking IDs sold or shared with third parties).

03How we use your data

• Provide the platform — render your dashboards, run your alerts, generate your AI brief, deliver your daily emails.
• Process payments via Stripe.
• Send product transactional emails (signup confirmation, password reset, billing receipts).
• Detect and prevent abuse, fraud, and unauthorized access.
• Improve the platform — aggregate, anonymized analytics on which features are used.
• Comply with legal obligations.

We do not sell your data to third parties. We do not use your personal data to train any AI model. Our LLM provider operates under a zero-retention agreement; chat content is not used to train their models.

04Who we share with

We use a small set of carefully selected sub-processors, each contractually bound to protect your data. We categorize them below; a current named list is available on request by emailing privacy@veridionmarkets.com.

• Cloud hosting & CDN — application delivery and global edge caching. SOC 2 Type II certified provider.
• Managed database & authentication — encrypted data storage and account authentication. SOC 2 Type II certified provider. Data hosted in the United States.
• Payment processing — handled by Stripe (PCI DSS Level 1). Stripe is named here because they appear directly in your browser during checkout.
• AI / language model — large-language-model provider under a zero-retention agreement. Chat content is not used for model training.
• Market data providers — licensed equities, ETF, and crypto data feeds. We send only ticker symbols; no personal data is transmitted.
• Transactional email delivery — sends account confirmations, password resets, and billing receipts. No marketing data sent.
• Error monitoring & performance — captures application errors so we can fix bugs. Stack traces and request paths only; personal data is scrubbed.

We will disclose your data if required by valid legal process (subpoena, court order). We will notify you of any such request unless legally prohibited.

05How long we keep it

• Active accounts — for the lifetime of the account.
• Closed accounts — deleted within 30 days of closure, except billing records retained for 7 years per US tax law.
• AI usage logs — 90 days for rate-limiting, then aggregated and anonymized.
• Server logs — 30 days.

06Your rights (GDPR + CCPA)

Whether you live in the EU, UK, California, or anywhere else, you have the following rights over your personal data:

• Access — request a copy of all data we hold on you. Email privacy@veridionmarkets.com. We respond within 30 days.
• Correction — fix anything that's wrong via your account settings or by emailing us.
• Deletion — request deletion of your account and all associated data. We comply within 30 days unless legally required to retain (billing records).
• Portability — receive your data in JSON format.
• Objection — opt out of any non-essential processing.
• Withdraw consent — for any processing that requires consent.
• Complaint — lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@veridionmarkets.com from the email address registered to your account.

07Cookies + tracking

Veridion uses only essential cookies — primarily the authentication cookie that keeps you signed in. We do not use third-party advertising cookies. We do not use cross-site tracking pixels. We do not sell or share your browsing behavior with advertisers or data brokers.

Analytics are aggregated in privacy-preserving mode. No individual user is identified in our analytics.

08Security

We take security seriously:

• TLS 1.3 encrypts all data in transit.
• Data is encrypted at rest using AES-256.
• Row-level access control means you can only see your own data, enforced at the database layer.
• Passwords are salted and one-way hashed. We never see your plaintext password.
• Sessions are HttpOnly cookies — not accessible to JavaScript, immune to XSS-based session theft.
• Rate-limiting on auth endpoints prevents credential-stuffing attacks.

The public Security posture page documents the current security baseline, known gaps, and coordinated disclosure process.

No system is perfectly secure. If you suspect your account has been compromised, change your password and email security@veridionmarkets.com immediately.

09Children

Veridion is not intended for users under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has registered, email us and we will delete the account.

9bAggregate and derivative data

We compute outputs from your activity that are not personally identifiable — for example, anonymous counts of how many users viewed a given stock symbol on a given day, or sector-level breakdowns of watchlist composition across cohorts of 50+ users. We retain rights to these aggregate, anonymized, and derivative datasets — including the right to publish them, license them to third parties (such as institutional research clients), and use them to improve the Veridion Score. Three guarantees:

• We never link your identity to a ticker, position, or trade in any external feed. Datasets we publish or license are always cohort-aggregated with a k-anonymity floor of at least 50 users per row — meaning no individual user's behavior can be inferred.
• We never sell or license your individual portfolio positions, alert history, chat messages, or saved notes — under any circumstances, even with consent. These are personal to your account.
• You can request that your account be excluded from aggregate datasets. Email privacy@veridionmarkets.com; we will tag your account as opt-out within 7 business days. Note: this does not affect raw signals computed from public sources (e.g. Congress filings, SEC Form 4s) — only your behavioral interaction with the platform.

These rights are necessary to operate the platform sustainably and to fund the truth-first methodology you see at our methodology page. Without aggregate-data revenue, the Score and Congress feeds couldn't remain affordable to retail.

10Changes to this policy

If we make material changes to this policy, we will email registered users at least 14 days before the changes take effect, and post a banner on the platform. The effective date at the top of this page tracks the latest version.

11Contact us

Privacy questions, security concerns, and general inquiries: privacy@veridionmarkets.com
(Use subject line "Privacy", "Security", or "General" so we route correctly.)

Veridion Markets LLC · Delaware · MMXXVI