Last updated: 11 May 2026

This Privacy Policy explains how gAInXalpha (operated from 19 Queen Elizabeth Street, London, Southwark, SE1 2LP, United Kingdom) collects, uses, and protects personal data when you visit gainxalpha.com and use our AI-powered market intelligence services. We act as the data controller for the personal data described below. If you have any questions, contact us at support@gainxalpha.com.

1. What we do

gAInXalpha operates a proprietary predictive engine that ingests public market data and news, scores forward-looking signals across configurable time horizons (2-week, 1-month, 3-month), and automatically publishes daily articles summarising those signals. Subscribers can also create watchlists, request deep-dive reports, and access full sector analyses. We are not a regulated financial advisor; we publish market intelligence for informational and educational use only.

2. Data we collect

  • Account data: the username, first name, last name, email address, and hashed password you provide when registering for the Free Guest, Advisor, or Institutional plan.
  • Subscription & payment data: the plan you chose, its status, billing dates, and a reference token returned by our payment processor (Stripe). We never store full card numbers, CVCs, or bank details on our servers — card collection happens entirely inside Stripe’s PCI-DSS environment.
  • User-generated content: watchlists, deep-dive requests, and any messages you send to support.
  • Usage data: IP address, browser and device information, pages viewed, referrer, language preference, and approximate location derived from IP — collected automatically through standard server logs and analytics cookies (where consented).
  • Cookies and similar technologies: see Section 6 for the full breakdown.

3. Why we process it (legal bases under GDPR / UK GDPR)

  • Performance of a contract — creating and maintaining your account, billing your subscription, granting access to premium content, and providing customer support.
  • Legitimate interest — securing the site, preventing fraud and abuse, improving our predictive models, and analysing aggregated usage patterns (no individual profiling for marketing).
  • Consent — non-essential cookies, marketing emails, and any optional features that explicitly ask before activating. You may withdraw consent at any time.
  • Legal obligation — retention of accounting records, response to lawful regulatory or law-enforcement requests.

4. How AI processes your inputs

Our articles and forecasts are produced by an automated pipeline that combines public market data (price history, fundamentals, news from licensed providers) with large language models that synthesise the output text. We do not feed your private account data, watchlists, or messages into third-party LLMs. If you submit a support message, only its text is shared with the human support agent. Any improvements to our predictive models are made on anonymised or aggregated signals.

5. Who we share data with

We do not sell personal data. We share strictly what each processor needs to perform its function on our behalf, under a written data-processing agreement:

  • Stripe Payments Europe, Ltd. (payment processing, fraud screening) — receives your name, email, billing country, and card data entered directly into their fields.
  • Cloud hosting provider (Amazon Web Services, EU region) — stores the WordPress database and uploaded files.
  • Transactional email provider (account confirmations, password resets) — receives your email address and the message body.
  • Analytics & consent-management vendors — only when you have given cookie consent for the relevant category.
  • Regulators & courts — if we receive a binding legal order.
  • Successor entity — in the event of a merger, acquisition, or sale of assets, with prior notice to you where required by law.

6. Cookies

We use cookies and similar storage in four categories. You can review and change your choices at any time via the “Cookies Settings” link in the footer.

  • Strictly necessary — session, authentication, security tokens, language. Always on.
  • Functional — remembers your preferences (watchlists, sort order). Off by default.
  • Analytics — aggregated visit metrics. Off by default.
  • Advertising — we do not currently run advertising cookies on this site; the category is listed for transparency only.

7. International transfers

Our infrastructure is hosted in the European Union. Some of our processors (notably Stripe) operate globally and may transfer data outside the EEA/UK. Where this happens, transfers are protected by the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful safeguard recognised under Article 46 of the GDPR.

8. How long we keep it

  • Account data: while your account is active, plus 12 months after closure (to allow account recovery and dispute resolution).
  • Billing records: 7 years, as required by UK and EU accounting rules.
  • Server logs and security records: typically 30–90 days.
  • Support tickets: 24 months after resolution.

9. Your rights

Under the UK GDPR and EU GDPR you have the right to:

  • Access the personal data we hold about you and receive a copy in a structured, machine-readable format.
  • Correct inaccurate data.
  • Request erasure of your account and associated data (subject to the retention rules in Section 8).
  • Restrict or object to specific processing activities.
  • Withdraw consent for any processing based on consent, at any time.
  • Lodge a complaint with your local supervisory authority — in the UK, the Information Commissioner’s Office.

To exercise any of these rights, write to support@gainxalpha.com from the email address linked to your account. We respond within one month.

10. Security

We use TLS encryption for all traffic, store passwords as salted hashes, isolate the payment flow inside Stripe, run automated dependency scans, and apply the principle of least privilege for staff access. No system on the internet is 100% secure, and we cannot guarantee absolute security — but we will notify you and the competent authority within 72 hours of any personal-data breach as required by Article 33 of the GDPR.

11. Children

The Service is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and through a banner on the site at least 30 days before they take effect. The “Last updated” date at the top reflects the current version.

13. Contact

gAInXalpha
19 Queen Elizabeth Street
London, Southwark, SE1 2LP
United Kingdom
support@gainxalpha.com