Privacy Policy & Notice at Collection
Prototype draft · Texas and 50-state counsel review required before production
Information collected
Planned categories include identity and account data; authentication and device records; subscription and invoice records; watchlists; manually entered and authorized read-only brokerage holdings and transactions; notification preferences; AI questions and usage metadata; consent records; support communications; and privacy requests. Apertux does not need brokerage passwords and does not store payment-card numbers.
Purposes and minimization
Data is used to operate accounts, provide requested research, calculate holdings-based educational insights, synchronize authorized accounts, process subscriptions, deliver selected notifications, secure the service, comply with law, and improve reliability. Apertux does not use income, debt, age, goals, or risk tolerance to select investments.
Processors and disclosures
Planned processors are Supabase, Stripe, Azure OpenAI, Polygon.io, Resend, SnapTrade, hosting, monitoring, and support vendors. Final contracts, locations, subprocessors, retention, and transfer terms must be published before activation. Portfolio credentials are excluded from AI requests. Apertux does not sell personal data or use it for targeted advertising.
Texas and US privacy rights
Subject to applicable law, users may request access, correction, deletion, portability, consent withdrawal, and appeal of a denied request. Identity verification and authorized-agent procedures will apply. Recognized universal opt-out signals will be honored where legally required even though selling and targeted advertising are not planned.
Retention and deletion
Proposed defaults are deletion from active systems within 30 days and backups within 90 days after a verified request, except records required for security, disputes, tax, accounting, or law. Billing and tax records may be retained for seven years subject to counsel approval. Disconnecting brokerage access revokes consent and begins provider deletion workflows.
Security and incidents
Production controls are described in the Security Overview. No certification is claimed. Apertux will maintain incident response and applicable state breach-notification procedures, including Texas reporting obligations.
Children and contact
The service is intended for adults 18 and older. Privacy requests may be submitted through the Privacy Request page or privacy@apertux.com. Legal questions may go to legal@apertux.com. A production business address and response-time policy must be published before launch.