Skip to main content

Privacy Policy

Last Updated: January 1, 2025 Effective Date: January 1, 2025 This Privacy Policy describes how Blotter Inc. (“Rallies,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use our website, mobile application, and services (collectively, the “Service”). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Information You Provide

  • Account Information: Email address, password (encrypted), name (optional)
  • Profile and Preferences: Watchlists, portfolio holdings, notification preferences, alert settings
  • Communications: Support messages, feedback, AI chat history
  • Payment Information: Billing name/address, payment details (processed by Stripe; we do not store full card numbers) [REVIEW REQUIRED: Confirm Stripe handles all payment data]

Information Collected Automatically

  • Device/Technical Info: Device type, OS, browser, IP address, device identifiers
  • Usage Information: Pages accessed, time spent, clickstream data, search queries
  • Cookies: Session, preference, and analytics cookies (see Section 6)

Information from Third Parties

Brokerage Data via Plaid [REVIEW REQUIRED: Verify Plaid integration details] When you connect a brokerage: holdings, positions, cost basis, and transaction history. We never receive or store your brokerage login credentials. Social Login: If using Google/Apple sign-in, we receive email and name (if provided).

2. How We Use Your Information

  • Provide Service: Create accounts, display portfolios/watchlists, power AI research, send alerts, process payments, provide support
  • Improve Service: Analyze usage, fix bugs, develop features, train AI models
  • Communicate: Service updates, support responses, marketing (with consent), security alerts
  • Safety/Security: Fraud detection, unauthorized access prevention, ToS enforcement, legal compliance
We may use anonymized conversation data to improve AI models with safeguards to remove PII and prevent memorization. Opt out by emailing [email protected].

3. How We Share Your Information

Service Providers

Provider TypePurposeData Shared
StripePaymentsBilling information
PlaidBrokerage connectionsAuth tokens
Cloud hostingInfrastructureEncrypted data
Email servicesNotificationsEmail, preferences
AnalyticsUsage analysisAnonymized data
[REVIEW REQUIRED: List all vendors and ensure DPAs in place]

We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties. We may disclose information for court orders, subpoenas, government requests, or protecting rights/safety.

Business Transfers

Your information may transfer in mergers/acquisitions. We will notify you before any privacy policy changes.

4. Data Retention

Active Accounts: Data retained while account is active. After Deletion: Personal data deleted within 30 days; backups purged within 90 days; anonymized data may be retained; legal records kept as required. [REVIEW REQUIRED: Verify retention periods]

5. Data Security

Technical Measures

  • TLS/HTTPS encryption in transit
  • AES-256 encryption at rest
  • Secure password hashing (bcrypt)
  • Regular security audits

Organizational Measures

  • Need-to-know employee access
  • Security training
  • Incident response procedures
[REVIEW REQUIRED: Standard security disclaimer] No transmission method is 100% secure. We cannot guarantee absolute security.

6. Cookies and Tracking

Essential Cookies: Authentication, security, basic functionality Preference Cookies: Settings, language preferences Analytics Cookies: Usage understanding, UX improvement [REVIEW REQUIRED: List specific tools] Your Choices: Control via browser settings, cookie preference center, or “Do Not Track” signals.

7. Your Privacy Rights

  • Access/Portability: View and download your data via Account Settings
  • Correction: Update information in account settings
  • Deletion: Delete your account anytime
  • Opt-Out: Marketing, AI training, non-essential cookies

State-Specific Rights [REVIEW REQUIRED: Add CCPA, VCDPA compliance details]

California (CCPA): Right to know, delete, opt-out of “sale,” non-discrimination Virginia, Colorado, Connecticut: [REVIEW REQUIRED: Add specific requirements]

8. Children’s Privacy

Rallies is not for children under 18. We do not knowingly collect information from minors. Contact [email protected] if you believe a child provided information.

9. International Data Transfers

Rallies is US-based. Data from outside the US is transferred to and processed in the US. [REVIEW REQUIRED: Add SCCs or transfer mechanisms for EU users]
The Service may link to third-party sites. We are not responsible for their privacy practices.

11. Changes to This Policy

Material changes will be communicated via email or in-app notice. Continued use after changes constitutes acceptance.

12. Contact Us

Email: [email protected] Mail: Blotter Inc. [REVIEW REQUIRED: Insert address] Response time: Within 30 days.

13. Additional Information

  • Contract: Providing services
  • Consent: Marketing, optional features
  • Legitimate interests: Security, fraud prevention, improvement
  • Legal obligation: Compliance

Data Protection Officer [REVIEW REQUIRED: Determine if DPO required]