Privacy Policy – Cipher Stock GPT
Last updated: 12 December 2025
Applicable to: users of the custom GPT “Cipher Stock” and the associated API.
1. Data Controller
The data controller for processing described in this Privacy Policy is:
Decuseara Adrian Sorin PFA
Adress: Iasi, Romania, European Union (EU)
Email: supportcipherstock@gmail.com
Replace these fields with your real legal / business details before publishing.
2. What this tool does
The “Cipher Stock” GPT is a financial analysis tool that:
- Receives prompts and parameters from you (for example: tickers, budget, horizon).
- Calls a backend API that retrieves market data from third-party providers (e.g. Alpaca).
- Applies technical analysis and pattern rules to generate buy/sell/hold style outputs.
The purpose is strictly to provide automated technical analysis and informational output. It is not individualized investment advice and should not be treated as such.
3. Categories of data we process
3.1. Data you actively provide
- Text prompts and instructions you send inside the GPT interface.
- Stock symbols / tickers (e.g. “NVDA”), horizons, budget amounts, and other parameters.
3.2. Data generated by the system
- Internal logs of API requests (for debugging, security, and capacity planning).
- Derived technical indicators and scores for a given ticker (e.g. patterns, trend slope).
3.3. Technical and usage data
When the backend API is called, our hosting provider(s) may automatically collect and log:
- IP address of the calling service / infrastructure (not necessarily your device).
- Timestamp, HTTP method, response codes, and performance metrics.
- Basic device / runtime information at the infrastructure level.
We do not deliberately attempt to identify you personally from these logs, but such data may still be considered personal data under GDPR in some circumstances.
3.4. Billing and payment-related data
If you purchase credits, we process limited billing data needed to create and reconcile payments.
- Billing email address you provide during checkout.
- Purchased package size and credits granted.
- Payment status and transaction identifiers (for example Stripe checkout session IDs and webhook event IDs).
- Credit wallet balance and ledger entries related to purchased and consumed credits.
We do not store full card numbers or card security codes on our servers. Card payment details are handled by Stripe.
4. Sources of data
- You, via the GPT conversation and provided parameters.
- OpenAI, as the GPT platform provider, which transmits your prompts to our actions.
- Market data providers (e.g. Alpaca), which supply stock price and news data.
5. Purposes and legal bases
5.1. Providing the stock analysis functionality
- Purpose: to respond to your prompts and generate stock analysis results.
- Legal basis (GDPR Art. 6(1)(b)): performance of a contract / providing the service you requested.
5.2. Security, abuse prevention, and debugging
- Purpose: to ensure the stability and security of the service and to detect misuse.
- Legal basis (GDPR Art. 6(1)(f)): legitimate interests in operating and improving our services.
5.3. Anonymized analytics (if used)
- Purpose: to understand high-level usage patterns (e.g. most requested tickers).
- Legal basis: legitimate interests, with data minimized and, where possible, anonymized.
5.4. Billing, payment reconciliation, and fraud prevention
- Purpose: to process credit purchases, verify payment completion, prevent duplicate crediting, and support billing inquiries.
- Legal basis (GDPR Art. 6(1)(b)): performance of a contract for paid credits.
- Legal basis (GDPR Art. 6(1)(f)): legitimate interests in fraud prevention, accounting integrity, and service security.
6. Data retention
We keep technical logs and derived analysis data only for as long as necessary for the purposes described above, including security, debugging, and capacity planning. Retention periods may vary based on infrastructure configuration, but we aim to:
- Keep application and access logs for a limited period, typically not exceeding 12 months.
- Not store your prompts longer than needed to operate, monitor, and improve the tool.
- Keep billing and transaction records for as long as necessary for accounting, dispute handling, and legal obligations.
OpenAI may have its own retention periods for prompts and outputs. Please refer to OpenAI’s own Privacy Policy for details on how OpenAI handles your data within the GPT platform.
6A. Credit usage and refund policy
- 1 credit = 1 symbol analysis.
- 10 credits = 10 symbol analyses (and similarly for any other package size).
- Not every user question or chat message consumes credits. Credits are deducted only for requests that trigger symbol analysis through the API.
- Purchased credits are non-refundable in money.
- In case of a billing dispute or crediting error, we may restore credits to the user's account associated with a valid email stored in our database.
- The restored amount will be equivalent to the original purchased credit amount, based on the purchased package.
7. Sharing of data and third parties
We may share or allow access to your data with the following categories of recipients:
- OpenAI, as the provider of the GPT platform. Your prompts and tool outputs are processed by OpenAI’s systems in order to generate responses.
- Stripe, as payment processor for checkout and card payments. Stripe processes payment details according to its own privacy policy and terms.
- Market data providers (e.g. Alpaca), to fetch real-time or historical market and news data.
- Cloud hosting providers (e.g. Google Cloud Platform / Cloud Run, Cloud SQL), which host the API and database.
- Service providers such as logging or monitoring tools used for security and reliability.
We do not sell your personal data to third parties.
8. International data transfers
Because OpenAI, cloud providers, and market data providers may operate globally, your data may be processed in countries outside the European Economic Area (EEA). Where data is transferred outside the EEA, we rely on appropriate safeguards, such as standard contractual clauses, to protect your personal data, where applicable.
9. Security
We implement appropriate technical and organizational measures designed to protect your data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, no system can be guaranteed to be 100% secure, and you should not use this tool to share highly sensitive personal information.
10. Your rights (for EU / EEA users)
Under the GDPR, you may have the following rights in relation to your personal data, subject to certain conditions and limitations:
- Right of access (to know if we process data about you).
- Right to rectification (correction of inaccurate data).
- Right to erasure (“right to be forgotten”).
- Right to restriction of processing.
- Right to data portability.
- Right to object to certain processing activities based on legitimate interests.
- Right to lodge a complaint with a supervisory authority (for example, in Romania: ANSPDCP).
To exercise your rights, please contact us at supportcipherstock@gmail.com.
11. Children’s data
This tool is intended for use by adults and is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal information, please contact us so that we can take appropriate action.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example to reflect changes in legislation, technology, or our services. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically.
13. Contact
If you have any questions about this Privacy Policy or how your data is processed when using the “Cipher Stock” GPT, please contact:
Email: supportcipherstock@gmail.com