Privacy Policy

How we protect your data and maintain your privacy

Last updated: 01 October 2025

1. Introduction

1.1 Scope and Applicability

This Privacy Policy ("Policy") describes how AdvEngine Inc. ("AdvEngine," "Company," "we," "us," or "our") collects, uses, shares, and protects Personal Information through our public-facing website at https://advengine.com (the "Website") and in connection with our sales, marketing, and support activities.

This Policy applies to Personal Information we gather when you access or use our Website. It does not govern the processing of "Client Data" within our AI-powered platform (the "Service") when used by enterprise or paying customers.

The processing of Client Data through our Service is governed exclusively by the Master Service Agreement (MSA), Data Processing Addendum (DPA), and other commercial agreements executed with our clients. The principles outlined in Section 4 of this Policy provide transparency into our core data protection commitments, but the MSA and DPA shall control in the event of any conflict.

By accessing our Website, you acknowledge that you have read and agree to this Policy and our Terms and Conditions.

1.2 Key Definitions

Personal Information: Information that identifies, relates to, or could reasonably be linked to a particular individual. This Policy governs our collection of Personal Information from website visitors and individuals who contact us.

Client Data: Financial information, research materials, investment data, and other content that our clients and their authorized users provide to our Service for processing.

Anonymized Data: Data processed to irreversibly prevent identification of any individual.

Aggregated Data: Information combined from multiple users and analyzed as a whole, such that no individual can be identified.

Usage Data: De-identified metadata about Service usage, performance metrics, and technical data.

2. Information We Collect

2.1 Information You Provide Directly

Contact and Professional Information: When you request a demo, contact us, subscribe to updates, or register for an account, we collect your name, email address, phone number, company name, job title, and any information you choose to provide.

Account Information: For Service access, we collect information to create and manage your account, including name, email, credentials, and preferences.

Communication Records: We maintain records of support requests, feedback, and inquiries, including message content and metadata.

Payment Information: We use third-party payment processors for transactions. We do not store complete credit card numbers; payment data is handled directly by processors under their privacy policies.

2.2 Information Collected Automatically

Log and Usage Data: We automatically collect IP address, browser type, operating system, device characteristics, referring URLs, pages visited, and visit timestamps. This data maintains Website security and supports internal analytics.

Cookies and Tracking Technologies: We use cookies, pixels, and similar technologies to operate our Website and understand usage patterns. Here is a summary of possible cookie types (note: this does not imply we use these cookies):

  • Essential Cookies: Required for basic functionality (cannot be disabled).
  • Performance Cookies: Analyze usage and improve functionality (aggregated/anonymous).
  • Functional Cookies: Remember your preferences for enhanced features.
  • Advertising Cookies: Deliver relevant advertisements and track browsing across sites.

Manage cookie preferences through our Cookie Preference Center.

Location Information: We derive general geographic location from IP addresses for security (detecting unusual activity) and experience customization. We do not collect precise geolocation without explicit consent.

2.3 Information from Third Parties

Employers: If you access the Service through an employer-provided account, we may receive your information from them.

Business Partners: We may receive information from marketing and advertising partners about your engagement with our content.

Financial and other Data Providers: Our Service integrates with third-party financial and other data providers. Data flows through our platform for processing as described in Section 4.

3. How We Use Personal Information

We process Personal Information only when we have a valid legal basis under applicable law.

To Provide and Maintain the Service: To fulfill contractual obligations, manage accounts, provide access, process transactions, and deliver support.

Lawful Basis (GDPR): Performance of a Contract

To Improve and Personalize: We analyze usage patterns to understand behavior, troubleshoot issues, and enhance user experience.

Lawful Basis (GDPR): Legitimate Interest

Security and Fraud Prevention: To verify identity, prevent fraud and unauthorized access, investigate illegal activities, and enforce our policies.

Lawful Basis (GDPR): Legitimate Interest; Legal Obligation

Service Communications: We send essential technical notices, security alerts, and administrative messages. These are part of the Service and cannot be opted out of.

Lawful Basis (GDPR): Performance of a Contract; Legitimate Interest

Marketing: With your consent or where permitted, we send promotional communications. You may opt out at any time.

Lawful Basis (GDPR): Consent; Legitimate Interest (with opt-out)

Legal Compliance: To comply with laws, regulations, court orders, and lawful government requests.

Lawful Basis (GDPR): Legal Obligation

4. Client Data and AI Processing for Financial Services

Protecting Client Data is our paramount obligation. This section outlines our core commitments regarding financial information, investment data, and research materials processed through our Service. For paying clients, these commitments are contractually enforced through the MSA, DPA and other relevant agreements.

4.1 The Nature of Client Data in Financial Services

Client Data includes, but is not limited to, financial documents, investment analysis, portfolio data, market data, and queries or prompts provided to our AI agents, unless such information is already publicly available. You retain all ownership rights to your Client Data.

4.2 Critical Commitment: No Training on Client Data

Notwithstanding any other provision in this Policy, we will NEVER use Client Data to train, retrain, or otherwise improve our AI models or any third-party AI models.

Client Data is processed exclusively to deliver the Service to you. It is never:

  • Used to improve our general AI models.
  • Shared with other clients without your permission.
  • Used for research or product development (except as aggregated/anonymized Usage Data per Section 4.5).
  • Provided to AI model providers for their training purposes.

This prohibition is contractually enforced with all sub-processors and AI service providers we engage.

4.3 Financial Services Data Security Architecture

Data Flow and Processing: Data is transmitted to our infrastructure using the latest versions of TLS encryption, processed by our AI agents, and stored encrypted at rest (AES-256 or stronger).

Access Controls: We implement strict role-based access controls and a Zero Trust security model. Our technical staff may access Client Data only when necessary for technical support at your request, to troubleshoot critical issues, or to comply with legal obligations, under logged and audited conditions.

Special Deployment Options: We offer tailored deployment solutions, including private cloud deployments, under separate agreements to meet the strictest privacy and security requirements.

4.4 Third-Party AI Service Providers

We use third-party AI foundation models (e.g., from OpenAI, Anthropic, Alphabet, xAI) to power our Service.

4.5 Usage Data for Service Improvement

We collect anonymized and aggregated metadata about Service usage (e.g., feature usage patterns, performance metrics) to improve our Service. This Usage Data cannot be used to identify any individual.

4.6 Material Non-Public Information (MNPI)

You are strictly prohibited from providing Material Non-Public Information to the Service. As stated in our Terms and Conditions, you represent and warrant that any information you provide is either publicly available or you have all necessary rights and consents.

4.7 Data Retention

For Trial and Other Non-Paying Users: It is our standard practice to delete Client Data 90 days after the completion of the trial (or other relevant) period. However, copies of such data may be retained in backup systems that are segregated from active systems and are maintained under strict privacy and security requirements. Data may also be retained beyond this period if required by law or regulation. You may request deletion of your data at any time by contacting legal@advengine.com.

For Paying Clients: Retention is governed by your MSA. Upon termination of your agreement, Client Data is deleted in accordance with the terms of your MSA.

5. How We Share Information

We do not sell Personal Information or Client Data. We share information only in these limited circumstances:

Service Providers and Sub-processors: We engage third-party vendors for cloud hosting, payment processing, analytics, and email delivery. These providers are contractually obligated to protect information and may only use it to provide services to us. A list of our material sub-processors is available to clients upon request.

AI Service Providers: As described in Section 4.4, we use AI foundation model providers under strict contractual protections that prohibit model training.

Business Transfers: In a merger, acquisition, bankruptcy, or asset sale, your information may be transferred. We will use reasonable efforts to ensure the acquiring entity honors this Policy.

Legal Requirements: We disclose information when required by law, regulation, or valid legal process.

With Your Consent: We share information with third parties when you explicitly direct us to do so.

6. Data Security

We maintain a comprehensive security program with administrative, technical, and physical safeguards to protect Personal Information and Client Data. We are committed to achieving and maintaining industry standard certifications to provide independent validation of our security controls.

Technical Measures:

  • Encryption: Data is encrypted in transit using industry-standard protocols (e.g., latest versions of TLS) and at rest (e.g., AES-256 or stronger).
  • Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), and least-privilege access principles.
  • Vulnerability Management: Regular security scanning, penetration testing, and risk assessments.
  • Monitoring: Continuous monitoring for suspicious activity and security incidents.

Organizational Measures:

  • Mandatory security awareness training for all employees.
  • Background checks for personnel with access to sensitive systems.
  • Strict confidentiality obligations and non-disclosure agreements.
  • Incident response procedures and breach notification protocols.

Disclaimer: While we implement robust security measures, no system is perfectly secure.

7. Data Retention

We retain Personal Information only as long as necessary for the purposes described in this Policy and to comply with legal obligations. When we no longer need Personal Information, we securely delete or anonymize it.

8. Your Privacy Rights

8.1 General Rights

Access and Correction: You may request access to or correction of your Personal Information.

Deletion: You may request deletion of your Personal Information, subject to legal and business exceptions.

Communication Preferences: Opt out of promotional emails via the "unsubscribe" link.

8.2 Region-Specific Rights (EEA/UK, U.S. states incl. California, Canada, etc.)

Depending on where you live, local laws may grant additional rights. We are committed to robust privacy protections for all our users and, where feasible, extend the rights available under key regulations to all individuals, regardless of their location. To exercise your rights, contact us at legal@advengine.com. We will respond in accordance with applicable law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your residence, e.g. transferred to United States or Canada. For transfers of personal data from the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we implement appropriate safeguards.

10. Children's Privacy

Our Service is not intended for individuals under 16. We do not knowingly collect information from children under 16. In addition, our Service is not intended for any other age groups that, by applicable law, are prohibited from accessing or using our Service. We do not knowingly collect information from individuals in any such restricted age groups. If we learn we have inadvertently collected information from a person under 16 or from anyone who is legally prohibited from using our Service due to their age, we will delete it promptly. If you believe a child under 16 or an individual from a legally restricted age group has provided us information, contact us at legal@advengine.com.

11. Third-Party Links

Our Website may link to third-party websites. We are not responsible for their privacy practices.

12. Changes to This Policy

We may update this Policy to reflect changing legal, technical, or business developments. When we update the Policy, we will post the revised version on this page and update the "Last Updated" date.

13. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, please contact:

AdvEngine Inc.
Privacy Officer
Email: legal@advengine.com