1. Introduction
From Equations to Capital ("we," "us," "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Platform and Services.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, organization, role, and encrypted password when you create an account.
- Payment Information: Payment data processed by Stripe. We do not store credit card numbers on our servers.
- Profile Information: Optional professional details you provide for personalization.
- Communications: Messages you send to us via contact forms or email.
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, reading progress, Decision Lab analyses started, and Academy course progression.
- Device Information: Browser type, operating system, device type, and screen resolution.
- Log Data: IP address, access timestamps, and referring URLs.
- Cookies: Session cookies for authentication (HttpOnly, SameSite=Lax) and optional analytics cookies.
3. How We Use Your Information
| Purpose | Legal Basis |
|---|
| Provide and maintain the Services | Contract performance |
| Process payments and manage entitlements | Contract performance |
| Personalize your reading and learning experience | Legitimate interest |
| Send transactional emails (receipts, password resets) | Contract performance |
| Analyze usage patterns to improve the Platform | Legitimate interest |
| Detect and prevent fraud or security incidents | Legitimate interest / Legal obligation |
| Comply with legal obligations | Legal obligation |
4. Data Sharing
We do not sell your personal information. We may share data with:
- Stripe: For payment processing only.
- Cloudflare: For hosting, CDN, and edge computing services.
- Your Organization: If you hold an institutional license, your organization's administrator may see your name, email, and access status.
- Legal Requirements: When required by law, regulation, or valid legal process.
5. Data Security
We implement industry-standard security measures including:
- PBKDF2-SHA256 password hashing with 310,000 iterations.
- HttpOnly, Secure session cookies.
- TLS encryption for all data in transit.
- Rate limiting on authentication endpoints.
- Audit logging for sensitive operations.
- Cloudflare DDoS protection and WAF.
6. Data Retention
- Account Data: Retained while your account is active plus 90 days after deletion request.
- Payment Records: Retained for 7 years per financial regulations.
- Usage Analytics: Aggregated data retained indefinitely; individual-level data retained for 24 months.
- Audit Logs: Retained for 3 years.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Deletion: Request deletion of your account and associated data.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Restriction: Request restricted processing in certain circumstances.
To exercise these rights, contact privacy@equationstocapital.com.
8. International Data Transfers
Our Services are hosted on Cloudflare's global network. Data may be processed in the United States and other jurisdictions where Cloudflare operates. We rely on Cloudflare's data processing agreements and standard contractual clauses for cross-border transfers.
9. Children's Privacy
The Services are not intended for users under the age of 16. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by posting a notice on the Platform or sending an email to your registered address.
11. Contact
For privacy-related inquiries, contact us at privacy@equationstocapital.com.