Moneyvize Privacy Policy

This Privacy Policy describes how Harmin Software Solutions Inc. (referred to as "Harmin Software Solutions," "we," "us," or "our"), the parent company of Moneyvize, collects, uses, processes, and shares your personal information when you use the Moneyvize web application (moneyvize.com) and its related services (collectively, the "Service").

Harmin Software Solutions Inc. is federally incorporated in Canada. Moneyvize is available to users in the USA, Canada, and worldwide. We are committed to protecting your privacy and handling your personal information with care and transparency, in compliance with applicable global data protection laws, including:

• The Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.
• The General Data Protection Regulation (GDPR) for users in the European Union (EU) and European Economic Area (EEA).
• Key US state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Utah Consumer Privacy Act (UCPA), and the Connecticut Data Privacy Act (CTDPA).

1. Definitions

To help you understand this policy, here are some key definitions:

Personal Information: Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes, but is not limited to, your name, email address, and IP address. Even data points that may seem "non-personal" can become Personal Information when combined or linked to an identifiable individual.

Sensitive Personal Information: A subset of Personal Information that requires stricter protection under certain laws. This may include, but is not limited to, racial or ethnic origin, religious beliefs, health diagnosis, financial information (e.g., account login, debit/credit card number in combination with security code), precise geolocation data, genetic data, or biometric data.

Processing: Any operation or set of operations performed on Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Information. For the purposes of this Privacy Policy, Harmin Software Solutions Inc. is the Controller of your Personal Information.

Processor: A natural or legal person, public authority, agency, or other body which processes Personal Information on behalf of the Controller.

2. Information We Collect

We collect various types of information to provide and improve our Service.

2.1. Information You Provide Directly

When you interact with our Service, you may provide us with the following Personal Information:

• Account Registration Data: When you choose to sign up or sign in using a third-party authentication provider like Google, we may collect your Name, Email address, and Profile picture (if applicable), subject to your consent. This information is used solely for authentication and account management purposes.
• Communication Data: Information you provide when you contact us for support, send us feedback, or communicate with us via email (e.g., contactus@moneyvize.com).
• User Preferences: Any settings or preferences you configure within the Moneyvize application that may be associated with your account to personalize your experience.

2.2. Information Collected Automatically (Usage Data)

When you access and use the Service, we may automatically collect certain information about your device and usage patterns through cookies and similar tracking technologies. This information, even if individually considered "non-personal," can, when combined or linked, constitute Personal Information under applicable privacy laws. This may include:

• Device and Usage Information: Your IP address (anonymized where possible), browser type and version, device type and operating system, referring/exit pages, pages viewed, time spent on pages, interaction with Moneyvize features, and general usage statistics.
• AI-Powered Feature Data: Information about your interactions with our AI-powered earnings highlights feature, such as viewed stocks or saved preferences, which may be used to generate personalized insights.

2.3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (e.g., pixels, web beacons) to improve website performance, enhance user experience, and for analytics purposes.

What are cookies? Cookies are small text files placed on your device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

How we use them: We use both session cookies (which expire when you close your browser) and persistent cookies (which stay on your device until they expire or you delete them) for various purposes, including:

• Strictly Necessary Cookies: Essential for the operation of our Service (e.g., enabling secure login).
• Functional Cookies: To remember your preferences and settings (e.g., language, layout).
• Analytics Cookies: To understand how users interact with our Service, identify areas for improvement, and monitor performance.
• Advertising/Targeting Cookies: (If applicable in the future) To deliver relevant advertisements to you.

Your Choices: You can control or disable cookies through your browser settings. However, please be aware that some features of our Service may not function properly if cookies are disabled. For third-party cookies, you may need to visit their respective websites to manage your preferences.

2.4. Information from Third Parties

We do not currently receive Personal Information from third parties for the purpose of enriching your profile beyond what is provided through Google Sign-In. If this practice changes in the future, we will update this Privacy Policy and, where required, obtain your consent.

3. How We Use Your Information (Purposes and Legal Bases)

We use the Personal Information we collect for the following specific, explicit, and legitimate purposes. For users in the EU/EEA, we rely on the following legal bases under the GDPR:

Purpose of Collection/Processing	Legal Basis for Processing (GDPR)
To Provide and Maintain the Service: To authenticate users, manage accounts, provide access to and display financial statements, fundamentals, news, AI-powered earnings highlights, analyst ratings, and price charts, and deliver the core functionalities of the Moneyvize webapp.	Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
To Improve and Personalize the Service: To analyze usage patterns, understand user behavior, improve user experience, and enhance the overall functionality and performance of the website. This includes using usage data for internal analytics and product development.	Legitimate Interest: Our legitimate interest in improving our Service, understanding user needs, and ensuring optimal performance, provided your data protection rights are not overridden.
To Provide AI-Powered Features: To generate "AI powered earnings highlights" and personalize content based on your interactions with the AI features (future), viewed stocks (future), or saved preferences (future). This may involve profiling to deliver tailored insights.	Legitimate Interest: Our legitimate interest in providing innovative and personalized features. Consent: Where such processing constitutes "profiling" that produces legal or similarly significant effects, or for targeted advertising, we will obtain your explicit consent.
For Security and Fraud Prevention: To maintain the security, integrity, and stability of the Moneyvize webapp, detect and prevent fraudulent activities, and protect against unauthorized access or misuse of user accounts and data.	Legitimate Interest: Our legitimate interest in protecting our Service and users from security threats and fraud. Legal Obligation: Where required to comply with legal obligations related to security.
To Communicate with You: To respond to your inquiries, provide customer support, and send essential service-related communications (e.g., updates, security alerts).	Contractual Necessity: To fulfill our obligations under the terms of service. Legitimate Interest: To provide effective customer support and manage our relationship with you.
For Marketing and Advertising (Future): If we implement advertising, we may use user profiles for advertising purposes. This will be done with clear transparency and appropriate consent mechanisms.	Consent: For direct marketing, targeted advertising, or profiling for advertising purposes, we will obtain your explicit, opt-in consent where required by law.
To Comply with Legal Obligations: To comply with applicable laws, regulations, legal processes, or governmental requests.	Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

4. How We Share Your Information

We do not sell your Personal Information to third parties. We may share your information with the following categories of third parties only for the purposes described in this Privacy Policy:

Service Providers: We engage third-party companies and individuals to facilitate our Service, provide the Service on our behalf, perform Service-related services (e.g., analytics, hosting, customer support, infrastructure providers), or assist us in analyzing how our Service is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We enter into legally binding Data Processing Agreements (DPAs) or similar contracts with all service providers to ensure they process data only on our instructions, in compliance with this Privacy Policy and all applicable laws, and implement adequate security measures.

For Legal Compliance and Protection: We may disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or a government agency). We may also disclose your information in the good faith belief that such action is necessary to:

• Comply with a legal obligation.
• Protect and defend the rights or property of Harmin Software Solutions Inc.
• Prevent or investigate possible wrongdoing in connection with the Service.
• Protect the personal safety of users of the Service or the public.
• Protect against legal liability.

Business Transfers: In the event that Harmin Software Solutions Inc. is involved in a merger, acquisition, or asset sale, your Personal Information may be transferred. We will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Policy.

5. International Data Transfers

As a Canadian-federally incorporated company, Moneyvize operates globally. This means your Personal Information may be stored and processed in Canada, the United States, or other countries where our service providers are located. When we transfer your Personal Information across international borders, we take steps to ensure that your data receives an adequate level of protection consistent with applicable privacy laws.

For EU/EEA Users:

• Adequacy Decisions: We may transfer data to countries that the European Commission has deemed to provide an "adequate" level of data protection. Canada has an adequacy decision for PIPEDA-covered data, which facilitates transfers from the EU/EEA to Canada.
• Standard Contractual Clauses (SCCs): In the absence of an adequacy decision, we utilize Standard Contractual Clauses (SCCs) approved by the European Commission as a legal mechanism for data transfers. These clauses impose contractual obligations on the data importer to protect the data.
• Transfer Impact Assessments (TIAs): For transfers to countries without an adequacy decision (such as the United States), we conduct Transfer Impact Assessments (TIAs) to evaluate whether the legal framework of the destination country provides an "essentially equivalent" level of protection to GDPR, particularly concerning government surveillance access to data. Where necessary, we implement "additional safeguards" (e.g., robust encryption, pseudonymization) to ensure the protection of your data.

For Canadian Users: We remain accountable for your Personal Information even when it is transferred outside Canada for processing. We ensure that appropriate safeguards are in place and that the receiving entity provides a comparable level of protection. We will inform you about the purpose of the transfer, the destination of the data, and the measures in place to protect it.

For US Users and Other International Users: Your data may be processed in accordance with Canadian privacy standards, which may differ from your local regulations. We strive to apply a high standard of data protection globally, aligning with the most stringent requirements where feasible.

6. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Information. We are committed to honoring these rights and providing mechanisms for you to exercise them:

• Right to Know/Access: You have the right to confirm whether we are processing your Personal Information and to request information about the categories and specific pieces of Personal Information we have collected about you, the sources from which it was collected, the purposes for collection, and the categories of third parties with whom it is shared or sold.
• Right to Correct/Rectify: You have the right to request the correction of inaccurate Personal Information we hold about you.
• Right to Delete/Erasure: You have the right to request the deletion of your Personal Information, subject to certain exceptions (e.g., if we are legally required to retain it, or to complete a transaction).
• Right to Data Portability: You have the right to obtain a copy of your Personal Information in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where technically feasible.
• Right to Opt-Out of Sale/Sharing: You have the right to direct us to stop selling or sharing your Personal Information, particularly for cross-context behavioral advertising. If applicable, we will provide a prominent "Do Not Sell or Share My Personal Information" link on our homepage.
• Right to Opt-Out of Targeted Advertising/Profiling: You have the right to opt-out of the processing of your Personal Information for targeted advertising and certain profiling activities that produce legal or similarly significant effects concerning you.
• Right to Limit Use and Disclosure of Sensitive Personal Information: For California residents, you have the right to direct us to limit the use and disclosure of your Sensitive Personal Information for certain purposes.
• Right to Object: For GDPR users, you have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights:

To exercise any of these rights, please contact us using the contact information provided in Section 11 of this Privacy Policy. We may require you to verify your identity before fulfilling your request to ensure the security of your Personal Information. We will respond to your request within the timeframes required by applicable law (e.g., 45 days for CCPA/CPRA requests, with a possible 45-day extension if communicated).

7. Data Security

We are committed to protecting the security of your Personal Information. We implement a range of industry-standard technical and organizational security measures designed to protect against unauthorized access, alteration, disclosure, or destruction of your Personal Information. These measures include:

• Encryption: We use encryption for data in transit (e.g., TLS/SSL) and at rest to protect your information.
• Access Controls: We implement strict access controls and the principle of least privilege, ensuring that only authorized personnel have access to Personal Information on a need-to-know basis.
• Pseudonymization: Where appropriate, we use pseudonymization to reduce the direct identifiability of data.
• Regular Testing and Audits: We regularly test and evaluate the effectiveness of our security measures to identify and address vulnerabilities.
• Resiliency Measures: We maintain procedures for data backup and restoration to ensure data availability and integrity in case of unforeseen events.
• Employee Training: Our employees receive regular training on data protection best practices and our internal privacy policies.
• Data Processing Agreements: We require third-party service providers to comply with our security standards through legally binding data processing agreements.

Data Breach Notification:

In the unlikely event of a data breach involving your Personal Information, we have a comprehensive response plan in place. We will promptly detect, contain, assess, and notify affected users and relevant regulatory authorities within mandated timelines, as required by applicable laws (e.g., 72 hours for GDPR; CCPA/CPRA includes specific liability for data breaches resulting from inadequate security).

8. Data Retention

We retain your Personal Information only for as long as necessary to fulfill the specific purposes for which it was collected, or as required by applicable legal and regulatory obligations. Our internal data retention policies define precise periods based on legal, regulatory, and business requirements.

When your Personal Information is no longer needed, we employ secure methods for its disposal, such as anonymization, secure deletion, or physical destruction, to prevent unauthorized access or use.

9. Children's Privacy

Moneyvize is not directed to individuals under the age of 13, and we do not knowingly collect Personal Information from children under 13. If you are a parent or guardian and you become aware that your child has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children under 13 without verification of parental consent, we take steps to remove that information from our servers.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated "Effective Date" at the top of the policy. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any modifications to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

11. Contact Us

12. Your Acceptance of This Policy