Privacy Policy

Edge (the "service") is operated by Marc Vives Sánchez, a sole proprietor based in Spain (the "data controller" under the EU General Data Protection Regulation, "GDPR").

Contact for any data-protection question: hello@edgeplatform.app.

We collect the following categories of personal data:

• Account data:email address, optional display name, language preference, password hash (handled by Firebase Authentication on Google's infrastructure).
• Portfolio and journal data you enter: ticker symbols, share quantities, cost basis, trade notes, watchlist items, alerts. This is the data you actively type into Edge.
• Subscription data: your subscription status (free / pro / institutional), Stripe customer ID, billing history. Payment-card details are stored by Stripe, not by us — we never see your card number.
• Email preferences: opt-in / opt-out flags for the Morning Brief, Weekly Digest, and other emails.
• Usage data: server logs that may contain IP address, user-agent, timestamps, and the URL path you visited. Used for security and debugging.

We do not collect special-category personal data (health, race, political opinions, etc.) and we do not ask you to provide it.

• Contractual necessity (Article 6(1)(b)): to provide the service you signed up for — render your portfolio, send your subscription emails, process your payments.
• Legitimate interest (Article 6(1)(f)): to secure the service against abuse, prevent fraud, and improve the product. Balanced against your rights and freedoms.
• Consent (Article 6(1)(a)): for any analytics cookies and for marketing emails (if any). You can withdraw consent at any time without affecting prior processing.
• Legal obligation (Article 6(1)(c)): to keep tax / accounting records of paid transactions for the period required by Spanish law.

We rely on the following third parties to operate the service. Each is contractually bound to handle your data securely and only on our instructions:

• Google Firebase — authentication, Firestore database, hosted by Google in the EU. (USA-based provider with EU-region hosting and Standard Contractual Clauses.)
• Stripe, Inc. — payment processing. Handles your card details directly under their own privacy policy.
• Vercel, Inc. — application hosting and CDN.
• Resend.com — transactional email delivery (welcome, brief, digest, alerts).
• Anthropic, PBC — AI model provider for Edge Intelligence. Your portfolio context is sent to Anthropic when you ask a question or when your scheduled brief / digest is generated. Anthropic does not train on this data per their API Data Processing Agreement.
• Finnhub and Yahoo Finance— market-data providers. We send only ticker symbols (e.g. "AAPL"), never personal data, when fetching quotes.

Some of these providers are based outside the European Economic Area. Where transfers occur, they are protected by Standard Contractual Clauses approved by the European Commission, or by equivalent safeguards.

• Account and portfolio data: kept as long as your account is active. Deleted within 30 days of account deletion, except where law requires longer retention (e.g. billing records).
• Billing records: retained for the period required by Spanish tax law (typically 6 years).
• Server logs: retained for 30 days.
• Marketing-email opt-in records: retained until you unsubscribe + 12 months for compliance evidence.

Under the GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Eraseyour data ("right to be forgotten"). You can self-serve this from Settings → Account → Delete account.
• Restrict or object to certain processing.
• Data portability — receive your data in a machine-readable format. Email us if you need this; we will respond within 30 days.
• Withdraw consent for any consent-based processing at any time.
• Lodge a complaint with the Spanish data protection authority, Agencia Española de Protección de Datos (AEPD), or with your local supervisory authority if you live in another EU country.

To exercise any of these rights, email hello@edgeplatform.app. We respond to verified requests within 30 days at no charge.

Edge uses the following cookies and similar technologies:

• Strictly necessary: session cookies for authentication, language preference, and security. These do not require consent under GDPR/ePrivacy because they are essential for the service to work.
• Functional:localStorage for UI preferences (sidebar collapsed state, dismissed What's New modal, last prices cache for fast page loads).
• Analytics:Vercel Analytics for aggregate traffic measurement. Only set after you accept the cookie banner. You can withdraw consent at any time by clicking "Reject all" on the banner if you visit the site from a new device.

We do not use advertising cookies, third-party trackers, or cross-site profiling.

Connections to Edge are encrypted in transit (HTTPS / TLS). Authentication and database are managed by Google Firebase with industry-standard access controls. Payment information is handled by Stripe and never touches our servers.

If we ever experience a breach affecting your personal data, we will notify the supervisory authority within 72 hours where required, and we will notify you directly if the breach is likely to result in a high risk to your rights and freedoms.

Edge is not directed at children under 18 and we do not knowingly collect data from anyone under 18. If you believe a minor has registered, email us and we will delete the account.

We may update this policy. Material changes will be announced by email at least 14 days before they take effect. Last update date is shown at the top of this page.

All data-protection questions, access requests, and complaints: hello@edgeplatform.app.