stoxhub.← Back to home

Privacy Policy

Last updated : May 22, 2026

1. Overview

This Privacy Policy explains how stoxhub (the "Service", "we", "us") handles your personal data when you use stoxhub.xyz. We are committed to protecting your privacy and being transparent about what we collect, why, and what your rights are.

For any privacy question: hello@stoxhub.xyz

2. What data we collect

When you use the Service, we may collect:

  • Account data : email address, password (hashed — we never store your plain password)
  • Profile / onboarding data : information you provide during the chat (= age, financial goals, holdings, monthly savings)
  • Chat data : messages you send to Donnie, our AI assistant, and Donnie's replies
  • Technical data : IP address (hashed for rate-limiting and abuse prevention), browser type, device type, pages visited
  • Usage analytics : page views, clicks, time on page, feature engagement

We do NOT collect : sensitive personal data (race, religion, health, etc.), payment card numbers (no paid tier yet), or data from minors (= 18+ only).

3. How we use your data

  • Operate the Service (GDPR Article 6(b) — contract performance) : authenticate you, generate AI replies, build your personalized plan, save your progress
  • Improve the Service (GDPR Article 6(f) — legitimate interest) : aggregate analytics, bug fixes, abuse prevention, model performance monitoring
  • Communicate with you (Article 6(b)) : transactional emails (= password reset, account notifications)
  • Legal compliance (Article 6(c)) : respond to lawful requests, prevent fraud

We do NOT sell your personal data. Ever.

4. Who we share your data with

We use the following third-party providers to operate the Service. Each has signed Data Processing Agreements with us where applicable:

ProviderPurposeRegion
ConvexDatabase + backend infrastructureEU (Ireland)
VercelWeb hostingUS (global edge)
OpenRouter + LLM providers (Google, Mistral, Meta, Xiaomi)AI inference for DonnieVarious (US / EU)
ResendTransactional emailsUS
PostHogProduct analyticsEU (Frankfurt)

All transfers outside the EU rely on Standard Contractual Clauses (SCCs) or equivalent legal safeguards per GDPR Chapter V.

5. How long we keep your data

  • Account data : until you delete your account
  • Chat history : until you delete your account
  • Anonymous landing chat : 90 days, then deleted automatically
  • Technical logs / IP rate-limit data : 30 days
  • Backups : 90 days

After account deletion, your personal data is removed within 30 days, except where retention is required by applicable law.

6. Your rights (GDPR)

You have the right to:

  • Access — request a copy of your personal data
  • Rectify — correct inaccurate data
  • Erase — request deletion of your data (right to be forgotten)
  • Restrict — limit how we process your data in certain cases
  • Portability — receive your data in a structured, machine-readable format
  • Object — to processing based on legitimate interest
  • Withdraw consent — at any time where consent is the legal basis
  • Not be subject to fully automated decisions with significant effect

To exercise any of these rights, email hello@stoxhub.xyz. We respond within 30 days.

EU users have the right to lodge a complaint with their local supervisory authority (e.g., CNIL in France, DPA equivalent in your country).

7. Automated decision-making

Donnie (the AI) generates investment ideas and personalized plans, but it does NOT make decisions that produce legal effects on you (= we don't open trades, we don't make binding recommendations). You retain full control over every decision.

Under GDPR Article 22, you have the right to obtain human review of any AI-generated output that significantly affects you. Contact us to request review.

8. Cookies

We use:

  • Essential cookies : to authenticate you and remember your session (= cannot be disabled without breaking the Service)
  • Analytics cookies (PostHog) : to understand product usage. First-party only, no advertising.

We do NOT use third-party advertising or tracking cookies. You can disable analytics cookies in your browser settings.

9. Security

We protect your data through:

  • HTTPS encryption in transit
  • Password hashing (= we never see your plain password)
  • Rate limiting and bot detection
  • Access controls on our infrastructure
  • Regular security audits of our codebase

No system is perfectly secure. If we discover a data breach affecting you, we will notify you within 72 hours per GDPR Articles 33-34.

10. Children

stoxhub is not directed to anyone under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us so we can delete it.

11. International users

stoxhub is accessible globally. By using the Service from outside the EU, you consent to the transfer of your data to the regions listed in section 4, subject to the safeguards described.

12. Changes to this policy

We may update this Privacy Policy from time to time. If changes are material (= affect how we collect or process your data), we will notify registered users by email at least 14 days before the changes take effect.

13. Contact

For any privacy question, request, or concern: hello@stoxhub.xyz

Privacy Policy | Stoxhub