1. Who we are
Ploutos AI (the Service) is operated by the founder as a sole proprietorship based in Greece. For any privacy related question contact hello@ploutos-ai.com.
2. What we collect
Account data: email, optional display name, hashed password if you set one, Google account id if you sign in with Google. Usage data: analyses you submit (tickers), chat history, alerts you set, runs we executed for you. Early access list data: the email address you submit to receive early access invitations, offers and product updates, stored only after you confirm via a double opt-in link, together with the language you signed up in and, optionally, the investor type and investing frequency you tell us. Technical data: IP address (transient, used for rate limiting and the anti-bot check), user agent, request logs (retained 30 days). Analytics: pageviews and custom events captured by PostHog, only after you accept the analytics cookie. PostHog stores this in the EU (Frankfurt).
3. Why we collect it
To run the Service (account, analyses, billing). Legal basis: performance of contract. To communicate with you about your account and important Service changes. Legal basis: legitimate interest. To send you early access invitations, offers and product updates if you join the early access list. Legal basis: consent, given via the checkbox plus a double opt-in confirmation email, withdrawable anytime through the one-click unsubscribe link in every email. To protect signup and early access forms from bots and abuse (Cloudflare Turnstile). Legal basis: legitimate interest. To improve the Service through aggregated analytics. Legal basis: consent (the cookie banner). To comply with tax and accounting law. Legal basis: legal obligation.
4. Sub-processors
We use the following third parties to operate the Service. All have signed Data Processing Agreements where applicable.
| Vendor | Region |
|---|---|
| Anthropic | United States |
| OpenAI | United States |
| PostHog | European Union (Frankfurt) |
| Resend | United States |
| SEC EDGAR | United States |
| FRED (Federal Reserve) | United States |
| FINRA | United States |
| Marketaux | United States |
| DigitalOcean | European Union |
| Cloudflare (Turnstile) | Global edge network, processes only the captcha challenge token + IP |
| Stripe (when paid plans launch) | Ireland (EU) for EU customers |
5. Retention
Account data: while your account is active, plus 6 months after deletion (limited backups). Runs and chat history: while your account is active, plus 30 days after deletion. Early access list email: until you unsubscribe (we then mark it unsubscribed and stop sending). Billing records: 10 years (Greek tax law). Analytics events: 12 months rolling. Server logs: 30 days.
6. Your rights
Under the GDPR you have the right to access, correct, delete, restrict, port, or object to processing of your personal data. You can download a copy of your data or delete your account at any time from your profile page. Requests we cannot self serve through the app can be sent to hello@ploutos-ai.com and we respond within 30 days. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (dpa.gr).
7. Security
Passwords are hashed with argon2id. Sessions use HTTP-only secure cookies. All traffic is encrypted in transit via HTTPS. The database lives on a dedicated server in Frankfurt with daily backups. We do not store payment card details (Stripe handles that).
8. Cookies
Necessary cookies: session id, kept while you are signed in. Optional cookies: PostHog analytics, loaded only after you accept them in the banner. You can change your choice anytime through the floating cookie settings button at the bottom right.
9. Changes
Material changes to this policy will be notified by email or in app at least 14 days before they take effect.
10. Contact
Any privacy related question: hello@ploutos-ai.com