Legal
Privacy Policy
Our pledge: We do not sell your data. We do not advertise with your portfolio data. Your portfolio information is yours.
Clavix is operated by Andover Digital LLC (“we,” “us,” “our”). The Clavix iOS app is distributed on the Apple App Store. The App Store may display an individual developer name as the seller for Apple distribution purposes. Andover Digital LLC operates the Clavix service, handles personal information as described in this policy, and provides support and the product experience.
1. Scope
This policy applies to all users of the Clavix service in the United States. Clavix is intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18.
The Clavix iOS app is available through the Apple App Store. Apple collects certain information as described in Apple’s own privacy policy. This policy covers only our handling of your information.
2. Information We Collect
2.1 Information You Provide to Create and Manage Your Account
| Data | Purpose | Required? |
|---|---|---|
| Email address | Account creation, authentication, account-related communication | Yes |
| Display name | To personalize your experience | Optional |
| Birth year | To personalize your experience | Optional |
2.2 Information You Provide to Use the Service
Portfolio holdings. When you add positions, you provide ticker symbols, number of shares, average purchase price, and optionally a purchase date. This information is stored with your account and used to generate personalized risk analysis.
Watchlist items. Ticker symbols you add to your watchlist are stored with your account.
Alert and notification preferences. You can configure which alerts you receive, quiet hours, delivery time, and digest length.
2.3 Information Provided for Push Notifications
If you enable push notifications, we receive a device token provided by Apple’s Push Notification service (APNs). This token is used solely to deliver notifications you have requested. You can disable push notifications at any time in your iOS Settings.
2.4 Information Collected Automatically
We collect limited technical information to operate and secure the service:
- IP address — collected temporarily for rate limiting, security, and operational monitoring. Not stored long-term.
- Request metadata — the type of request, endpoint accessed, and timestamp are logged temporarily for debugging and performance monitoring.
We do not collect session recordings, advertising identifiers, or cross-site behavioral tracking. We do not sell your data to third parties.
2.5 App Usage and Crash Data
Product interaction events. The app records limited in-app events (such as when the upgrade screen is viewed or when a subscription is initiated) to help us understand how the product is used and improve it. These events are stored on our servers tied to your user account. No third-party advertising or analytics network receives this data.
Crash and performance reports. We use Sentry to automatically collect crash reports and limited performance traces when the app encounters an error. Reports may include a stack trace, a device model category, iOS version, and a session identifier generated by Sentry. Crash data does not include your name, email address, or portfolio holdings. Sentry acts as our service provider and, under its standard terms and data processing terms, does not use crash data for its own purposes such as advertising.
2.6 Subscription and Purchase Information
Apple processes all subscription payments. We do not receive or store your payment card or bank account details. To verify and provide subscription access, we receive and store Apple-signed transaction identifiers, product ID, subscription status, introductory-offer status, purchase date, expiration date, and App Store environment. This purchase history is linked to your Clavix account and used only for billing verification, fraud prevention, customer support, and enabling Pro features.
2.7 Brokerage Connections
Brokerage account connections are not available in the current version of the app. If brokerage connection becomes available in a future update, we will update this policy.
3. How We Use Your Information
- To provide the Clavix service. This includes generating personalized risk scores, daily briefings, news filtering, and alerts based on your portfolio and preferences.
- To communicate with you. We may send you account-related communications (e.g., password reset emails). We do not send marketing emails.
- To improve the service. We may analyze aggregated, de-identified data to improve the product.
- To secure the service. We monitor for unauthorized access, abuse, and technical issues.
- To comply with legal obligations.
4. AI and Model Processing
Clavix uses artificial intelligence (AI) and large language models (LLMs) to generate risk scores, portfolio briefings, news sentiment analysis, and explanatory content. Our AI provider is MiniMax, an artificial intelligence company based outside the United States. This means some of your portfolio data is transmitted to and processed on servers outside the United States, including in Asia.
What is sent to the AI provider: When we generate analysis for your portfolio, we may send your portfolio positions (ticker symbols, share counts, cost basis), portfolio value context, and recent news articles or market data related to your positions.
What is not sent: Your name, email address, user ID, and other direct identifiers are not sent to the AI provider. We do not transmit anything that directly identifies you by name.
How MiniMax may use this data: We access MiniMax through its standard commercial API. We do not have a negotiated, individually signed data processing agreement with MiniMax. MiniMax’s handling of data submitted through its API is governed by MiniMax’s own terms of service and privacy policy, which you should review if this matters to you. Under those standard terms, MiniMax may process, retain, or otherwise handle submitted content in accordance with its policies. We do not control MiniMax’s practices, and we cannot guarantee that submitted content is not retained or used to operate or improve its services. To reduce exposure, we minimize what we send and strip direct identifiers as described above.
Opt-out: AI processing is integral to the core service. If you do not want your portfolio data processed by AI or transmitted outside the United States, you should not use the service.
5. How We Share Your Information
We do not sell, rent, or trade your personal information. We share your information only in the following limited circumstances:
5.1 Service Providers (Subprocessors)
| Provider | Service | Data Shared |
|---|---|---|
| Supabase | Database hosting, authentication | All app data (encrypted at rest, US-hosted) |
| MiniMax (processed outside the US) | AI/LLM processing for risk scoring, digest generation, news analysis | Portfolio positions (ticker, shares, cost basis), article text (no name, email, or user ID) |
| Sentry | Crash reporting and performance monitoring | Crash traces, stack traces, device model category, iOS version (no personal account data) |
| Apple (APNs) | Push notification delivery | Device token, notification payload |
| Apple (App Store) | Subscription billing and entitlement verification | Apple-signed transaction identifiers, product, offer, purchase, expiration, and subscription status (no payment card details) |
| Polygon.io | Market data | Ticker symbols only (no personal data) |
| Finnhub | Financial data | Ticker symbols only (no personal data) |
| Tickertick | News discovery | Ticker symbols only (no personal data) |
| SEC EDGAR, FRED, stockanalysis.com | Public filings, macro, and fund reference data | Ticker symbols only (no personal data) |
| CNBC, Google News (RSS feeds) | Public market-news headlines | None (public feeds, no personal data sent) |
| Cloudflare | CDN, DNS, DDoS protection | HTTP request data (transient) |
| DigitalOcean | Server hosting | All app data processed on servers (US-hosted) |
5.2 Legal Requirements
We may disclose your information if required by law, court order, or government authority, or to protect our rights, property, or safety.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you through the app before your information becomes subject to a different privacy policy.
6. Data Storage and Security
- Your account data is stored on Supabase infrastructure hosted in the United States.
- Encryption in transit: TLS 1.2+
- Encryption at rest: AES-256
- Access to personal data is restricted to authorized personnel on a need-to-know basis.
International processing. While your account data is stored in the United States, some portfolio data is transmitted to our AI provider (MiniMax) for processing on servers outside the United States, as described in Section 4. By using the service, you consent to this transfer.
7. Data Retention
We retain your personal information for as long as your account is active. News articles and events are automatically deleted after 30 days.
Account deletion: When you delete your account through the in-app settings, we delete or anonymize your personal data.
8. Your Rights and Choices
- Access and portability. Download your account data through the in-app “Export Data” feature.
- Correction. Update your profile and preferences in Settings.
- Deletion. Permanently delete your account through in-app “Delete Account.”
- Push notifications. Enable or disable in iOS Settings or in-app.
To exercise any rights not available in-app, email [email protected]. We will respond within 30 days.
California residents (CCPA/CPRA): We do not sell or share your personal information as those terms are defined under the CCPA.
9. Children’s Privacy
The service is not directed to individuals under 18. We do not knowingly collect personal information from children under 18. Contact us at [email protected] if you believe a child has provided us with personal information.
10. Cookies
We use only essential session cookies to keep you logged in. We do not use advertising cookies, cross-site tracking, or third-party analytics scripts.
11. Changes to This Policy
We may update this Privacy Policy. When we make material changes, we will notify you through the app and update the “Last Updated” date.
12. Contact
Andover Digital LLC
Operator of Clavix
A Massachusetts limited liability company
57 Elm Street, Andover, MA 01810
Email: [email protected]
About the App Store seller. The Clavix iOS app is distributed on the Apple App Store through an Individual Apple Developer account. The App Store may display the individual developer’s name as the seller for Apple distribution purposes. Andover Digital LLC operates the Clavix service and is the responsible entity described in this policy.