Privacy Policy
Effective June 22, 2026
1. Who we are
This Privacy Policy explains how Bishop Capital Intelligence Inc., a Delaware C corporation ("Bishop Capital Intelligence," "we," "us," or "our"), collects, uses, and protects personal data when you use our website and equity-research platform (the "Service").
Contact for privacy inquiries: Bishop Capital Intelligence Inc. 8 The Green, Suite B Dover, Delaware 19901, USA Email: support@bishopcapitalintelligence.com
We are the controller of your personal data. (A dedicated privacy@ address may be added
later; until then, privacy and data-rights requests are handled at the address above.)
2. Our privacy posture, plainly stated
We built this platform to respect your privacy by default. Specifically, and as described in detail below:
- We use no analytics, telemetry, tracking pixels, advertising SDKs, or third-party tracking cookies. None. We do not profile you, and we do not sell or share your data for advertising.
- The only data we store about you is the data you give us to run your account, plus a log of which stock tickers you have analyzed (so we can apply your plan's usage limits).
- Our application does not collect your IP address, phone number, device identifiers, or geolocation.
- The only thing stored in your browser is your login session — there are no tracking cookies, so we display no cookie-consent banner.
This is not marketing language; it is a description of how the system is actually built, and you can hold us to it.
3. Personal data we collect
We collect only the following categories of personal data, all of which you provide directly or which are generated by your use of your account:
| Data | Why we collect it |
|---|---|
| Full name | To identify your account and personalize communications |
| Email address | To create and secure your account, verify it, and send service emails |
| Password | To secure your account. Your password is hashed by our authentication provider (Supabase); we never store, see, or have access to your plaintext password |
| Company name (optional) | If you choose to provide it during signup or on the Institutional waitlist |
| Stripe customer and subscription identifiers | To manage your subscription and billing |
| Waitlist notes (optional) | Free-text you choose to provide when joining the Institutional waitlist |
| Usage events | A record of which stock tickers you have valued and when, used to apply your plan's usage limits and to show you your recent analyses |
| Email-verification token hashes | A one-way hash used to verify your email address; the underlying token is never stored |
We do not collect: IP addresses, phone numbers, device or browser fingerprints, precise or approximate geolocation, or any special-category ("sensitive") personal data.
Note that the financial and market reference data shown in the Service — company fundamentals, prices, filings, and valuation outputs — is impersonal public-market data and analytical output. It is not your personal data, even where it is associated with your account for your convenience.
4. Where your data is stored, and data minimization in our logs
Your personal data is stored in a Supabase (PostgreSQL) database. Row-level security is enabled on every table, which means your account can read only your own rows.
We deliberately minimize what appears in our operational logs. Server logs reference only internal user identifiers, ticker symbols, billing-provider identifiers, and email-message identifiers — never your name, email address, password, or IP address.
5. How we use your data
We use your personal data only to:
- create, secure, verify, and operate your account;
- provide the analytical features of the Service and apply your plan's usage limits;
- process your subscription and payments;
- send you transactional service communications (account verification, password resets, subscription and billing notices, purchase and renewal confirmations, annual renewal reminders, and advance price-change notices, and similar);
- send you marketing and promotional communications about our own product — such as new-feature announcements, the Institutional-tier launch, and occasional offers (for example, a Founder's Welcome Discount) — only where permitted, and always with a way to opt out (see "Your communication choices" below); and
- comply with our legal obligations and enforce our Terms of Service.
We do not use your data for advertising, behavioral profiling, or sale to third parties. Our marketing goes only to our own users, about our own product; we do not track you to build advertising profiles, and we do not share your data with ad networks.
Legal bases (for users in jurisdictions that require one, such as the EU/EEA and the UK). We rely on: performance of a contract (operating your account and subscription); legitimate interests (securing the Service, preventing abuse, applying usage limits, and the processing of technical request metadata — including IP addresses — by our hosting providers for the security and operation of the Service); and legal obligation (tax and accounting records). For marketing email, our basis for EU/EEA and UK users is consent, which you may withdraw at any time. For all users, every marketing message includes a working unsubscribe link and our postal address, consistent with the US CAN-SPAM Act.
Your communication choices
- Transactional email (verification, password resets, billing and subscription notices) is part of the Service and cannot be opted out of while you have an account.
- Marketing email is optional. You can opt out at any time using the unsubscribe link in any marketing message, or by contacting support@bishopcapitalintelligence.com. Opting out of marketing does not affect transactional service email.
6. Sub-processors and third-party services
We rely on a small set of carefully chosen service providers. Each receives only the data necessary for its function:
| Provider | Purpose | Personal data it receives |
|---|---|---|
| Supabase | Authentication and database (our primary data store) | All of your account data |
| Stripe | Payment and subscription processing | Your email and internal user ID. Card details are entered on Stripe's own hosted checkout and never touch our servers. |
| Resend | Outbound transactional and marketing email | Your email address and name (for the message greeting) |
| Proton | Inbound support mailbox | The contents of any email you send us |
| Financial Modeling Prep | Market data (prices and analyst estimates) | None — receives ticker symbols only, no user data |
| SEC EDGAR | Public company filings | None — no user data is sent |
Hosting providers. Our front end is hosted on Vercel and our analytical back end on Railway. Because the Railway back end handles your requests and communicates with our database and other sub-processors (Supabase, Stripe, Resend), it processes personal data in transit as it routes those requests; it does not maintain its own separate store of your account data. Both hosting providers also process technical request metadata — which can include IP addresses — for the security and operation of the Service, even though our application itself does not collect or store your IP address.
We do not use Anthropic, OpenAI, or any other AI provider to process your personal data or to generate the platform's analytical outputs.
7. No tracking, no advertising
We want to be unambiguous: the Service contains no web analytics, product telemetry, tracking pixels, advertising or marketing SDKs, social-media trackers, or third-party tracking cookies of any kind. We do not track you across the web, build advertising profiles, or share your activity with ad networks.
8. Cookies and local storage
The only client-side storage the Service uses is the authentication session token placed in your browser's local storage by our authentication provider (Supabase) when you log in. This is strictly necessary to keep you logged in and to secure your session.
Because we use only this strictly-necessary storage and set no analytics, advertising, or other non-essential cookies, we display no cookie-consent banner.
9. International users and data transfers
The Service is operated from the United States, and your account data is processed and stored in the United States. Our infrastructure regions are:
- Supabase — West US (Oregon)
- Railway — US West
- Vercel — US-East (
iad1)
The one exception is inbound support email: messages you send to support@bishopcapitalintelligence.com are handled by our mailbox provider, Proton, in Switzerland. That is the sole location where any of your personal data is processed outside the United States.
If you access the Service from outside the United States, your personal data will be transferred to and processed in the United States. Where required by applicable law, such transfers rely on appropriate safeguards, such as the Standard Contractual Clauses and/or the EU-US Data Privacy Framework with our sub-processors.
Not directed at EU/EEA or UK residents. The Service is intended for users in the United States and is not directed at residents of the EU/EEA or the United Kingdom. We do not currently offer the Service to, or knowingly process the personal data of, individuals in those regions. Should we offer the Service there in the future, we will implement the additional measures those laws require.
10. Data retention
We retain your personal data only as long as we need it:
- Account data (name, email, company) is retained while your account is active and for 30 days after you request deletion, to allow recovery from error and to meet our legal obligations.
- Payment and transaction records are retained for 7 years for tax and accounting purposes. This includes the billing and subscription records we keep for our own accounting, in addition to records held by our payment processor (Stripe).
- Usage events (tickers valued and timestamps) are retained while your account is active.
- Consent records (your acceptance of our legal agreements and your auto-renewal consent): retained while your subscription is active, and afterward as proof of your prior consent.
When data is no longer needed, we delete or anonymize it.
11. Your rights and choices
We give you direct control where we can, and handle the rest by request.
Self-serve today (in your account):
- View and update your name and company name on the Account page.
- View your subscription details and your valuation/analysis history.
- Change your email — currently handled through our support team (write to support@bishopcapitalintelligence.com); self-serve email change is on our roadmap.
- Reset your password through the password-reset flow.
- Manage marketing email via the unsubscribe link in any marketing message, or by contacting support (see "Your communication choices" in §5).
By request to support@bishopcapitalintelligence.com:
- Data access / export (portability): We will provide a copy of the personal data associated with your account. This is currently a manual process handled by our team.
- Account and data deletion: We will delete your account and associated personal data. This is currently a manual process. Deletion removes your profile, account, and associated usage records. Certain records are retained where the law requires — notably payment and transaction records kept for tax and accounting purposes — and impersonal market/reference data is unaffected because it is not your personal data.
We aim to respond to access, export, and deletion requests within 30 days, or as otherwise required by applicable law.
Jurisdictional rights. Depending on where you live, you may have additional rights under local law:
- EU/EEA and the UK: rights of access, rectification, erasure, restriction of processing, data portability, and objection, as well as the right to lodge a complaint with your local supervisory authority.
- California: rights to know, access, delete, and correct your personal information, and the right not to be discriminated against for exercising them. We do not sell or share personal information as those terms are defined under California law.
- Other jurisdictions (including applicable Asia-Pacific regimes): you may have comparable rights under your local law.
To exercise any of these rights, contact us at support@bishopcapitalintelligence.com. To protect your data, we verify that a request comes from the email address on file for the account before acting on it (we may ask for additional confirmation where reasonably necessary; our full verification protocol is maintained internally). We will not discriminate against you for exercising your rights.
12. Security
We protect your data with industry-standard measures, including encrypted transport (HTTPS), hashed passwords managed by our authentication provider, row-level security isolating each user's data, and least-privilege access to our systems. No method of transmission or storage is perfectly secure, but we work to protect your information and to limit what we collect in the first place.
Breach notification. In the event of a personal-data breach affecting you, we will notify affected users and the relevant authorities as and when required by applicable law.
13. Children
The Service is intended for adults. It is not directed to anyone under 18, and we do not knowingly collect personal data from children. If you believe a minor has provided us personal data, contact us and we will delete it.
14. Changes to this policy
We may update this Privacy Policy from time to time.
- For non-material updates, we will revise the "Effective" date; your continued use of the Service after reasonable notice constitutes acceptance.
- For material changes, we will provide notice and — where required by law or otherwise appropriate — obtain your affirmative consent or give you an opportunity to decline before the change takes effect.
15. Contact us
Questions or requests regarding this Privacy Policy or your personal data:
Bishop Capital Intelligence Inc. 8 The Green, Suite B Dover, Delaware 19901, USA support@bishopcapitalintelligence.com