Privacy Policy
1. Introduction
TalkStock (hereinafter referred to as "the Platform," "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, process, use, and safeguard your personal data in accordance with international data protection principles, including the General Data Protection Regulation (GDPR) and other applicable privacy laws.
This Policy applies to all personal data provided by or generated through your use of the TalkStock website, applications, and related services (collectively, "the Service"). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Personal Data Collected
In the course of providing the Service, we may collect the following categories of personal data:
Account Registration Data
- Email address (required for registration and login)
- Username (display name)
- Profile avatar (optional, including uploaded images or avatars provided by third-party accounts)
- Password (stored in encrypted form; we cannot access your plaintext password)
Login and Activity Records
- Login IP address, login timestamps, and login frequency
- Device type, browser information, and operating system version
- Failed login attempts (used for account security protection)
Service Usage Data
- AI chat history (your conversations with the AI assistant)
- Stock query records and screening filter criteria
- Feature usage preferences and settings
Payment Data
- Subscription plan and billing cycle information
- Payment transaction records (processed through third-party payment platforms; we do not store your credit card numbers)
Technical Data
- JWT (JSON Web Token) authentication information
- Session cookies (used solely to maintain your login session)
- Third-party OAuth authorization tokens (when using third-party account login)
3. How We Use Your Data
We use the personal data we collect for the following purposes:
- Providing Core Services: Including account management, AI-powered chat analysis, stock data queries, smart stock screening, and market quote display.
- Authentication and Security: Verifying your identity, preventing unauthorized access, and detecting and preventing fraud and account misuse.
- Improving AI Quality: Analyzing anonymized conversation patterns and user feedback to enhance the accuracy and user experience of our AI analysis. Your personalized conversation content is not directly used to train third-party AI models.
- Security Protection: Monitoring for anomalous activity, defending against malicious attacks, and maintaining system security and stability.
- Service Notifications: Sending service-related communications, including account security alerts, subscription status changes, and terms of service updates. We do not send marketing messages without your prior consent.
4. Third-Party Data Sharing
We will never sell, rent, or otherwise commercially trade your personal data.
To deliver the full functionality of the Service, we may share necessary data with the following categories of third-party services:
- AI Language Model Services: To process your AI chat requests. Conversation content is transmitted to third-party AI services for natural language processing, but does not include personally identifiable information. All transmissions are encrypted via HTTPS.
- Third-Party Authentication Services: If you choose to log in using a third-party account, that service will provide the basic information you have authorized (such as email address, display name, and avatar).
- Cloud Data Storage Services: Used as our user data storage infrastructure. Data is stored in cloud data centers located in the Asia-Pacific region, protected by enterprise-grade security standards.
- Third-Party Payment Processors: To handle subscription payment transactions. We do not directly process your credit card information; all payments are securely handled by third-party payment services.
Beyond the above, we will only disclose your personal data in the following circumstances:
- With your explicit written consent.
- As required by law, court order, or lawful request from a governmental authority.
- To protect the rights, safety, or property of the Platform, our users, or the public.
6. Data Security
We implement the following technical and organizational measures to protect your personal data:
- Password Hashing: All user passwords are encrypted using industry-standard hashing algorithms. Even in the event of unauthorized database access, plaintext passwords cannot be recovered.
- Encryption in Transit: All data transmissions are encrypted via HTTPS (TLS 1.2 or higher), preventing man-in-the-middle attacks and eavesdropping.
- JWT Authentication: We use JSON Web Token-based authentication with configurable expiration times to reduce the risk of token compromise.
- Account Lockout: After 5 consecutive failed login attempts, the account is temporarily locked for 30 minutes to prevent brute-force attacks.
- Two-Factor Authentication (2FA): Optional two-factor authentication is available as an additional layer of account security.
While we are committed to protecting the security of your data, please be aware that no method of electronic transmission or storage over the Internet can be guaranteed to be 100% secure.
7. Your Data Rights
In accordance with applicable data protection laws, including the GDPR and other international privacy regulations, you have the following rights with respect to your personal data:
- Right of Access: You have the right to request information about the personal data we hold about you and how it is being used.
- Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request correction or supplementation.
- Right to Erasure: You have the right to request the deletion of your personal data. After account deletion, we will remove your data within a reasonable period, except where retention is required by law.
- Right to Data Portability: You have the right to request your personal data in a structured, machine-readable format.
- Right to Restriction of Processing: Under certain circumstances, you have the right to request that we restrict the processing of your personal data.
- Right to Withdraw Consent: You may withdraw your consent to data processing at any time, without affecting the lawfulness of processing carried out prior to the withdrawal.
To exercise any of the above rights, please contact us at support@talkstock.ai. We will respond to your request within 15 business days of receipt.
8. Data Retention
We apply different retention periods based on the nature and purpose of the data:
- Account Data: Retained for the duration of your active account. After account deletion, all data will be fully removed within 30 days.
- AI Chat History: Retained for 90 days, then automatically deleted. You may manually delete your chat history at any time.
- Login Logs: Retained for 180 days for security monitoring and anomaly detection purposes.
- Payment Transaction Records: Retained for 5 years in compliance with applicable commercial accounting regulations.
- Cache Data: Automatically expires and is cleared based on configured TTL (Time-to-Live) settings for each cache type.
When data exceeds its retention period, we will securely delete or anonymize it.
9. Children's Privacy
The Service is not designed for or directed at individuals under the age of 16. We do not knowingly collect personal data from users under 16 years of age.
If we discover that we have inadvertently collected personal data from a user under 16, we will promptly take steps to delete the data and deactivate the associated account. If you are a parent or guardian and become aware that your child has provided personal data without your consent, please contact us immediately at support@talkstock.ai.
10. Cross-Border Data Transfer
To provide the Service, some of your data may be transferred to and processed in regions outside of your country of residence:
- Local Database: Stock market data is stored on local servers in Taiwan and does not involve cross-border transfer.
- Cloud Data Storage (Asia-Pacific Region): User account and authentication data is stored in cloud data centers in the Asia-Pacific region, protected by enterprise-grade security standards.
- AI Language Model Services (Overseas): AI chat processing requests are transmitted to overseas third-party AI service servers. Only conversation text is transmitted; no personally identifiable information is included. All transmissions are encrypted via HTTPS.
Where personal data is transferred outside of the European Economic Area (EEA) or other regions with data protection requirements, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms, to protect your data during cross-border transfer. If you have any concerns about cross-border data transfers, please contact us.
11. Policy Changes
We reserve the right to update or modify this Privacy Policy at any time. When changes are made:
- The revised policy will be posted on this page with an updated "Effective Date."
- For material changes (such as new data collection categories, changes in data usage purposes, or new third-party sharing partners), we will notify you via email.
- Your continued use of the Service after a policy change constitutes your acceptance of the revised Privacy Policy.
- If you do not agree with the updated policy, please discontinue use of the Service and contact us to delete your account.
We recommend that you periodically review this page to stay informed about our current privacy practices.
12. Contact Us
If you have any questions, comments, or wish to exercise your personal data rights regarding this Privacy Policy, please contact us through the following channels:
- Service Name: TalkStock AI Stock Analysis Platform
- Email: support@talkstock.ai
We will respond to your inquiry within 5 business days. Requests relating to personal data rights will be processed within 15 business days.