Version 1.0 — Effective 18 March 2026
TOVE is operated as a sole proprietorship. For data protection inquiries contact: [e-post skyddad].
We collect: email address and password (via Supabase Auth); investor preferences (markets, risk level, time horizon); AI-generated briefs and scenarios linked to your account; subscription and payment data (via Stripe — we never store card numbers); optional: your own AI API keys (stored encrypted with AES-256).
We process your data on the basis of contract performance (to provide the service you signed up for) and your explicit consent given at registration. You may withdraw consent at any time by deleting your account.
We use your data to: deliver personalized daily briefs; process subscription payments; send transactional emails (brief delivery, account confirmations); improve the service. We do not sell your data to third parties.
We use the following sub-processors: Supabase (database hosting, EU region); Stripe (payment processing); OpenAI / Google Gemini / Groq (AI generation — queries may be sent to these services); Resend (transactional email); Vercel (hosting and infrastructure). Each processor is bound by a data processing agreement.
We retain your data for as long as your account is active. Upon account deletion, personal data is erased within 30 days except where retention is required by law (e.g. invoicing records for 7 years under Swedish bookkeeping law).
Under GDPR you have the right to: access a copy of your data; correct inaccurate data; delete your data (right to erasure); restrict or object to processing; data portability. To exercise these rights, email [e-post skyddad].
We use only essential cookies: an authentication session cookie (Supabase) and a language preference cookie (NEXT_LOCALE). We do not use tracking or advertising cookies.
We use industry-standard security measures including TLS encryption in transit, encrypted storage for sensitive credentials, and row-level security policies on all database tables.
We will notify you of material changes to this policy at least 14 days in advance via email or in-app notice.
Data protection inquiries: [e-post skyddad].