Privacy Policy

This Privacy Policy explains how Inhype Live Limited (“we”, “us”, “our”), a company incorporated in England and Wales (Kemp House, 152–160 City Road, London, England, EC1V 2NX), collects, uses, stores, and shares personal data when you use value-agents.com (the “Service”).

We are the data controller for the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018. Where we transfer data internationally, the same regulations may apply. We treat your data with care and collect only what we need to run the Service.

By creating an account or using the Service you acknowledge that you have read this Policy. If you have questions, please contact us at hello@value-agents.com.

We collect data in three categories:

Account data

• Your name and email address, provided when you register.
• A hashed version of your password. We never store your password in plain text.
• Your IP address at the time of account creation.
• A Stripe customer ID, created automatically when you make a payment.

Usage data

• Tickers you have analysed, theses you have saved, and entries in your watchlist and portfolio.
• Pipeline events: the run identifier, timestamps, duration, and completion status for each analysis you trigger.
• Search queries entered on the platform.
• Standard server logs: HTTP method, URL path, response code, and timestamp. We do not build individual browsing profiles from these logs.

Billing data

• Invoice identifiers and the last four digits and card brand of your payment method, as surfaced to us by Stripe.
• We do not store full card numbers, CVV codes, or full account numbers. All card processing is handled directly by Stripe.

We rely on the following lawful bases under UK GDPR:

• Contract performance. We process account data and usage data to provide the Service: running analyses you request, storing your saved theses, managing your subscription, and sending transactional emails (receipts, password resets, email verification). This processing is necessary to fulfil our agreement with you; without it we cannot operate the Service.
• Legitimate interests. We process aggregated usage patterns and server logs to detect abuse, debug errors, and improve the platform. We balance this against your privacy interests and do not use your individual data to build behavioural profiles for advertising.
• Consent. We send marketing emails only if you have opted in. You can withdraw consent at any time by clicking the unsubscribe link in any marketing email or by emailing us. Transactional emails (receipts, security alerts) are sent on the basis of contract performance and are not affected by marketing opt-out.

We use a small number of strictly necessary cookies and local storage entries to operate the Service:

• va_token— a short-lived session token used to authenticate your requests after you log in.
• va_user— a lightweight identifier stored in local storage to avoid repeated server lookups during a session.

We do not use advertising cookies, third-party tracking pixels, or any cross-site tracking technology. We do not participate in any ad network or data-broker relationship.

We do not sell your personal data. We share it only with the following service providers, and only to the extent necessary for the Service to function:

• Stripe— payment processing. Stripe processes card data on our behalf under its own privacy policy and data-processing agreement.
• Transactional email provider(SendGrid, Postmark, or Resend, whichever is active at the time) — delivery of receipts, security alerts, and other account emails. We pass only your email address and the content of the relevant message.
• Hosting provider(Render and/or AWS) — our primary database and application servers are hosted in data centres located in the EU or UK. Infrastructure providers access data only to the extent required to operate the hardware.
• SEC EDGAR— when the Service fetches public filings, outbound HTTP requests include a User-Agent string that contains our contact email address, as required by EDGAR’s fair-use policy. No personal data about you is sent to EDGAR.

We do not share your data with data brokers, analytics platforms that track you across the web, or any large-language-model provider for training purposes.

Analyses are produced by passing structured data (publicly available financial figures, filing excerpts) and our internally developed prompts to large-language-model providers. We use these providers under enterprise agreements that include zero-retention and no-training-use commitments: the data we send is not stored by the provider beyond the time needed to return a response, and is not used to train or improve their models.

We do not pass your name, email address, or other personal identifiers to LLM providers. Prompts contain only the ticker symbol, publicly available financial data, and our analytical instructions.

If our AI processing arrangements change materially, we will update this Policy and notify you in accordance with the Changes section below.

Your account data and generated theses are stored in our primary database, which is hosted in the EU or UK. Automated backups are retained in the same geographic region.

Stripe processes billing data globally in accordance with its own privacy policy. Where Stripe transfers data outside the UK or EU, it relies on Standard Contractual Clauses and other approved transfer mechanisms.

We retain account data for as long as your account is active. If you close your account, we retain the minimum information necessary to meet our legal and financial obligations (including UK tax law) for a period of seven years after closure, after which it is securely deleted.

Generated theses and saved research notes are retained while your account is active. You can request deletion of individual theses at any time by contacting us. We will action deletion requests within 30 days unless retention is required by law.

Server logs are automatically purged after 90 days.

Under UK GDPR you have the following rights with respect to your personal data:

• Access. Request a copy of the personal data we hold about you.
• Rectification. Ask us to correct inaccurate or incomplete data.
• Erasure. Request deletion of your personal data, subject to legal retention requirements.
• Portability. Request your data in a structured, machine-readable format.
• Restriction. Ask us to limit processing in certain circumstances, for example while a dispute is being resolved.
• Objection. Object to processing based on legitimate interests.
• Withdraw consent. Where we rely on consent (such as for marketing emails), you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

To exercise any of these rights, email hello@value-agents.com with the subject line “Data request”. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk).

We take reasonable technical and organisational measures to protect your data:

• All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
• Passwords are stored as bcrypt hashes with an appropriate cost factor; we cannot retrieve your password in plain text.
• Payment card data is handled entirely by Stripe and never touches our servers.
• Internal access to production data is logged and restricted to authorised personnel.

No system is perfectly secure. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you and, where required, the relevant supervisory authority in accordance with applicable law.

The Service is not directed at or intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Our primary infrastructure is located in the EU or UK. When personal data is transferred to countries outside these regions (for example, when Stripe processes payments through its US infrastructure, or when our transactional email provider routes messages through servers in the United States), we ensure appropriate safeguards are in place.

For Stripe, those safeguards are the Standard Contractual Clauses approved by the European Commission and adopted under UK law, as referenced in Stripe’s Data Processing Agreement. For other sub-processors we require equivalent protections before any transfer takes place.

We may update this Privacy Policy from time to time to reflect changes in our practices, service features, or legal requirements. When we make material changes, we will notify you by email and/or by a prominent in-app notice at least 14 days before the changes take effect.

The updated Policy will always be accessible at value-agents.com/legal/privacy. Continued use of the Service after the effective date of the revised Policy constitutes your acknowledgement of the changes.

Inhype Live Limited is the data controller for all personal data processed in connection with the Service. A Data Protection Officer is not required for a company of our size; the contact for all privacy matters is:

Inhype Live Limited
Kemp House, 152–160 City Road
London, England, EC1V 2NX
hello@value-agents.com