Privacy Policy
The short version. The Qovaryx Software runs on your computer. We do not collect your trades, your positions, your P&L, or your broker credentials. We collect a small set of identifiers needed to license, update, and protect the Software, plus your email at signup and the data Stripe needs to charge your card. We never sell your personal information.
Contents
§1. Information We Collect
We collect only the following categories of information (“Personal Information”) in connection with the Service:
| Category | What it is | Where it comes from |
|---|---|---|
| Install ID | A randomly generated UUID created on your machine the first time you launch the Software, used to identify a single installation for licensing and update purposes. | Generated locally by the Software. |
| Hardware Fingerprint | A SHA-256 cryptographic hash derived from your CPU identifier, primary network MAC address, and operating-system identifier. Raw hardware values are never transmitted or stored. | Computed locally; only the hash is sent. |
| Software Version & OS | The version of the Software you are running and the major version of your operating system (e.g., “Windows 11”). | Sent with license heartbeats and update checks. |
| Country | Two-letter country code derived from Cloudflare network headers on incoming HTTPS requests (e.g., for export-compliance and analytics). | Provided by Cloudflare on request headers. |
| Email Address | The email address you provide at account signup, used for billing receipts, security notices, and transactional communications. | Provided by you at signup. |
| IP Hash | A salted SHA-256 hash of your IP address, used to detect download abuse and rate-limit the Service. Raw IP addresses are not retained in our application logs. | Derived server-side from your network request. |
| Payment Data | Card data and billing address are collected and stored by Stripe under Stripe’s Privacy Policy; we receive only payment status, last-four digits, and a Stripe customer identifier. | Collected by Stripe during checkout. |
§2. How We Use Information
We use the categories of Personal Information described above for the following purposes:
- Service operation. To license, activate, update, and provide technical support for the Software on your computer.
- Billing. To process Subscription Fees, issue receipts, and recover failed payments through Stripe.
- Security and fraud prevention. To detect, prevent, and respond to license abuse, credential sharing, download abuse, account takeover, and other security incidents.
- Aggregate analytics. To understand how many installations are active, on which operating systems, and in which countries, in order to plan capacity and prioritize features. This is performed on aggregated, non-personally-identifying data.
- Transactional communications. To send service-related notices such as receipts, security alerts, material legal updates, and trial-ending reminders. We do not send marketing emails without your separate opt-in.
- Compliance with law. To comply with applicable laws, regulations, tax obligations, and lawful requests from public authorities.
We do not sell your Personal Information, and we do not share it for cross-context behavioral advertising (as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, the “CCPA”).
§3. What We Do Not Collect
The Service is intentionally minimal in what it collects. We do not collect, transmit to our servers, or store:
- your trade orders, trade history, positions, P&L, or watchlists;
- your brokerage credentials, API keys, OAuth tokens, or account numbers;
- your raw chart data, market data feeds, or any quote stream you receive from your broker;
- any conversation, prompt, or chat content you exchange with the local Qovaryx AI cluster;
- your contacts, files, browsing history, microphone, camera, or other unrelated device content;
- your unhashed IP address (only a salted SHA-256 hash is retained); or
- raw hardware identifiers such as MAC addresses, CPU serial numbers, or disk serials.
The Qovaryx Software runs locally on your computer. The Software does not transmit trade decisions, positions, or broker credentials to our servers. Your broker keys live in encrypted storage on your machine and are used only by the Software to communicate directly with your broker’s API.
§4. Third-Party Services
We rely on a small number of vendors to operate the Service. Each vendor processes Personal Information only as needed for the function described below, under that vendor’s own privacy policy.
| Vendor | Function | Privacy notice |
|---|---|---|
| Stripe, Inc. | Payment processing, subscription billing, fraud screening. | stripe.com/privacy |
| Cloudflare, Inc. | DNS, edge network, DDoS protection, country-header injection, aggregated traffic analytics. | cloudflare.com/privacypolicy |
| Fly.io, Inc. | Hosting of our licensing, billing, and download API. | fly.io/legal/privacy-policy |
| Amazon Web Services — SES | Delivery of transactional email (receipts, trial reminders, security notices). | aws.amazon.com/privacy |
We do not authorize these vendors to use your Personal Information for their own marketing or advertising purposes.
§5. Cookies and Local Storage
Our website uses a minimal set of strictly necessary cookies and browser local-storage entries, including a session cookie used to maintain your checkout flow and a CSRF token used to protect form submissions. We do not use advertising cookies, third-party analytics trackers that profile individuals, or social-media re-targeting pixels. The Software itself does not set browser cookies; it stores license state in a local file under your operating-system user profile.
§6. Data Retention
We retain Personal Information only for as long as necessary for the purpose for which it was collected and to satisfy our legal, accounting, and reporting obligations:
- Install records (Install ID, Hardware Fingerprint hash, version, OS, country): retained for twenty-four (24) months after your last license heartbeat, then deleted or fully anonymized.
- Payment and tax records (Stripe customer ID, invoice metadata, country): retained for seven (7) years to comply with United States Internal Revenue Service record-keeping obligations and analogous foreign tax rules.
- Email address: retained while your account is active and for twenty-four (24) months thereafter, unless you request earlier deletion and we are not legally required to retain it.
- Security logs (IP hash, request metadata): retained for ninety (90) days.
You may opt out of transactional email at any time via the unsubscribe link in any email or by emailing [email protected]; certain billing-critical messages (e.g., receipts and security alerts) must continue while your account is active.
§7. Your Rights (CCPA and GDPR)
7.1 California Residents (CCPA / CPRA).
If you are a California resident, you have the right to:
- Know the categories and specific pieces of Personal Information we have collected about you, the sources, the business or commercial purpose for collection, and the categories of third parties with whom we share it;
- Delete Personal Information we have collected from you, subject to certain statutory exceptions;
- Correct inaccurate Personal Information;
- Opt out of the “sale” or “sharing” of Personal Information (we do not sell or share for cross-context behavioral advertising in any event);
- Limit the use of sensitive Personal Information (we do not collect sensitive Personal Information for the purposes that would trigger this right); and
- Non-discrimination: we will not deny you the Service, charge you a different price, or provide a different level of quality because you exercised any of these rights.
7.2 EU / UK / EEA Residents (GDPR / UK GDPR).
If you are located in the European Union, United Kingdom, or European Economic Area, you have the right to: access your Personal Information; rectify inaccurate data; erase data (“right to be forgotten”); restrict certain processing; object to processing based on our legitimate interests or for direct marketing; data portability; and to lodge a complaint with your local supervisory authority. Our lawful bases for processing are: performance of a contract (to operate the Service for you), legitimate interests (security, fraud prevention, aggregate analytics), and legal obligation (tax and accounting records).
7.3 How to Exercise Your Rights.
To exercise any of these rights, send a written request to [email protected] with the subject line “Privacy Request,” including your account email and the right you wish to exercise. We will verify your identity through your account email and respond within the timeframes required by applicable law (generally 45 days under the CCPA and 30 days under the GDPR). You may also designate an authorized agent to make a request on your behalf, subject to verification.
§8. Children’s Privacy
The Service is not directed to, and is not intended for use by, individuals under the age of eighteen (18). We do not knowingly collect Personal Information from anyone under 18. If you believe a child has provided us with Personal Information, please contact us at [email protected] and we will delete it.
§9. International Transfers
JE Horizon is established in the United States, and the servers that process Personal Information for the Service are located in the United States. If you access the Service from outside the United States, you acknowledge that your Personal Information will be transferred to, processed, and stored in the United States, which may have data-protection laws that differ from those of your country. Where required, we rely on appropriate transfer mechanisms such as the European Commission’s Standard Contractual Clauses.
§10. Security
We implement commercially reasonable administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, alteration, disclosure, or destruction. These include: TLS encryption for all data in transit between the Software and our API, encryption at rest for data stored in our hosting environment, salted SHA-256 hashing of hardware fingerprints and IP addresses (so that raw values cannot be reconstructed), tokenization of payment data via Stripe, role-based access controls, and periodic review of access logs. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
§11. Changes to This Policy
We may update this Policy from time to time. If we make a material change, we will provide notice at least thirty (30) days before the change takes effect, by posting the revised Policy at this URL and, where appropriate, by sending notice to your account email. The “Last updated” date at the top of this Policy reflects the latest revision. Your continued use of the Service after the effective date of a change constitutes your acceptance of the revised Policy.
§12. Contact
For privacy questions, requests, or complaints, please contact:
JE Horizon LLC
Attn: Privacy — Qovaryx Service
Email: [email protected]
Web: https://qovaryx.jehorizon.com