DOWNASDAQS&P 500TSLA·AVGO·NVDA·PLTR·HOOD·DOWNASDAQS&P 500TSLA·AVGO·NVDA·PLTR·HOOD·DOWNASDAQS&P 500TSLA·AVGO·NVDA·PLTR·HOOD·
AI-Powered Investment
From Market Noise to Decision Intelligence

Privacy Policy

Last updated: May 12, 2026

1. What we collect

XingAI Invest AI ("the Service") collects the minimum data needed to operate:

  • Account data — if you sign in, we store your email, display name, and an authentication identifier from your sign-in provider (e.g. Google).
  • Usage data — pages viewed, features used, and analysis prompts. We retain prompts to power caching and improve the Service. Prompts are not sold or shared with third parties for advertising.
  • Technical data — IP address (hashed for rate-limiting), browser user-agent, locale, and approximate region.
  • No payment data at present. If we add paid plans, payment will be processed by a PCI-compliant provider (e.g. Stripe) and we will not see card numbers.

2. What we do not collect

  • Brokerage credentials or portfolio holdings, unless you explicitly connect a broker.
  • Bank account or credit card data.
  • Government-issued identification.
  • Precise geolocation.

3. Third-party services

We use a small set of third parties to operate the Service:

  • OpenAI / Google Gemini — your analysis prompts are sent to these providers to generate responses. Per their published policies, prompts submitted via their APIs are not used to train their public models.
  • Vercel — frontend hosting and analytics.
  • Supabase — authentication and database.
  • Market data providers — yfinance and similar public market data sources.

Each provider has its own privacy policy. We send only what is necessary for the Service to function.

4. How we use your data

  • To deliver the features you request (running analyses, saving your AI Decision Feed, etc.).
  • To cache results so the Service is faster and cheaper to run.
  • To detect abuse and prevent fraud or rate-limit violations.
  • To improve product quality (aggregated, non-identifying metrics).

We do not sell your personal data. We do not run third-party advertising trackers.

5. Cookies and local storage

We use first-party cookies and browser localStorage for essential functionality (session, theme, disclaimer acceptance). We do not use third-party advertising cookies.

6. Data retention

We retain account data while your account is active. You may request deletion at any time by emailing hello@xingai.app. On deletion, we remove your account and identifying data within 30 days. Aggregated, anonymized analytics may be retained.

7. Your rights

Depending on your jurisdiction (EU/UK GDPR, California CCPA/CPRA, others), you may have the right to access, correct, export, restrict processing of, or delete your personal data. Email hello@xingai.app to exercise any of these rights. We will respond within 30 days.

8. Children

The Service is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us data, contact us and we will delete it.

9. Security

We use HTTPS for all traffic, hashed passwords (where applicable, via the auth provider), and access controls on production data. No system is perfectly secure; we cannot guarantee absolute security.

10. Changes to this Policy

We may update this Privacy Policy at any time. The current version is always at this URL. Material changes will be highlighted at the top of this page.

11. Contact

Privacy questions or data requests: hello@xingai.app.

XingAI — operator of XingAI Invest AI.

→ See also: Terms of Service