Privacy Policy

1. Introduction

Provectus Systems ("we," "us," or "our") is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, software platforms, and services (collectively, the "Services").

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide to us, including:

• Account Information: Name, email address, username, password, and profile information
• Contact Information: Email address, phone number, mailing address
• Financial Information: Payment card details, billing address, bank account information (processed securely through third-party payment processors)
• Identity Verification: Government-issued ID, Social Security number or tax identification number (as required by law for certain services)
• Brokerage Credentials: API keys, OAuth tokens, and authentication credentials for third-party brokerage accounts
• Communications: Messages, inquiries, and feedback you send to us
• Trading Data: Portfolio information, trading strategies, account balances, transaction history, and investment preferences

2.2 Information Collected Automatically

When you access our Services, we automatically collect:

• Device Information: IP address, browser type and version, device type, operating system, and unique device identifiers
• Usage Data: Pages visited, time spent on pages, links clicked, features used, session duration, and interaction with our platform
• Technical Data: Log files, error reports, performance metrics, and diagnostic information
• Location Data: General geographic location based on IP address
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 9)

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Brokerage Platforms: Account information, trading history, positions, balances, and transaction data from Charles Schwab, Alpaca Markets, Polygon.io, and other integrated brokers
• Market Data Providers: Real-time and historical market data, quotes, and financial information
• Authentication Services: Information from OAuth providers and single sign-on services
• Payment Processors: Transaction confirmation and payment status information
• Analytics Providers: Aggregated usage statistics and demographic information

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Provide and Improve Services

• Create and manage your account
• Process transactions and manage subscriptions
• Execute trades and manage your portfolio through integrated brokers
• Provide customer support and respond to inquiries
• Analyze usage patterns to improve our Services
• Develop new features and functionality
• Troubleshoot technical issues and fix bugs

3.2 Security and Fraud Prevention

• Verify your identity and prevent fraud
• Detect and prevent unauthorized access
• Monitor for suspicious or illegal activity
• Comply with legal obligations and regulatory requirements
• Protect the rights, property, and safety of our users

3.3 Communication

• Send transactional emails (account confirmations, password resets, trade confirmations)
• Provide important service updates and security alerts
• Send marketing communications (with your consent, which you can withdraw at any time)
• Request feedback and conduct surveys

3.4 Legal and Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from public authorities
• Enforce our Terms of Service and other policies
• Maintain records for tax and financial reporting purposes

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Third-Party Service Providers

We share information with trusted service providers who perform services on our behalf, including:

• Brokerage Services: Charles Schwab, Alpaca Markets, and other brokers to execute trades and access account information
• Market Data: Polygon.io and other data providers for real-time and historical market information
• Cloud Infrastructure: Amazon Web Services, Google Cloud, or similar providers for hosting and storage
• Payment Processing: Stripe, PayPal, or other processors to handle transactions
• Email Services: Providers for sending transactional and marketing emails
• Analytics: Google Analytics and similar tools for usage analysis
• Customer Support: Help desk and support ticketing systems

These service providers are contractually obligated to use your information only to provide services to us and are required to maintain the confidentiality and security of your information.

4.2 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Subpoenas, court orders, or legal process
• Requests from law enforcement or government agencies
• Protection of our legal rights or defense of legal claims
• Investigation of fraud, security issues, or violations of our Terms
• Emergency situations involving danger of death or serious physical injury

4.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

4.5 Aggregated and Anonymized Data

We may share aggregated or anonymized information that cannot reasonably be used to identify you for research, marketing, analytics, or other purposes.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: Data is encrypted in transit using TLS/SSL protocols and at rest using industry-standard encryption
• Access Controls: Role-based access controls limit employee access to personal information
• Authentication: Multi-factor authentication for account access and administrative functions
• Security Audits: Regular security assessments and penetration testing
• Monitoring: Real-time monitoring for security threats and anomalous activity
• Incident Response: Documented procedures for responding to security incidents
• Secure Development: Security best practices in software development lifecycle

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Services and fulfill the purposes described in this Privacy Policy
• Comply with legal, tax, accounting, or regulatory requirements
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

When we no longer need your information, we will securely delete or anonymize it. For financial records and trading data, we may be required by law to retain information for specific periods (typically 7 years for tax purposes).

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Portability: Request a copy of your information in a structured, machine-readable format
• Object: Object to certain processing of your personal information
• Restrict: Request restriction of processing under certain circumstances

7.2 GDPR Rights (European Economic Area)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to withdraw consent at any time
• Right to lodge a complaint with your local data protection authority
• Right to object to processing based on legitimate interests
• Right not to be subject to automated decision-making, including profiling

Legal Basis for Processing: We process your personal information based on:

• Contractual necessity to provide our Services
• Legal obligations (regulatory compliance, tax reporting)
• Legitimate interests (fraud prevention, improving Services)
• Your consent (marketing communications, optional features)

7.3 CCPA Rights (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the "sale" of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

In the preceding 12 months, we have collected the categories of personal information described in Section 2, disclosed information to service providers as described in Section 4.1, and have not sold personal information.

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@provectus-systems.com. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

You may also update your account information directly through your account settings.

8. Marketing Communications

With your consent, we may send you promotional emails about new features, products, special offers, or other information. You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your preferences in your account settings
• Contacting us at privacy@provectus-systems.com

Please note that even if you opt out of marketing communications, we will still send you transactional and service-related emails (e.g., account confirmations, password resets, trade notifications).

9. Cookies and Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our Services. We use the following types of cookies:

9.2 Types of Cookies

• Essential Cookies: Required for the Services to function properly (e.g., authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use our Services (e.g., Google Analytics)
• Advertising Cookies: Used to deliver relevant advertisements (with your consent)

9.3 Managing Cookies

Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies or alert you when cookies are being sent. Please note that disabling certain cookies may affect the functionality of our Services.

9.4 Do Not Track

Some browsers have "Do Not Track" features. Currently, there is no industry standard for how to respond to Do Not Track signals, and we do not respond to such signals at this time.

10. International Data Transfers

Our Services are operated in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, stored, and processed in the United States.

The United States may not have the same data protection laws as your jurisdiction. However, we take steps to ensure that your personal information receives an adequate level of protection, including:

• Implementing appropriate safeguards such as Standard Contractual Clauses
• Ensuring third-party service providers provide adequate protection
• Complying with applicable data protection laws and regulations

By using our Services, you consent to the transfer of your information to the United States and other jurisdictions where we operate.

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe we have collected information about a child, please contact us immediately at privacy@provectus-systems.com, and we will take steps to delete such information.

12. Third-Party Websites and Services

Our Services may contain links to third-party websites, applications, or services, including brokerage platforms and market data providers. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you use.

When you connect your brokerage accounts through our platform, you are subject to the privacy policies and terms of service of those brokerage firms. We recommend reviewing their policies before authorizing access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last Updated" date at the top of this page
• Sending you an email notification (for significant changes)

Your continued use of our Services after such notification constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: