Privacy Policy
Last updated: July 2, 2026
This Privacy Policy explains how Investi ("the Service", available at tryinvesti.com) collects and uses your personal data. The Service is currently operated by its individual founder, who acts as the data controller for the processing described here ("we", "us", or "our"). We plan to incorporate a company in the European Union in the future; when that happens, that entity will become the controller and this policy will be updated.
For any privacy question or request, contact us at legal@tryinvesti.com.
1. What Data We Collect
Account data. When you sign in with your email (magic link) we collect your email address. When you sign in with Google, we receive your email address and basic Google profile information (such as your name). You may optionally add your first and last name in settings.
Content you create. Your conversations with the AI (including messages and the AI's responses), your notes, and your workspace files are stored so the Service can function.
Voice dictation. If you use voice dictation, your microphone audio is streamed to our transcription provider for real-time, speech-to-text conversion. We do not store the audio; only the resulting text becomes part of your message.
Usage data. We keep basic per-account usage metering (e.g., how much of the AI you have used) and cookieless, aggregated web analytics (page views, country-level location, device type). We do not use advertising or cross-site tracking.
Technical data. Like most web services, our infrastructure providers process IP addresses and browser information in server logs for security and operations.
2. Why We Process Your Data and on What Legal Basis
| Purpose | Data | Legal basis (GDPR Art. 6) |
|---|---|---|
| Providing the Service (accounts, chat, storage) | Account data, your content | Performance of a contract (Art. 6(1)(b)) |
| Voice dictation | Microphone audio (transient) | Performance of a contract (Art. 6(1)(b)) |
| Security, abuse prevention, usage limits | Technical data, usage metering | Legitimate interest (Art. 6(1)(f)) — keeping the Service safe and fair |
| Improving the Service during beta | Aggregated analytics, feedback you give us | Legitimate interest (Art. 6(1)(f)) — evaluating and improving a beta product |
| Responding to your messages | Email, message content | Legitimate interest (Art. 6(1)(f)) |
We do not use your data for marketing, we do not sell it, and we do not use your content to train AI models.
3. Who We Share Data With (Processors)
We use a small number of service providers to run the Service, under data processing agreements. Rather than list every vendor (which may change as the product evolves), here are the categories of recipients and what each receives:
- Authentication & database providers — process account data and your stored content (conversations, notes, usage) so the Service can function
- Hosting providers — process technical data as part of serving the Service, and provide cookieless, aggregated analytics
- AI model providers (accessed via a routing layer) — receive the content of your AI conversations in order to generate responses. Depending on the model you select, this may route to providers such as Anthropic, OpenAI, or Google. These providers do not use API data submitted through this channel to train their models, and may retain it briefly (typically a limited number of days) for abuse monitoring, per their standard API policies
- Voice transcription provider — processes microphone audio in real time to produce text, if you use voice dictation
- Web search provider — receives search queries generated by the AI on your behalf to look up current information
- Financial data providers — receive the ticker/company queries needed to return market data (not your identity)
- Sign-in providers — if you choose to sign in with a third-party account (e.g. Google), that provider processes your basic profile information to authenticate you
On request, we're happy to tell you the specific vendor behind any of these categories — email us at the address below.
We may also disclose data if required by law or to protect our legal rights. If we incorporate or transfer the Service to a company, your data would transfer to that entity under this same policy.
4. International Transfers
Some of our providers process data in the United States or other countries outside the EEA. Where that happens, transfers are safeguarded by the EU–US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses, as implemented by each provider.
5. Retention
- Account data and your content: kept while your account is active. You can delete individual conversations at any time, and you can delete your entire account from settings, which removes your account data and content from our systems (backups are purged on a rolling basis, typically within 30 days).
- Usage metering and logs: kept for up to 12 months.
- Aggregated analytics: contain no personal identifiers.
6. Your Rights
Under the GDPR you have the right to access, correct, delete, or receive a copy of your personal data, to restrict or object to our processing (including processing based on legitimate interests), and to withdraw consent where processing is based on consent. To exercise these rights, email legal@tryinvesti.com — we respond within one month. You can also delete your account yourself in settings.
You also have the right to lodge a complaint with a data protection supervisory authority, in particular the one in the EU country where you live or work.
7. Cookies and Local Storage
We use only strictly necessary cookies: session cookies that keep you signed in. We do not use marketing or third-party tracking cookies, which is why the Service does not show a cookie banner. We also use your browser's local storage to remember app preferences (theme, open tabs, cached notes) on your device.
8. Security
Data is encrypted in transit (TLS) and at rest by our providers. Sign-in uses magic links or Google OAuth — we never store passwords. No system is perfectly secure, but we take reasonable technical and organizational measures appropriate to the Service. If a data breach occurs that risks your rights, we will notify the competent supervisory authority and, where required, you, in line with GDPR Articles 33–34.
9. Children
The Service is not directed at anyone under 18, and we do not knowingly collect data from minors.
10. Changes to This Policy
We may update this policy as the product evolves (for example when we incorporate, add features, or change providers). We will post updates on this page with a new date, and notify you of material changes.
11. Contact
Privacy questions and requests: legal@tryinvesti.com.