PearlixaPearlixa
Legal

Privacy Policy

This policy explains how Pearlixa collects, uses, and protects information when you interact with our products and services.

Last Updated: 28 January 2026

At a Glance

What We Promise

  • • To use your information responsibly and transparently
  • • To secure data with high security measures and ongoing reviews
  • • To honour privacy rights granted under applicable law

What We Will Not Do

  • • We do not sell personal data
  • • We do not promise investment performance or returns
  • • We do not share user-level trading activity with third parties for advertising

Information We Collect

Account & Contact Data

  • Name, email address, authentication credentials, and organisation details you provide when creating an account
  • Billing information processed through third-party payment providers (we do not store your full payment card details)
  • Support requests, survey responses, or other communications you send to us

Usage & Device Data

  • API usage logs including endpoints accessed, timestamps, and metadata required for security and billing
  • Log files, IP address, browser type, operating system, and device identifiers gathered for diagnostics and fraud prevention
  • Cookie identifiers or similar technologies used to maintain sessions and remember preferences

Optional Integrations

  • Data you choose to import via integrations with exchanges, brokers, or other partners is processed solely to deliver the requested feature
  • We require proof that you have the right to share any third-party data with us

How We Use Information

Provide & Maintain the Service

  • Authenticate users, deliver dashboards, and process API calls
  • Operate customer support channels and respond to enquiries
  • Manage subscriptions, invoicing, and account notifications

Improve & Secure the Platform

  • Monitor performance, identify bugs, and improve model quality
  • Detect, investigate, and prevent security incidents or abuse
  • Analyse aggregate usage trends to guide product decisions

Comply With Legal Obligations

  • Maintain records required by tax, accounting, and regulatory frameworks
  • Respond to lawful requests from authorities when permitted or required by law

How We Share Information

Service Providers

  • Trusted vendors assisting with hosting, communications, payment processing, analytics, and security operate under written contracts
  • These providers may access personal data only to perform contracted services for us and must safeguard it appropriately

Legal & Safety

  • We may disclose information if required to comply with law, court orders, or to protect the rights, property, or safety of our users or the public
  • We will notify you of such disclosures when legally permissible

Business Transfers

  • If we engage in a merger, acquisition, or asset sale, we will ensure continued protection of personal data and provide notice before personal data is transferred or becomes subject to a different policy

No Sale of Personal Data

  • We do not sell or rent personal information to third parties for marketing or any other commercial purpose

Security & Retention

High Security Operations

  • Use of encryption in transit and at rest, segmented infrastructure, and principle-of-least-privilege access controls
  • Documented security policies, employee training, and change-management procedures
  • Regular internal reviews and independent security assessments as appropriate

Retention & Deletion

  • Account data is retained while an account remains active and for a limited period thereafter to comply with legal obligations
  • API logs may be retained for up to 24 months for billing, fraud prevention, and troubleshooting
  • You may request deletion of personal data; we will honour such requests unless retention is required for legitimate business or legal purposes

International Transfers

Cross-Border Processing

  • We operate from multiple jurisdictions. Your data may be processed outside of your home country by us or our service providers
  • Where required, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by relevant authorities
  • EU/EEA data may be processed in the United States using AWS infrastructure (us-east-1, us-west-2 regions) under Standard Contractual Clauses
  • We conduct Transfer Impact Assessments for high-risk data transfers as required by GDPR guidance post-Schrems II

Subprocessors & Third Parties

Infrastructure & Hosting

  • Amazon Web Services (AWS) - Cloud infrastructure and data storage (US regions)
  • Vercel - Frontend hosting and CDN (global edge network)
  • PostgreSQL/Database hosting - Data persistence

Payment Processing

  • Stripe - Payment processing and subscription management (we do not store full card details)
  • Stripe processes payments under their own privacy policy at stripe.com/privacy

Analytics & Monitoring (with consent only)

  • We use minimal analytics to understand service usage patterns
  • Analytics cookies are only activated with your explicit consent via our cookie banner
  • We do not use Google Analytics or other advertising-linked analytics platforms

Communications

  • Email service providers for transactional and support communications
  • All subprocessors are bound by data processing agreements requiring equivalent security measures

Data Breach Response

Incident Detection & Response

  • We maintain 24/7 monitoring for security incidents and unauthorized access attempts
  • Our incident response team is trained to assess, contain, and remediate security events promptly

Notification Timeline

  • In the event of a personal data breach that poses risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach (as required by GDPR)
  • We will notify relevant supervisory authorities within the same 72-hour timeframe where legally required
  • Notifications will include: nature of the breach, categories of data affected, approximate number of users affected, likely consequences, and measures taken to address the breach
  • For US users, we comply with state-specific breach notification laws which may require notification within 30-60 days depending on jurisdiction

Data Retention Schedule

Specific Retention Periods

  • Account profile data: Retained while account is active, plus 30 days after account deletion to allow for reactivation
  • API usage logs: 24 months for billing reconciliation, security analysis, and fraud prevention
  • Payment records: 7 years as required by tax and accounting regulations
  • Support communications: 3 years from resolution for quality assurance and legal compliance
  • Marketing preferences: Until you opt out or delete your account
  • Security logs: 12 months for threat analysis and incident investigation

Data Destruction

  • When data reaches the end of its retention period, it is securely deleted or anonymized within 90 days
  • Backup data is purged according to our backup rotation schedule (maximum 30 days for most data)
  • You may request earlier deletion; we will comply unless legal obligations require retention

California Privacy Rights (CCPA/CPRA)

Your Rights Under California Law

  • RIGHT TO KNOW: You can request disclosure of what personal information we collect, use, disclose, and sell about you
  • RIGHT TO DELETE: You can request deletion of your personal information, subject to certain exceptions
  • RIGHT TO OPT-OUT: You can opt out of the "sale" or "sharing" of your personal information. Note: We do NOT sell or share personal information for cross-context behavioral advertising
  • RIGHT TO CORRECT: You can request correction of inaccurate personal information
  • RIGHT TO NON-DISCRIMINATION: We will not discriminate against you for exercising your privacy rights

Categories of Information Collected

  • Identifiers (name, email, account ID, IP address)
  • Commercial information (subscription history, API usage)
  • Internet activity (browsing history on our site, interactions with our services)
  • Geolocation data (approximate location from IP address)
  • We do NOT collect: biometric data, precise geolocation, protected classifications, or sensitive personal information as defined by CPRA

How to Exercise Your Rights

  • Submit requests via email to privacy@pearlixa.com with subject line "CCPA Request"
  • We will verify your identity before processing requests
  • Authorized agents may submit requests with proper documentation
  • We respond to verified requests within 45 days (may be extended by additional 45 days for complex requests)

Biometric & Sensitive Data

What We Do NOT Collect

  • We do NOT collect biometric identifiers (fingerprints, facial geometry, voiceprints, iris scans)
  • We do NOT collect health or medical information
  • We do NOT collect precise geolocation data (only approximate location from IP address)
  • We do NOT collect social security numbers, driver's license numbers, or government IDs (except as required for identity verification in specific cases)
  • We do NOT collect information about racial or ethnic origin, political opinions, religious beliefs, or sexual orientation

Your Choices & Rights

Access & Control

  • Update account information directly within the dashboard
  • Request copies of personal data, correction of inaccuracies, or deletion where legally permissible
  • Opt out of marketing communications at any time via unsubscribe links or account settings

Data Protection Requests

  • Contact privacy@pearlixa.com to exercise privacy rights or raise concerns
  • We respond to verified requests within the timeframes required by applicable law

No Investment Guarantees & Regulatory Disclaimer

Information Service Only - NOT Financial Advice

  • Pearlixa is a technology and information service provider ONLY. We are NOT a registered investment adviser, broker-dealer, or financial institution
  • We are NOT registered with the SEC, FCA, or any other financial regulatory authority. We do not hold any financial services licenses
  • Nothing on this website constitutes a recommendation, solicitation, or offer to buy, sell, or hold any cryptocurrency or financial instrument
  • Predictions, metrics, or performance illustrations are informational tools only and do NOT guarantee, predict, or indicate future results
  • You are solely responsible for all investment decisions. Always consult qualified, licensed financial professionals before investing

Risk Acknowledgment

  • Cryptocurrency markets are highly volatile and unpredictable. You may lose all or a substantial portion of your investment
  • Any accuracy percentages or performance metrics shown represent historical data only. Past performance does NOT guarantee future results
  • Our AI models may produce inaccurate predictions. All predictions should be treated as estimates that may be completely wrong

Limitation of Liability

  • Pearlixa is not liable for any losses, damages, or costs arising from reliance on our services, predictions, or content
  • We provide no warranties of any kind, express or implied, regarding accuracy, completeness, or fitness for any purpose
  • Service availability may be affected by maintenance, outages, or external providers and is governed by our Terms of Service

Questions or Requests?

Contact our privacy team and we will respond as soon as possible.

Email: privacy@pearlixa.com

Data Protection Officer: privacy@pearlixa.com