Privacy Policy

LoveStock
Effective Date: April 5, 2026
Last Updated: May 12, 2026

Purple Technology s.r.o. ("Purple Technology," "we," "us," or "our") operates the LoveStock mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the App.

1. Information We Collect

1.1 Information You Provide

• Account Information. When you sign in using Apple Sign In, we receive your Apple ID email address (which may be a private relay address if you choose to hide your email) and a unique identifier.
• Investment Preferences. When you complete the preferences quiz, we collect your selected price range, preferred sectors, excluded sectors, company age preferences, geographic preferences, and company size preferences.
• Broker Connection Data. If you connect a broker account, we collect your broker name, the email address associated with your broker, your first and last name as provided by the broker, and a broker client identifier.
• Chat Messages. When you interact with AI-powered company chat, we store the content of your messages and the AI-generated responses.
• Trading Waitlist. If you join the trading waitlist, we record that you have opted in.

1.2 Information Collected Automatically

• Usage Data. We collect information about your interactions with the App, including stocks you match with ("like"), stocks you pass on ("dislike"), timestamps of these interactions, and screen views/navigation patterns.
• Device Information. We collect device type, operating system version, and unique device identifiers for push notification delivery.
• Push Notification Tokens. If you grant permission, we collect your device's push notification token and the platform (iOS or Android) to send you stock news alerts.
• Performance Data. We collect anonymized app performance metrics, session data, screen transition timing, and error/crash reports through our monitoring service (Datadog). The way this collection is gated differs between platforms — see Section 1.3.

1.3 Analytics Consent and App Tracking Transparency

On both iOS and Android, the App uses Datadog Real User Monitoring (RUM) to collect anonymized application performance metrics, session data, screen transition timing, and error/crash reports. The way this collection is gated differs by platform:

• iOS. The App presents the system App Tracking Transparency (ATT) prompt asking for permission to "track" you. We use your response solely as a consent signal for Datadog RUM: if you allow, anonymized performance data is collected; if you deny, that collection is disabled. You can change your decision at any time in iOS Settings → Privacy & Security → Tracking.
• Android. Android does not provide an equivalent system-level prompt, so Datadog RUM collection begins automatically when the App starts. The same anonymized performance data described above is collected. You can stop the App from collecting this data at any time by uninstalling the App or by revoking analytics-related permissions in Android Settings → Apps → LoveStock.

On either platform, we do not use the ATT permission, the Identifier for Advertisers (IDFA on iOS), the Android Advertising ID (AAID), or any device identifier to:

• Serve targeted advertising inside or outside the App
• Measure ad effectiveness or attribution
• Link your activity in the App with your activity in other companies' apps or websites
• Share data with data brokers or advertising networks

The App requests the iOS ATT permission only because Apple requires the prompt to be shown whenever the operating system could be used for cross-app tracking, even when — as in our case — the underlying analytics SDK is used purely for first-party performance monitoring.

1.4 Information We Do Not Collect

• Precise geolocation (GPS) data
• Contacts or address book data
• Microphone or audio recordings
• Calendar data
• Biometric data (beyond what Apple Sign In uses natively)
• Browsing history outside the App
• Payment card or banking details (trading is handled by the broker platform)

2. How We Use Your Information

We process your personal data on the following legal bases under Article 6 of the General Data Protection Regulation (GDPR):

• Performance of a contract (Art. 6(1)(b)): Processing necessary to provide the App and its core features, including account management, displaying company profiles, managing your matches and passes, enabling broker integration, and facilitating stock trading.
• Consent (Art. 6(1)(a)): Sending push notifications. You may withdraw your consent at any time as described in Section 7.
• Legitimate interests (Art. 6(1)(f)): Monitoring and improving the App, analyzing usage patterns, identifying bugs, and preventing fraud and misuse. Our legitimate interest is to ensure the security, stability, and improvement of our services.
• Compliance with a legal obligation (Art. 6(1)(c)): Disclosing information where required by applicable law or legal process.

We use the information we collect to:

• Provide and maintain the App, including displaying company profiles, managing your matches and passes, and delivering personalized stock discovery and company suggestions based on your stated preferences.
• Enable broker integration, including connecting your account to a supported broker, verifying your broker identity, and facilitating stock trading.
• Power AI features, including generating company profiles, enabling AI chat conversations about companies, and delivering relevant stock news.
• Send push notifications about news related to your matched stocks.
• Monitor and improve the App, including analyzing usage patterns, identifying bugs and performance issues, and improving user experience.
• Communicate with you about service updates, changes to our policies, or matters related to your account.
• Trading Waitlist. If you join the trading waitlist, we record your opt-in on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time by contacting us at lovestock@purple-technology.com.

3. How We Share Your Information

We do not sell your personal information. We share information with the following categories of third parties only as necessary to provide and improve the App:

3.1 Service Providers

3.2 Financial Data Providers

3.3 AI and Content Providers

3.4 Legal and Safety

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation or valid legal process
• Protect and defend the rights or property of Purple Technology
• Prevent or investigate possible wrongdoing in connection with the App
• Protect the personal safety of users of the App or the public

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is stored on Amazon Web Services (AWS) servers located in the European Union (Frankfurt, eu-central-1 region). Datadog monitoring data is also processed in the EU (EU1 site).

Some third-party providers (Anthropic, Firecrawl, FMP) may process data outside the EU. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

4.2 Data on Your Device

The App stores the following data locally on your device:

• Authentication state and user ID
• Cached company data and matched/passed stocks
• Chat message history
• Investment preferences and quiz completion status
• Theme preferences (light/dark mode)

This local data is cleared when you sign out of the App.

4.3 Security Measures

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encrypted authentication via AWS Cognito with industry-standard protocols
• HMAC-signed API requests for broker communications
• Secrets stored in AWS Secrets Manager and SSM Parameter Store
• IAM role-based access control for all backend services
• HTTPS/TLS encryption for all data in transit

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

5. Data Retention

• Account data (email address, user ID, investment preferences): retained for the duration of your account, and deleted or anonymized within 30 days of account deletion.
• Matches, passes, and chat history: retained for the duration of your account, and deleted within 30 days of account deletion.
• Performance and analytics data (Datadog): retained for 15 months in accordance with Datadog's standard retention policy, after which it is automatically deleted or anonymized.
• Broker connection data: retained for the duration of your broker connection. Upon disconnection, broker data is deleted within 30 days, unless retention is required by applicable law.
• Push notification tokens: retained until you revoke notification permissions or delete your account.
• Trading Waitlist data: retained until you withdraw your consent or the waitlist feature is discontinued.

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain certain information.

6. Your Rights

6.1 Under GDPR (European Economic Area)

• Access — Request a copy of the personal data we hold about you.
• Rectification — Request correction of inaccurate or incomplete personal data.
• Erasure — Request deletion of your personal data ("right to be forgotten").
• Restriction — Request restriction of processing of your personal data.
• Data Portability — Request a copy of your data in a structured, machine-readable format.
• Objection — Object to processing of your personal data based on legitimate interests.
• Withdraw Consent — Where processing is based on consent, you may withdraw it at any time.
• Right to lodge a complaint — You have the right to lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, ÚOOÚ) at www.uoou.cz if you believe your data protection rights have been violated.

6.2 Under CCPA (California)

The following rights apply only to residents of California, USA:

• Right to Know — Request what personal information we collect, use, and disclose.
• Right to Delete — Request deletion of personal information we collected from you.
• Right to Opt-Out — We do not sell personal information.
• Non-Discrimination — We will not discriminate against you for exercising your rights.

To exercise any of these rights, please contact us at the address listed in Section 11.

7. Push Notifications

We may send you push notifications about news related to stocks you have matched with. You can opt out of push notifications at any time by:

• Adjusting your notification settings in the App
• Disabling notifications for LoveStock in your device's system settings

8. Guest Access

You may use certain features of the App without creating an account ("Guest Mode"). In Guest Mode, we assign an anonymous local identifier stored only on your device. Guest usage data is associated with temporary, unauthenticated credentials and is not linked to any personal identity.

9. Children's Privacy

The App is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we can take necessary actions.

10. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time. For material changes — including changes to the categories of data we collect, the purposes for which we use it, or the legal bases for processing — we will notify you in advance through the App and, where required by law, request your renewed consent before the changes take effect. For non-material changes (such as corrections or clarifications), we will update the "Last Updated" date and post the revised policy in the App.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Purple Technology s.r.o.
Email: lovestock@purple-technology.com
Address: Masarykova 410/28, Brno-město, 602 00 Brno, Czech Republic

For GDPR-related inquiries, you may also contact our Data Protection Officer at: advokat@akmikulastik.cz

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

12. Apple App Store Additional Disclosures

In accordance with Apple's App Store requirements, the following data types are collected:

Data Used to Track You: None. We do not track you across apps or websites owned by other companies, we do not use the Identifier for Advertisers (IDFA) for advertising purposes, and we do not share user data with data brokers.

The App does present the iOS App Tracking Transparency (ATT) permission prompt (the NSUserTrackingUsageDescription string is included in the App's Info.plist). As described in Section 1.3, that prompt is used solely as a consent signal for our first-party application performance monitoring (Datadog RUM) and not for any of the activities Apple defines as "tracking."

Data Linked to You:

• Email address (via Apple Sign In)
• User ID (Cognito identifier)
• Investment preferences
• Stock matches and passes
• Chat messages

Data Not Linked to You:

• Crash data and performance metrics
• App usage analytics (anonymized)

13. Google Play Data Safety Disclosures

In accordance with Google Play's Data Safety requirements, we disclose the following:

Data Shared with Third Parties: We share data only with the service providers listed in Section 3 (AWS, Apple, Datadog, Expo/EAS, Financial Modeling Prep, Trading Platform, Broker Platform, Anthropic, Firecrawl), each acting on our behalf as a processor for the purposes described. We do not sell user data and we do not share user data with advertising networks or data brokers.

Data Collected:

• Personal info — Email address (via Apple Sign In), User ID (Cognito identifier). Collected, linked to the user, required to use the App; purpose: account management.
• App activity — Stock matches and passes, investment preferences, chat messages, in-app screen views and interactions. Collected, linked to the user; purpose: providing the core features of the App and personalized stock discovery.
• App info and performance — Crash logs, diagnostics, and other performance data (Datadog RUM). Collected, not linked to the user where technically possible; purpose: app functionality and analytics.
• Device or other IDs — Push notification token and platform (iOS/Android). Collected, linked to the user, optional (granted only if you opt in to push notifications); purpose: sending stock news alerts.

Data Encryption: All data in transit is encrypted using HTTPS/TLS.

Data Deletion: You can request deletion of your account and associated data at any time by contacting us at lovestock@purple-technology.com, as described in Section 6.

On the Android-specific equivalent of "tracking": The App does not use the Android Advertising ID (AAID), Google Play Advertising ID, or any other device identifier for advertising, attribution, cross-app linking, or sharing with data brokers. The Datadog Real User Monitoring SDK runs on Android without a system-level consent prompt (Android does not provide an ATT-equivalent), and is used solely for first-party application performance monitoring as described in Section 1.3.