Privacy Policy

Account information. When you create an account we collect your email address and, where you provide it, your name. This information is used to authenticate you and communicate with you about your account.

Usage data. We collect information about how you interact with the platform — pages visited, features used, call sessions created, questions submitted, and timestamps of those actions. This helps us understand how the product is being used and where it can be improved.

Call data. When you create a call session and submit questions, those questions and the AI-generated answers extracted from earnings call transcripts are stored and associated with your account. Transcript content processed through the platform may be retained to power answer retrieval and search features within your session.

Payment information. If you subscribe to a paid plan, billing is handled entirely by Stripe. We do not store or process card numbers or other payment details directly. We retain records of subscription status and plan tier associated with your account.

We use the information we collect to operate and improve the platform — delivering real-time question answers, surfacing hidden management signals, and providing transcript search. Your account information is used solely to authenticate sessions and send transactional emails such as password resets or subscription receipts.

Usage data is analyzed in aggregate to understand product performance and guide development priorities. We do not sell your personal information to third parties. We do not use your questions or call data to train AI models beyond the scope of processing your own requests.

We may use your email address to send product updates or announcements that are material to your use of the service. You can opt out of non-transactional communications at any time.

Your data is stored in Supabase, a managed PostgreSQL platform hosted on AWS infrastructure. Authentication credentials are handled by Supabase Auth and are never stored in plain text. Data in transit is encrypted via TLS. Data at rest is encrypted at the storage layer.

Session state and processing queues use Upstash Redis, a managed Redis service. Ephemeral processing data is not persisted beyond the lifetime of an active session.

We apply reasonable technical and organizational measures to protect your data against unauthorized access, loss, or disclosure. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If you become aware of a potential security issue, please contact us at hello@gemsiq.live.

Operating GemsIQ requires sharing certain data with trusted third-party service providers. We limit what is shared to what is necessary for each provider to perform its function.

Supabase provides authentication, database storage, and vector search. Your account credentials and call data are stored within Supabase. Supabase's privacy policy is available at supabase.com/privacy.

OpenAI processes transcript content and questions to generate AI-powered answers. Transcript chunks and question text are sent to OpenAI's API for this purpose. OpenAI's data usage policies are available at openai.com/policies/privacy-policy.

Anthropic may process transcript content and questions via the Claude API when the corresponding AI engine version is active. Anthropic's privacy policy is available at anthropic.com/privacy.

Stripe handles all payment processing and subscription management. When you enter payment details, they go directly to Stripe and are subject to Stripe's privacy policy at stripe.com/privacy.

Vercel hosts the frontend application and may collect standard server access logs including IP addresses. Render.com hosts the backend API. Both providers operate under their own privacy and data retention policies.

You have the right to access the personal information we hold about you, to request correction of inaccurate data, and to request deletion of your account and associated data. To exercise any of these rights, contact us at hello@gemsiq.live with the subject line “Data Request”.

Access. You can view your account information and call history at any time through your profile settings.

Deletion. You may request deletion of your account and all associated data. We will process deletion requests within 30 days. Note that certain minimal records may be retained where required for legal or billing compliance obligations.

Export. You may request an export of your account data, including questions submitted and answers generated, by contacting us at hello@gemsiq.live.

If you are located in the European Economic Area or the United Kingdom, you may also have rights under the GDPR or UK GDPR, including the right to lodge a complaint with your local data protection authority.

GemsIQ uses cookies and similar browser storage mechanisms strictly for authentication and session management. Supabase Auth stores a session token in local storage to keep you signed in across page loads. We do not use third-party advertising cookies or cross-site tracking.

You can clear cookies and local storage through your browser settings at any time. Doing so will sign you out of the platform.

We may update this policy from time to time as the product evolves or legal requirements change. When we make material changes, we will update the effective date at the top of this page. For significant changes we will notify users via email or an in-app notice.

Continued use of the platform after any changes to this policy constitutes your acceptance of the updated terms.

Questions or concerns about this policy or how we handle your data should be directed to us at hello@gemsiq.live. We aim to respond to all privacy-related inquiries within five business days.