Privacy Policy

1. Introduction

Primordia Co. ("Primordia," "we," "us," or "our") is a Delaware corporation committed to protecting the privacy of individuals who visit primordia.ai and use its AI-powered investment research platform. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access the Service.

By accessing or using the Service, you acknowledge that you have read and agreed to be bound by this Privacy Policy. If you do not agree, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address, password (hashed/encrypted), and optionally display name
• Organization Information: Organization name, description, and your role
• User-Generated Content and Project Data: Ticker selections, documents, financial model adjustments, notes, Copilot chat interactions, and generated analyses. Enterprise users' "Case Mesh" data included.
• Payment Information: Stripe customer identifier, subscription status, and billing period (not direct credit card storage)
• Communications: Name, email, and correspondence content if you contact us

2.2 Information Collected Automatically

• Session and Authentication Data: Firebase and Supabase manage sessions via cookies or local storage tokens
• Local Preferences: UI preferences stored in browser local storage (not transmitted to servers)
• Log Data: IP address, browser type, operating system, URLs, pages visited, timestamps, and interaction patterns
• Product Analytics Data: PostHog collects anonymized usage data including IP, browser type, device type, and general geographic location

2.3 Information from Third-Party Public Sources

The platform ingests publicly available financial data from SEC filings, earnings transcripts, news, press releases, analyst commentary, and market data providers like Intrinio. This is not personal information.

3. How We Use Your Information

• Providing and maintaining the Service
• AI processing through our system and third-party LLM providers
• Account management, authentication, and subscriptions
• Organization and collaboration facilitation
• Security, fraud detection, and legal compliance
• Service improvement through usage analysis

3.1 What We Do NOT Do

Primordia explicitly does NOT:

• Sell personal data to third parties
• Share individual analyses with other users (except within shared workspaces)
• Use analyses to generate recommendations for outside users
• Provide data to advertisers
• Access brokerage, bank, or trading accounts
• Make automated investment decisions on your behalf

4. How We Share Your Information

We do not sell personal information. We may share it only in these circumstances:

4.1 Third-Party Service Providers

Providers contractually obligated to protect your data:

• Authentication: Firebase and Supabase
• Cloud Infrastructure: Google Cloud Platform (GCP)
• Payment Processing: Stripe, Inc.
• Product Analytics: PostHog (via Cloudflare reverse proxy)
• AI Model Providers: OpenAI, Anthropic, Google, and Mistral
• Financial Data Providers: Intrinio and similar vendors

4.2 Other Sharing Scenarios

• Within Your Organization: Team members access shared projects per assigned roles
• Legal Requirements: Disclosure required by law, subpoena, or good faith legal necessity
• Business Transfers: Information may transfer during merger, acquisition, reorganization, or bankruptcy with notification

5. AI-Specific Privacy Considerations

• Third-Party AI Models: We strictly select providers and enterprise configurations designed to prevent your data from being used to train their foundational models.
• Primordia Model Training: We do not use personal information, research inputs, or documents to train our models. Anonymized telemetry may improve platform performance.
• No Automated Investment Decisions: The platform generates analysis but does not execute trades or manage portfolios. You retain full control.

6. Cookies and Tracking Technologies

• Authentication Cookies: Firebase and Supabase maintain login sessions
• Payment Cookies: Stripe facilitates secure transactions
• Product Analytics: PostHog respects "Do Not Track" settings and routes through reverse proxy (r.primordia.ai via Cloudflare)

Clearing local storage or blocking cookies may prevent proper login and Service use.

7. Data Retention

• Account Data, Analyses, Chat History: Retained during active account; deleted or anonymized within 30 days of deletion request
• Payment Records: Retained as required by tax and financial regulations (typically 7 years)
• Technical Logs: Retained for 90 days for debugging and security

8. Data Security

We implement commercially reasonable protections:

• Data encryption in transit (TLS/SSL) and at rest
• Secure GCP cloud infrastructure
• PCI-compliant payment processing
• Strict access controls and authentication

No system is impenetrable. We will notify users of breaches as required by law.

9. Your Rights and Choices

• Account Settings: Update display name and preferences anytime
• Data Deletion & Export: Request via connect@primordia.ai
• Email Communications: Opt out of marketing emails; cannot opt out of transactional messages

Nevada Residents: You may opt-out of personal information sales by contacting connect@primordia.ai with subject "Nevada Do Not Sell Request."

10. California Privacy Rights (CCPA/CPRA)

California residents have rights to:

• Know what personal information we collect
• Delete personal information
• Correct inaccurate information
• Opt out of sale or sharing (we do not sell or share for behavioral advertising)
• Non-discrimination for exercising rights

Contact connect@primordia.ai to exercise these rights. Identity verification required.

11. European Privacy Rights (GDPR / UK GDPR)

If located in the EEA, UK, or Switzerland, you have rights to access, correct, delete, restrict, and port your data, plus rights to object and withdraw consent. Lodge complaints with your local data protection authority.

Contact connect@primordia.ai to exercise rights. We respond within one month.

12. International Data Transfers

The Service operates in the United States. Information from outside the U.S. will be transferred and processed here. By using the Service, you consent. For EEA, UK, and Swiss data, we rely on Standard Contractual Clauses approved by the European Commission.

13. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children under 18 and will delete it promptly if discovered.

14. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for their privacy practices. Review third-party privacy policies before accessing their services.

15. Changes to This Privacy Policy

We may update this policy. Material changes will be posted here with a revised "Last Updated" date. We may notify by email or through the Service. Continued use constitutes acceptance of updates.

16. Contact Us

Primordia Co.
Email: connect@primordia.ai
Website: https://primordia.ai/

Registered Agent: Corporation Service Company
Registered Office: Wilmington, New Castle County, Delaware

This Privacy Policy is provided for informational purposes and does not constitute legal advice.