Privacy Policy

VEXA AI ("VEXA," "we," "us," or "our") operates the VEXA AI trading psychology coaching platform, accessible via our website at vexatrade.ai, our iOS application, our Android and Wear OS applications, and related services (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Account Information

• Name and display name
• Email address
• Profile photograph (if provided)
• Authentication credentials (managed via Firebase Authentication)
• Account preferences and settings
• Timezone and locale information

1.2 Health and Biometric Data

With your explicit consent, we collect health and biometric data from wearable devices, including:

• Heart rate and heart rate variability (HRV)
• Resting heart rate and heart rate deviations
• Stress level indicators
• Sleep data (duration, quality, stages)
• Activity and movement data
• Blood oxygen levels (SpO2), when available
• Biometric baseline calculations

This data is collected via Apple HealthKit (iOS/Apple Watch) and Health Connect (Android/Wear OS) integrations. Collection requires your explicit permission through the respective device operating system.

1.3 Trading Data

We collect trading activity data, including:

• Trade entries and exits (symbol, price, quantity, time)
• Profit and loss (P&L) information
• Trading patterns and behavioral metrics
• Broker account identifiers (not login credentials)
• Trading journal entries and notes
• Screenshots of trading screens (processed via OCR for trade extraction, where applicable to VEXA Sentinel)

Trading data may be collected through direct broker API integrations (via OAuth or API tokens), CSV file uploads, or on-screen trade detection using optical character recognition (OCR) when using the VEXA Sentinel feature.

1.4 Device and Usage Information

We automatically collect certain information when you use the Service:

• Device type, operating system, and version
• App version and build number
• Firebase Cloud Messaging (FCM) tokens for push notifications
• IP address and approximate location (country/region level)
• Usage patterns, feature interactions, and session duration
• Crash reports and diagnostic data

1.5 Community and Social Data

If you participate in community features, we collect community membership and role information, leaderboard rankings and performance scores, community chat messages and interactions, and publicly shared trading insights or summaries.

2. How We Use Your Information

We use the information we collect for the following purposes:

• AI-Powered Coaching: To analyze the correlation between your biometric state and trading performance and provide personalized coaching insights via the CDI Scoring System™ (Confidence, Discipline, Intuition — Patent Pending).
• Pattern Recognition: To identify trading behavioral patterns such as revenge trading, overtrading, loss chasing, and tilt states.
• Real-Time Interventions (VEXA Sentinel): To deliver voice and text-based interventions when potentially harmful trading patterns are detected, combining biometric data with trading activity analysis.
• Performance Analytics: To generate trading performance reports, AI scores, weekly overviews, and historical trend analysis.
• Biometric Baselines: To establish and maintain your personal biometric baselines for accurate stress and readiness assessments.
• Service Improvement: To improve, maintain, and optimize the Service, including AI model accuracy and feature development.
• Communications: To send push notifications, reminders, and service-related announcements.
• Community Features: To power leaderboards, community interactions, and shared performance metrics.
• Security and Fraud Prevention: To protect the integrity of the Service and prevent unauthorized access or misuse.

3. Health and Biometric Data

We treat health and biometric data with the highest level of care and protection.

3.1 Collection and Consent

Health data is only collected with your explicit, informed consent. You must grant permission through your device's health data platform (Apple HealthKit or Health Connect) before any biometric data is accessed. You may revoke this permission at any time through your device settings.

3.2 Purpose Limitation

Your health data is used exclusively for providing trading psychology coaching insights. We do not use health data for advertising, marketing to third parties, or any purpose unrelated to the core coaching functionality of the Service.

3.3 Storage and Processing

Health data is securely stored in Firebase Firestore with strict access controls. Biometric baselines are calculated on our servers to provide accurate deviation measurements. Real-time biometric data may be processed by VEXA Sentinel to trigger timely trading interventions.

3.4 No Sale of Health Data

We will never sell, rent, or lease your health or biometric data to any third party. This is an absolute commitment.

4. Trading Data

4.1 Broker Integrations

VEXA integrates with third-party brokerage platforms via OAuth authentication or API tokens to import your trading data. We only request read-only access to your trading history. We never store your broker login credentials, and we never execute trades on your behalf. OAuth tokens are securely stored and can be revoked at any time through your broker's settings or through the VEXA app.

4.2 Screen OCR (VEXA Sentinel)

The VEXA Sentinel feature may capture and process screenshots of your trading screen to extract trade information using optical character recognition (OCR). Screenshots are processed server-side, and trade data is extracted and stored. The raw screenshot images are retained only as long as necessary for processing and are then deleted.

4.3 Financial Data Sensitivity

We understand the sensitive nature of financial trading data. Your P&L, trade history, and portfolio information are treated as confidential. Aggregated and anonymized trading patterns may be used to improve our AI models, but your individual trading data is never shared publicly without your explicit consent (such as opting into leaderboard features).

5. AI and Voice Processing

5.1 AI Analysis

VEXA uses Google Gemini AI models to analyze your trading patterns, biometric data, and behavioral signals. Your data is sent to Google's AI services for processing. Google's use of this data is governed by their own privacy policies and data processing agreements. We use API-based access, which means your data is not used by Google to train their general AI models.

5.2 Voice Interactions

The voice coaching feature uses Google Gemini Live for real-time voice AI coaching. Voice audio is streamed to Google's servers for processing and is not permanently stored by VEXA. Voice interaction transcripts may be retained to improve coaching accuracy and for your review.

5.3 CDI Score Calculation

VEXA calculates the CDI Score™ (Confidence, Discipline, Intuition — Patent Pending) based on your biometric data, trading patterns, and behavioral metrics. This score and its historical data are stored in your account to track your progress over time.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

6.1 Service Providers

• Google Firebase: Authentication, database (Firestore), cloud storage, cloud functions, hosting, and push notifications (FCM).
• Google Cloud Platform: AI/ML processing (Gemini), Cloud Run, and infrastructure.
• Broker Partners: OAuth-based data exchange for trade import (read-only).

6.2 Community Features

If you opt into community features such as leaderboards, certain performance metrics may be visible to other community members. You control your participation in these features.

6.3 Legal Requirements

We may disclose your information if required to do so by law, in response to valid legal process (such as a subpoena or court order), or to protect the rights, property, or safety of VEXA AI, our users, or the public.

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.

7. Data Security

We implement industry-standard security measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Firebase Security Rules to enforce per-user data access controls
• OAuth 2.0 for secure broker integrations (no password storage)
• Regular security audits and vulnerability assessments
• Secure server-side processing of sensitive data
• Access controls and authentication for all administrative operations
• Automatic session management and token expiration

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

• Account Data: Retained for the duration of your account and deleted upon account deletion request.
• Health/Biometric Data: Retained while your account is active. Historical health data may be retained for trend analysis. Deleted upon account deletion.
• Trading Data: Retained while your account is active to provide historical analysis. Deleted upon account deletion.
• OCR Screenshots (Sentinel): Processed and deleted promptly after trade data extraction. Not retained long-term.
• Voice Data: Real-time voice streams are not permanently stored by VEXA. Transcripts may be retained for coaching review.
• Usage Analytics: Retained in aggregated/anonymized form for service improvement.

9. Your Rights and Choices

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information and account.
• Portability: Request a portable copy of your data in a structured, commonly used format.
• Withdraw Consent: Revoke consent for health data collection at any time through your device settings or by contacting us.
• Opt Out of Communications: Manage push notification preferences within the app or your device settings.
• Broker Disconnection: Disconnect broker integrations and revoke data access at any time through the app settings.
• Community Opt-Out: Leave communities and remove your data from leaderboards at any time.

To exercise any of these rights, please contact us at support@vexatrade.ai. We will respond to your request within 30 days.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).

10.1 Legal Bases for Processing

• Consent: For health/biometric data collection and processing.
• Contract Performance: To provide the Service as described in our Terms of Service.
• Legitimate Interest: For service improvement, security, and fraud prevention.
• Legal Obligation: When required by applicable law.

10.2 Additional GDPR Rights

In addition to the rights listed in Section 9, GDPR provides you with the right to object to processing based on legitimate interest, restrict processing of your personal data, lodge a complaint with your local data protection authority, and not be subject to automated decision-making with legal effects.

11. CCPA Compliance (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights:

• Right to Know: Request disclosure of categories and specific pieces of personal information collected.
• Right to Delete: Request deletion of your personal information.
• Right to Opt-Out of Sale: We do not sell your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: Limit the use and disclosure of sensitive personal information (including health data).

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. Trading activities inherently require users to be of legal age in their jurisdiction. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

13. Third-Party Services

• Google Firebase / Google Cloud Platform: Infrastructure, authentication, database, hosting, and AI services.
• Apple HealthKit: Health data on iOS devices.
• Google Health Connect: Health data on Android and Wear OS devices.
• Brokerage Partners: Various broker platforms for trade data import.

14. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (including Google Cloud) maintain servers. When we transfer data internationally, we implement appropriate safeguards, including standard contractual clauses approved by relevant data protection authorities.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Effective Date" at the top of this page and, where appropriate, providing additional notice through the app. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

© 2026 VEXA AI. All rights reserved. CDI Scoring System™, VEXA Sentinel™, Voice AI Coaching™, Wearable Biometric-Trading Correlation, Screen-Share Trade Extraction, RAG-Powered Trading Intelligence, and Community Psychology Ranking — Patent Pending (US Provisional App #64/030,397).