Privacy Policy

Tim Schuldt, Schulstraße 24, 63179 Obertshausen, Germany

Email: contact@inqvesta.de

Website: https://inqvesta.de (Inqvesta)

We process personal data when you use Inqvesta, create an account, or contact us. This policy explains what data we collect, why we process it, and what rights you have under the GDPR.

Inqvesta is a professional SaaS platform for equity research, financial modeling, and AI-assisted analysis. Processing is limited to what is necessary to provide and secure the service.

Account data: email address, name (optional), organisation name, password hash, preferred language, role and permissions within your organisation.

Usage data: log data (IP address, browser type, timestamps), feature usage required for billing and security, AI credit consumption.

Content you upload: research documents, models, reports, and other files you store in your workspace — processed solely to provide the service.

OAuth data: if you sign in with Google, we receive your Google account ID, email address, and display name from Google.

Communication: emails we send (verification, password reset, invitations) and support correspondence.

Contract performance (Art. 6(1)(b)): account creation, authentication, providing workspace features, billing-related credit tracking.

Legitimate interests (Art. 6(1)(f)): security, fraud prevention, service improvement, and technical operation — balanced against your rights.

Consent (Art. 6(1)(a)): where explicitly requested (e.g. accepting terms at signup). You may withdraw consent at any time without affecting lawfulness of prior processing.

Legal obligation (Art. 6(1)(c)): where applicable under tax or commercial law.

Hosting and infrastructure: Vercel Inc. (application hosting, edge delivery).

Database: PostgreSQL hosting provider as configured for your deployment (e.g. Supabase or equivalent managed Postgres).

Email delivery: transactional email provider used for verification and notifications.

AI services: OpenRouter and underlying model providers — prompts and document excerpts you submit for AI analysis may be transmitted to these providers. Do not submit confidential third-party data without appropriate rights.

Google OAuth: Google LLC, if you choose Google sign-in.

We use data processing agreements with subprocessors where required. Processors act only on our instructions.

auth-token: HTTP-only session cookie (7 days) — strictly necessary for authentication.

NEXT_LOCALE: stores your language preference — functional cookie.

OAuth flow cookies: short-lived cookies during Google sign-in — strictly necessary for authentication.

We do not use third-party analytics or advertising cookies. No cookie consent banner is required for these essential cookies under current ePrivacy rules.

Account data is retained for the duration of your account and deleted or anonymised within a reasonable period after account deletion, unless longer retention is required by law.

Server logs are retained for a limited period for security purposes.

Legal acceptance records (terms version and timestamp) are retained as proof of consent.

You have the right to access, rectification, erasure, restriction of processing, data portability, and objection (Art. 15–21 GDPR).

You may lodge a complaint with a supervisory authority, in Germany typically the authority of your place of residence or work.

Contact contact@inqvesta.de to exercise your rights. We respond within one month.

We may update this policy when our processing or legal requirements change. Material changes will be communicated via the service or email where appropriate.

The current version is always available at /legal/privacy.