PRIVACY & CUSTODY
Private by deployment, explicit by design.
Email registration, account recovery and report-ready notifications are enabled. Selected, reviewed report metadata and summaries may be published, while PDFs, research requests and account data remain behind authenticated access.
Data stored
The service stores account details, protected credentials and short-lived password-reset records, sessions, selected securities, research requests, private PDFs, report preferences, notifications, feedback and security audit events.
Credential boundaries
Passwords are protected with a memory-hard password hash. Session tokens are stored as keyed hashes, and sensitive values are never written to public pages or report metadata.
Infrastructure
Traffic passes through Cloudflare and a private server deployment. PostgreSQL, Redis and report storage are not intentionally exposed as public services. Transactional email is delivered through the configured official sender for verification, recovery and report notifications.
Retention and deletion
Research history is retained until it is archived or removed through an explicit maintenance process. Operational backups should be encrypted, stored off-host and tested for restoration.
Public summaries, protected reports
Reviewed company, market, ticker, edition date, report outline and summary information may appear on public indexable pages. PDF contents, account details and request history require an authenticated session; private routes remain noindex and outside the public sitemap.