Privacy Policy

Effective Date: March 30, 2026 | Version 2.0

This Privacy Policy explains how Lowhill Digital L.L.C-FZ ("Company", "we", "us", or "our") collects, uses, shares, and protects information when you use the Chart AI: AI Signals & Scans mobile applications and web application (together, the "App" or "Service").

By downloading, installing, accessing, or using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

0. Definitions and Scope

This Privacy Policy applies to information processed by the Company in connection with the App, including when you: (a) install or use our mobile applications, (b) use our web application, or (c) contact support.

It does not apply to third-party sites, services, app stores, AI service providers, or payment platforms that process data under their own policies.

"Personal data" (or "personal information") means information that identifies, relates to, describes, or could reasonably be linked to an individual. "Processing" means collecting, using, storing, sharing, or otherwise handling information.

1. Data Controller

The data controller for your personal data is:

Lowhill Digital L.L.C-FZ
Dubai, UAE
Email: [email protected]

2. Information We Collect

2.1 Information you provide to us

• Account and login information
  If you sign in using Google or Apple, we collect identifiers such as your email address, display name, and authentication tokens needed to identify your account.
• Onboarding preferences
  Trading experience level, goals, market preferences, analysis depth, and other quiz answers you provide during setup.
• Chart images
  Images you upload for AI chart analysis. These are encrypted at rest on our servers after processing and are not served back to you.
• AI Chat and Tutor messages
  Messages you send to the AI Chat assistant or AI Tutor are processed by third-party AI services to generate responses. Recent conversation history (last 10 messages) is included for context.
• Paper trading activity
  Simulated trades, virtual portfolio data, and simulated trade history you create within the paper trading feature.
• Course progress
  Lesson completions, quiz answers, XP earned, and learning streaks.
• Support communications
  If you contact us by email or through in-app reporting, we collect your message content and contact information.

2.2 Information collected automatically

• Device and technical data
  Device type/model, operating system and version, language, time zone, IP address, app version, and device identifiers (e.g., Firebase installation identifiers).
• Usage data
  App interactions (screens visited, features used, analysis requests), session timestamps, performance metrics, crash logs, and diagnostic information.
• Approximate location
  We may infer an approximate location (e.g., city/country) from your IP address for security, rate limiting, and analytics. We do not require precise GPS location.
• Push notification tokens
  Device tokens for delivering push notifications, if you grant notification permission.

2.3 Information from third-party services

The App integrates with third-party services that may collect and process information under their own privacy policies:

• Firebase (authentication, analytics, crash reporting, cloud messaging)
• OpenRouter (AI model routing for chart analysis, signals, chat)
• Stripe (web payment processing)
• Apple App Store and Google Play Store (mobile payment processing)
• Market data providers (Finnhub, Polygon) for price feeds

2.4 Purchases and billing

Purchases are processed by the relevant platform (Apple App Store, Google Play Store, or Stripe). We receive transaction metadata such as product identifiers, purchase timestamps, and subscription status, but we do not receive your full payment card details.

3. How We Use Your Information

• To provide and operate the App
  Including processing chart images through AI analysis, generating educational signals, running the paper trading simulator, delivering course content, and managing your account and subscription.
• To personalize your experience
  Using onboarding preferences to tailor the app's features, signal markets, and analysis depth to your stated goals.
• To improve and optimize the Service
  Analyzing usage patterns, troubleshooting issues, monitoring AI quality, and developing new features.
• To communicate with you
  Sending push notifications (if enabled) about signals, analysis results, learning reminders, and important service notices.
• To prevent fraud and abuse
  Rate limiting, detecting suspicious activity, enforcing fair use policies, and protecting account integrity.
• Content moderation
  Automatically flagging inappropriate uploaded content (NSFW, violent, or illegal material) using AI detection. Flagged content is logged and deleted.
• Legal and compliance purposes
  Complying with applicable laws, responding to lawful requests, and defending our legal rights.

4. AI Data Sharing

The following data may be sent to AI services via OpenRouter:

• Chart images (for image-based analysis) sent to Google Gemini
• Ticker symbols and OHLC market data (for ticker-based analysis) sent to Google Gemini
• Chat messages (for AI Chat and AI Tutor) sent to Google Gemini
• Market data summaries (for signal generation and scanning) sent to Qwen and Meta Llama models

AI services process your data to generate responses and, per OpenRouter's policies, do not use it for model training. Uploaded chart images are encrypted at rest on our servers after analysis.

5. Legal Bases (EEA/UK Users)

If you are in the European Economic Area or the UK, we process your personal data on one or more of the following legal bases:

• Performance of a contract to provide the App and its features.
• Legitimate interests to improve the Service, prevent fraud, protect our rights, and ensure security, where not overridden by your rights.
• Consent where required, such as for AI data sharing, push notifications, and certain analytics. You can withdraw consent at any time.
• Legal obligations to comply with applicable laws and regulations.

6. How We Share Your Information

• AI service providers
  Chart images, messages, and market data are sent to AI models (Google Gemini, Qwen, Meta Llama) via OpenRouter for analysis. See Section 4.
• Infrastructure providers
  Hosting, database, and cloud services that help us operate the App.
• Payment platforms
  Apple, Google, and Stripe process subscription payments under their own policies.
• Analytics services
  Firebase Analytics and Crashlytics help us understand usage and fix bugs.
• Professional advisers and authorities
  Where necessary, we may share information with legal advisors or law enforcement where legally required.
• Business transfers
  In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not sell personal information for money.

7. International Transfers

We are based in Dubai, UAE, but our service providers and AI processing infrastructure may be located in other countries (including the US and EU). Your information may be transferred to and processed in countries outside your own.

Where required by law, we use appropriate safeguards to protect personal data transferred internationally.

8. Data Retention

• Account data is kept while your account is active. After account deletion (30-day grace period), all data is permanently erased.
• Chart images are encrypted at rest after analysis. They are deleted when the associated analysis is deleted or when the account is purged.
• Legal acceptance records (TOS/Privacy/EULA acceptance with version, timestamp, IP) are retained indefinitely for compliance.
• API usage logs (rate limiting records) are retained for operational purposes and regularly cleaned.
• Content moderation flags are retained for safety review and abuse prevention.
• Analytics and crash data is retained per Firebase's default retention policies.

When data is no longer needed, we delete or anonymize it. Some data may persist in backups for a limited time until those backups are rotated.

9. Your Rights and Choices

9.1 GDPR / EEA / UK rights

Depending on your jurisdiction, you may have the following rights:

• Right to access your personal data and receive a copy.
• Right to rectification of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") in certain circumstances.
• Right to restriction of processing in certain cases.
• Right to data portability in a machine-readable format.
• Right to object to processing based on legitimate interests.
• Right to withdraw consent at any time without affecting prior processing.

To exercise your rights, contact us at [email protected]. We may need to verify your identity before fulfilling requests.

You also have the right to lodge a complaint with your local supervisory authority if you believe our processing violates applicable law.

9.2 California (CCPA/CPRA) notice

California residents may have rights to know, access, delete, correct, and opt out of certain sharing of personal information. To submit a request, email [email protected] with the subject "California Privacy Request".

9.3 Account deletion

You can request account deletion through the App's settings screen. Your account enters a 30-day grace period before permanent deletion. You can also request deletion by emailing [email protected].

9.4 Push notification controls

You can enable or disable push notifications through the App's settings or your device's system settings at any time.

10. Data Security

We use commercially reasonable technical and organizational measures to protect your information, including:

• HTTPS encryption for all data in transit
• Encrypted access tokens (FlutterSecureStorage on mobile, secure cookies on web)
• Uploaded chart images encrypted at rest using AES-256-GCM + RSA hybrid encryption
• Rate limiting and IP-based abuse prevention
• Content moderation with automatic flagging and deletion of inappropriate uploads

However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your information.

11. Children's Privacy

The App is not intended for users under 18 years of age (or the age of legal majority in your jurisdiction). We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can take appropriate action, including deletion.

12. Cookies and Similar Technologies

Our web application may use cookies and similar technologies for:

• Strictly necessary: authentication, session management.
• Analytics: Firebase Analytics to understand usage and improve the Service.

You can control cookies through your browser settings. Disabling certain technologies may affect some features of the Service. The App does not use advertising cookies or trackers.

13. Third-Party Links

The App may contain links to external websites or services not operated by us. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies.

14. Automated Decision-Making

We use automated systems to help detect fraud, abuse, and policy violations (e.g., rate limiting, content moderation flagging). These processes protect the Service and users and may result in actions such as limiting features, requiring sign-in, or blocking abusive activity.

AI-generated analysis, signals, and scores are produced by automated systems. These outputs are for educational purposes only and should not be relied upon for trading or investment decisions.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date and, where required by law, notify you via the App or other appropriate means. Your continued use of the App after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, requests, or complaints about this Privacy Policy or our data practices, please contact us at:

Company: Lowhill Digital L.L.C-FZ
Location: Dubai, UAE
Email: [email protected]

Last updated: March 30, 2026