Privacy Policy.
1. Summary
2. Scope
This Privacy Policy explains how EDGAR Analyst, Inc. (“we”, “us”) collects and uses personal information when you visit our websites, use our applications, or otherwise interact with the Service.
For paid customers, our processing of personal data on your behalf is governed by our Data Processing Addendum. This Policy addresses the personal data we process as a controller (account holders, visitors, prospects).
3. What we collect
| Category | Examples |
|---|---|
| Account | Name, work email, organization, password hash, SSO claims |
| Usage | Queries, monitor configurations, exports requested, app interactions |
| Device | IP, user agent, locale, time zone, approximate region |
| Billing | Company, billing contact, plan tier, invoice history (no card data — processed by Stripe) |
| Comms | Support tickets, sales emails, demo notes |
4. How we use it
- Provide the Service. Authenticate you, run queries, deliver memos, send monitors, process billing.
- Secure the Service. Detect abuse, enforce rate limits, investigate incidents.
- Improve the Service. Aggregate analytics on which features get used. We do not train foundation models on Customer Data without consent.
- Communicate. Send transactional notices, occasional product updates, and respond when you contact us.
- Comply with law. Meet legal obligations and respond to lawful requests.
5. Sharing
We share personal data only with vetted subprocessors that help us run the Service (cloud hosting, email delivery, billing, analytics, customer support tooling, AI inference). A current list is available on request and listed in our DPA.
We do not sell personal information. We do not share personal information with advertisers.
We may disclose information if required by law, to protect our rights, or in connection with a corporate transaction; in the latter case we will notify affected customers in advance where permitted.
6. Retention
We retain personal data only as long as needed to provide the Service or as required by law. Account data is retained while your account is active and for up to 90 days after deletion to allow recovery and meet legal obligations. Audit logs are retained for up to 2 years.
7. Your rights
Depending on your jurisdiction, you may have rights to access, correct, export, delete, or restrict processing of your personal data, and to object or withdraw consent. To exercise any right, write to privacy@edgaranalyst.com.
If you are in the EEA or UK, our lawful bases include contract performance, legitimate interests, consent, and legal obligation as applicable.
8. Cookies
We use a small number of strictly necessary cookies for authentication and session management, and limited analytics cookies (first-party) to understand product usage. We do not use advertising cookies. You can control cookies in your browser; disabling necessary cookies will break login.
9. Security
See our Security page for details. In short: TLS in transit, AES-256 at rest, scoped access controls, audit logging, and SOC 2 Type II in progress.
10. International transfers
We are based in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US and other jurisdictions where our subprocessors operate. Where required, we use Standard Contractual Clauses and other lawful mechanisms.
11. Children
The Service is not directed to children under 16, and we do not knowingly collect personal data from them.
12. Changes
We may update this Policy. If changes are material we will notify you by email or through the Service at least 30 days before they take effect.
13. Contact
Privacy questions or requests? Reach our privacy team at privacy@edgaranalyst.com.
EDGAR Analyst, Inc.
228 Park Avenue South, #54192
New York, NY 10003