Privacy Policy

Last Updated: March 12, 2026
Effective Date: October 10, 2025
Language: This policy is provided in English. Magyar verzió itt elérhető / Hungarian version available here.

Note: This privacy policy applies to a company based in Hungary and complies with the European Union's General Data Protection Regulation (GDPR).

1. Controller

Company Name: Gray Swan Intelligence Korlátolt Felelősségű Társaság (Gray Swan Intelligence Kft.)

Registered Address: 9444 Fertőszentmiklós, Mátyás király utca 26/A, Hungary

Email: support@signex.ai

Phone: +36 1 234 5678

Company Registration Number (Cégjegyzékszám): 08-09-038365

VAT ID (Adószám): 32986402-2-08

For data protection inquiries, please contact: support@signex.ai

2. Scope and Purpose

This Privacy Policy describes how Signex ("we," "us," or "our") collects, uses, processes, and protects your personal data when you use our AI-powered market analysis platform (the "Service").

Our Commitment to GDPR Compliance

As a Hungarian company, we fully comply with:

  • GDPR (General Data Protection Regulation) - EU Regulation 2016/679
  • Hungarian Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information ("Infotv.")
  • Act C of 2003 on Electronic Communications (Eht.) - for cookies and tracking

3. Personal Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Username
  • Email address
  • Password (encrypted/hashed, never stored in plain text)
  • Account creation date
  • Subscription tier and billing information

3.2 Payment Information

For paid subscriptions, we collect:

  • Billing name and address
  • Payment method details (processed securely by Stripe, a PCI-DSS compliant payment processor)
  • Transaction history and invoice data

Note: We do NOT store your complete credit card numbers. All payment card data is handled exclusively by Stripe.

3.3 Usage Data

When you use our Service, we automatically collect:

  • IP address and geolocation (country/region level)
  • Browser type and version
  • Operating system
  • Pages visited and features used
  • Time and date of access
  • API requests and usage patterns
  • Feature quota consumption

3.4 Technical Data

  • Session cookies (for authentication)
  • API keys and widget tokens (for programmatic access)
  • Log files (for security and debugging)

3.5 GraySwan ID SSO Integration

If you log in via GraySwan ID Single Sign-On, we receive:

  • GraySwan username
  • Email address
  • Subscription tier information
  • HMAC-signed authentication token

4. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

4.1 Contract Performance (Art. 6(1)(b) GDPR)

Processing is necessary to provide the Service you subscribed to:

  • Account creation and management
  • Subscription billing and payment processing
  • Service delivery (market analysis, AI predictions)
  • Customer support

4.2 Legal Obligation (Art. 6(1)(c) GDPR)

We process data to comply with legal requirements:

  • Hungarian Act CL of 2017 on the Rules of Taxation (Art. of Taxation) - invoice retention for 8 years (Accounting Act)
  • Hungarian Accounting Act (Act C of 2000)
  • Anti-money laundering regulations

4.3 Legitimate Interest (Art. 6(1)(f) GDPR)

We process data for legitimate business purposes:

  • Security monitoring and fraud prevention
  • Service improvement and analytics
  • Bug detection and system optimization

4.4 Consent (Art. 6(1)(a) GDPR)

For optional features like marketing communications, we obtain your explicit consent. You may withdraw consent at any time.

5. How We Use Your Data

  • Service Provision: To deliver market analysis, AI predictions, and real-time updates
  • Account Management: To manage your subscription, authentication, and access control
  • Payment Processing: To process payments and issue invoices
  • Customer Support: To respond to inquiries and resolve issues
  • Security: To detect fraud, prevent abuse, and secure our systems
  • Legal Compliance: To comply with Hungarian and EU legal obligations
  • Service Improvement: To analyze usage patterns and improve our platform

6. Data Sharing and Third-Party Processors

We share your data only with trusted third-party processors who comply with GDPR:

6.1 Payment Processing

Stripe, Inc. (USA - Adequate protection under EU-US Data Privacy Framework)

  • Purpose: Payment processing, subscription management
  • Data shared: Name, email, billing address, payment method
  • Privacy Policy: stripe.com/privacy

6.2 AI Services

Local AI Processing (Ollama)

  • Purpose: AI-powered market narrative analysis
  • Processing Location: On our own servers (EU)
  • Data shared: NONE - all AI processing is done locally on our infrastructure
  • No third-party AI providers: We do NOT use OpenAI, Anthropic, or other external AI APIs
  • Privacy benefit: Your data never leaves our EU-based infrastructure for AI processing

6.3 Hosting and Infrastructure

netcup GmbH (Karlsruhe, Germany - European Union member)

  • Purpose: Application hosting, database storage, and AI model hosting
  • Data Location: Germany (EU member state)
  • Address: Emmy-Noether-Straße 10, D-76131 Karlsruhe
  • GDPR Compliance: Full EU data protection regulations apply
  • No third-country transfers: All data remains within the European Union

6.4 GraySwan Integration (If Applicable)

If you use GraySwan ID SSO, data is exchanged with your GraySwan portal via HMAC-signed tokens.

Third-Country Transfers: Stripe (payment processor) is based in the USA. We ensure adequate protection through:

  • EU-US Data Privacy Framework participation (Stripe is certified)
  • Standard Contractual Clauses (SCCs) with Stripe
  • Limited data transfer: Only payment information (name, email, billing address)

Important: All AI processing and market analysis happens on our EU servers (Hungary). No personal data or market data is sent to third countries for AI processing.

7. Data Retention

We retain your personal data only as long as necessary:

  • Active Accounts: Data retained while account is active
  • Closed Accounts: Data deleted within 30 days, except:
    • Invoices and financial records: 8 years (Hungarian Accounting Act)
    • Anonymized analytics: Indefinitely (no personal data)
  • Security Logs: 90 days (for incident investigation)
  • Backups: Deleted within 60 days after account closure

8. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

8.1 Right of Access (Art. 15 GDPR)

You can request a copy of all personal data we hold about you.

8.2 Right to Rectification (Art. 16 GDPR)

You can correct inaccurate or incomplete personal data.

8.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You can request deletion of your personal data, subject to legal retention requirements.

8.4 Right to Restriction of Processing (Art. 18 GDPR)

You can limit how we process your data in certain circumstances.

8.5 Right to Data Portability (Art. 20 GDPR)

You can receive your data in a structured, machine-readable format (JSON/CSV).

8.6 Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests.

8.7 Right to Withdraw Consent (Art. 7(3) GDPR)

If processing is based on consent, you may withdraw it at any time.

8.8 Automated Decision-Making

Our Service uses AI for market analysis, but NO automated decisions are made that significantly affect your legal rights without human oversight.

How to Exercise Your Rights:

Email us at: support@signex.ai

We will respond within 30 days as required by GDPR.

9. Data Security

We implement industry-standard security measures:

  • Encryption: TLS/SSL for data in transit, encryption at rest
  • Access Control: Role-based access, admin authentication
  • Password Security: Bcrypt hashing, minimum 8 characters
  • CSRF Protection: Protection against cross-site request forgery
  • Security Monitoring: Logging and intrusion detection
  • Regular Updates: Software patches and security audits

Data Breach Notification: In case of a data breach, we will notify affected users and the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) within 72 hours as required by GDPR Art. 33.

10. Cookies and Tracking

Essential Cookies (No Consent Required)

  • Session Cookie: For authentication and login persistence
  • CSRF Token: For security protection

Optional Cookies (Consent Required)

  • Analytics: [IF YOU USE ANALYTICS, SPECIFY AND OBTAIN CONSENT]
  • Marketing: [IF APPLICABLE]

You can manage cookie preferences in your browser settings.

11. Children's Privacy

Our Service is NOT intended for children under 16 years of age (minimum age under GDPR Art. 8). We do not knowingly collect data from children. If you believe a child has provided personal data, please contact us immediately.

12. International Transfers

Your data is primarily processed within the European Economic Area (EEA). Where we transfer data to third countries (e.g., USA), we ensure adequate protection through:

  • EU-US Data Privacy Framework
  • Standard Contractual Clauses (SCCs)
  • Technical encryption measures

13. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Hungarian Data Protection Authority (NAIH):

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Falk Miksa utca 9-11
1055 Budapest, Hungary
Phone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email.

15. Contact Information

For privacy-related questions or to exercise your rights:

Email: support@signex.ai
Address: 9444 Fertőszentmiklós, Mátyás király utca 26/A, Hungary
Phone: +36 1 234 5678

Legal Reference: This privacy policy complies with GDPR (EU Regulation 2016/679) and Hungarian Act CXII of 2011 (Infotv.).

Back to Home