Silent Facts — Privacy Policy

> Who We Are

GraphEdge Analytics Inc., a New Jersey corporation, operates the Silent Facts platform at silentfacts.com. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the choices you have about your data.

For questions about this policy or to exercise your privacy rights, contact smaitra1@graphedgeanalytics.com.

> Data We Collect

Category	Data	Why
Account	Email, Cognito user ID (sub), federated provider ID (e.g. Google sub) when you sign in via Google, name if provided by the IdP, admin-group membership.	Authenticate you, send transactional notices, scope your watchlists / saved queries to your account.
Product usage	Watchlist tickers, saved queries, alert preferences, NLP query text + the Cypher we generated, query result row counts, page paths.	Deliver the service, improve query translation, debug NLP edge cases (admin-only, see retention below).
Billing	When paid plans launch: name on card, billing address, last 4 digits, subscription state. Full card numbers are processed by Stripe and never touch our servers.	Charge subscriptions, satisfy tax / accounting obligations.
Operational logs	IP address (from request headers, not stored long-term), user-agent, request timestamps, error stack traces.	Security, abuse detection, debugging.
Cookies / local storage	Session tokens, theme preference, post-login redirect path. No third-party advertising trackers.	Keep you signed in; remember your UI preferences.

We do not collect brokerage account credentials, trading positions, real-name verification documents, or any data from third-party financial accounts. We do not buy data brokers' profiles to enrich your account.

> How We Use It

Service delivery. Authenticate you, render your watchlist / alerts, run NLP queries on your behalf.
Aggregate analytics. Count how many users hit a feature; tune extraction prompts; pick which tickers to prioritize. Always aggregated, never per-user disclosed.
Customer communications. Transactional email (sign-in confirmations, billing receipts, alert notifications, security notices, ToS / Privacy updates). We do not send unsolicited marketing email; you opt in to product-news mail separately.
Security & abuse prevention. Detect rate-limit abuse, scraping, account takeover.
Legal compliance. Respond to subpoenas, law-enforcement requests, tax filings.

We do not sell your personal data. We do not share it with third parties for their own marketing.

> Third-Party Processors

We rely on the following service providers to operate the Service. Each is a "data processor" acting on our instructions:

Provider	Purpose	Data shared
Amazon Web Services	Hosting (App Runner), database (Aurora), object storage (S3), DNS (Route 53), email transport (SES, when launched)	All data we store
Amazon Cognito	Authentication, JWT issuance, federated sign-in	Email, federated provider IDs
Google (when you choose Google sign-in)	Identity provider	Email, name, Google sub
Neo4j AuraDB	Graph database hosting	Relationship graph (no personal data; corporate / SEC entities only)
Groq, Google Gemini	LLM inference for NLP query translation and entity extraction	Query text, filing text — never your account email or watchlist contents
Stripe (when paid plans launch)	Payment processing	Billing details (card data direct to Stripe; we never store full PANs)
Sentry (when error monitoring launches)	Error / exception tracking	Stack traces, request IDs, sometimes truncated payloads (PII scrubbed before sending)

> Retention

Account & product data — retained for the life of your account. If you delete your account, we delete or anonymize your account row, watchlists, saved queries, and alerts within 30 days.
Inactive accounts — accounts with no sign-in activity for 36 consecutive months are flagged for deletion; we email you 30 days before deletion.
Operational logs — request logs retained 90 days; aggregated metrics retained indefinitely.
NLP query log — admin-visible for 12 months for prompt tuning, then deleted.
Billing records — retained for 7 years to satisfy tax and accounting requirements.

> Your Rights

Under applicable privacy laws (including the EU GDPR, UK GDPR, California CCPA / CPRA, and other US state laws), you have the right to:

Access a copy of the personal data we hold about you.
Correct inaccurate data.
Delete your data (subject to legal retention obligations like billing records).
Port your data to another service in a machine-readable format.
Object to certain processing, including profiling for analytics.
Opt out of sale — we do not sell personal data, but this right is preserved by statute.
Withdraw consent for any processing based on consent, at any time.

To exercise any of these rights, email smaitra1@graphedgeanalytics.com. We respond within 30 days. We do not discriminate against you for exercising any privacy right.

> International Transfers

Our infrastructure runs in AWS us-east-1 (Northern Virginia, USA). If you access the Service from outside the United States, your data is transferred to and processed in the US. Where required (e.g. for EEA / UK users), we rely on the European Commission's Standard Contractual Clauses with our sub-processors as the transfer mechanism.

> Security

We use industry-standard controls: TLS 1.2+ in transit; encryption at rest for Aurora and S3; AWS Secrets Manager for credentials; role-scoped IAM; Cognito JWT validation on every authenticated request; admin-only gating on sensitive endpoints. No system is perfectly secure — if you discover a vulnerability, please email smaitra1@graphedgeanalytics.com and allow us reasonable time to remediate before public disclosure.

> Children

The Service is not directed to anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

> Changes & Contact

We may update this Privacy Policy from time to time. Material changes are announced via the account email at least 14 days before they take effect. The "Effective" date at the top of this page reflects the latest revision.

Contact: smaitra1@graphedgeanalytics.com