Privacy Policy
This page explains what we collect when you use CORVIX, why we collect it, and what you can do about it. We've tried to write it the way we'd actually explain it to someone, not the way a legal template usually reads.
What we collect
When you create an account, we store your email address and a hashed version of your password. We never store your actual password in a form anyone, including us, can read.
If you turn on two-factor authentication, we store the secret needed to check your codes and a set of hashed one-time backup codes. If you link Telegram for alerts, we store your Telegram chat ID so we know where to send them.
Anything you enter into CORVIX itself, like a conviction book, a watchlist, or advisor client data, is stored under your account so it follows you between devices.
We do not collect payment card details. When billing goes live, our payment processor, Paddle, handles that directly, and we only ever see that a payment succeeded or failed.
Cookies
CORVIX uses one cookie: a session cookie that keeps you logged in. It is not used for advertising or tracking across other sites, and we don't run third-party ad trackers on the site.
Who we share data with
We use a small number of service providers to run CORVIX, and your data passes through them as part of that:
- Render, which hosts our servers and database.
- Resend, which sends account emails like verification and password reset links.
- Cloudflare, which sits in front of the site for security and performance.
- Paddle, which will handle payments once billing is live.
We don't sell your data, and we don't share it with anyone else for marketing purposes.
How long we keep it
We keep your account data for as long as your account is active. If you don't verify a new account, we periodically clean up unverified signups after 30 days.
Your rights
You can ask us to delete your account and the data tied to it at any time by emailing [email protected]. If you're in the EU or UK, this covers your rights under GDPR. If you're in Singapore, this covers your rights under the PDPA.
Security
Passwords are hashed, not stored in plain text. All traffic to CORVIX is encrypted. We support two-factor authentication as an optional extra layer on your account.
Changes to this policy
If we change what we collect or how we use it, we'll update this page and the date at the top.