Privacy Policy

Effective Date: April 5, 2026

This Privacy Policy describes how System R Technologies LLC ("System R AI," "we," "us," or "our") collects, uses, stores, and protects your information when you use the System R platform, including our web application, APIs, and related services (collectively, the "Service"). This policy applies to all users of the Service, regardless of how they access it.

By using the Service, you consent to the data practices described in this policy. If you do not agree with any part of this policy, you must not use the Service.

1. Information We Collect

We collect the following categories of information:

Account Information: When you create an account, we collect your name, email address, and password (hashed, never stored in plaintext). If you register using a third-party authentication provider (such as Google or GitHub), we receive your name, email address, and profile identifier from that provider.

Workspace Data: The Service allows you to create workspaces containing profile settings, projects, trading strategies, trade records, uploaded files, chat conversations, notes, and other user-generated content. We store this data to provide the Service and make it available to you across sessions and devices.

Usage Data: We collect information about how you use the Service, including features accessed, commands executed, AI model invocations, tools used, timestamps of activity, session duration, and interaction patterns. This data is used to operate the billing system, improve the Service, and diagnose technical issues.

Technical Data: When you access the Service, we automatically collect technical information including your IP address, browser type and version, operating system, device type, screen resolution, time zone, and referring URL. For the desktop application and CLI, we collect the application version, operating system version, and error reports.

Billing Data: We collect billing-related information including your payment method details (processed and stored securely by Stripe, our payment processor), transaction history, credit balance, usage records, and cryptocurrency wallet addresses used for payments. We do not store full credit card numbers on our servers.

What We Do NOT Collect:

2. How We Use Your Data

We use the information we collect for the following purposes:

Providing the Service: Your account information, workspace data, and technical data are used to operate the System R platform, authenticate your sessions, deliver features, execute your requests, and maintain your workspaces and configurations across sessions.

Billing and Payments: Your usage data and billing data are used to calculate charges, process payments, maintain your credit balance, generate invoices, and prevent fraud. Usage records are maintained for billing accuracy and dispute resolution.

Essential Notifications: We use your email address to send account-related communications, including account verification, password resets, billing alerts (low balance warnings, payment confirmations), security notifications (login from new device, suspected unauthorized access), and important service announcements (scheduled maintenance, Terms of Service changes).

Anonymized Analytics: We aggregate and anonymize usage data to understand how the Service is used, identify areas for improvement, monitor system performance, and plan capacity. Anonymized data cannot be traced back to individual users.

We do NOT sell your personal data. We have never sold user data, and we have no plans to do so. We do not share your data with third parties for their marketing or advertising purposes. We do not monetize your data in any way other than providing the Service you have signed up for.

We do NOT use your data for targeted advertising. We do not serve ads in the Service, and we do not share your data with advertising networks, data brokers, or ad technology companies.

3. AI Model Data Usage

The Service uses artificial intelligence models from Anthropic (Claude, accessed via AWS Bedrock) and OpenAI (GPT, accessed via Azure OpenAI) to power natural language interaction, market analysis, and other features.

Your data is NOT used to train AI models. When the Service sends your prompts, workspace context, or trading data to AI providers for processing, those transmissions are governed by enterprise service agreements with AWS and Microsoft Azure. Under these agreements:

Per-workspace isolation ensures that data from one workspace is not mixed with or accessible from another workspace when interacting with AI models. Each AI conversation maintains its own context boundary aligned with the workspace it belongs to.

We may use anonymized, aggregated patterns (such as which features are most commonly used or which types of queries are most frequent) to improve how the Service interacts with AI models. This anonymized data contains no personally identifiable information, trading data, or portfolio details.

4. Third-Party Connection Data

If a user explicitly configures a supported third-party connection, the Service may process credentials, API keys, or related data only to provide the configured workflow. Third-party connection data is treated as sensitive account data.

Security: Supported credentials or API keys submitted by the user should be protected with appropriate technical controls. Users are responsible for setting minimum necessary permissions with any third-party provider.

No Sale: System R does not sell user workspace data, personal data, or third-party connection data.

User Responsibility: Users should regularly review, rotate, or revoke any credentials they no longer want connected to a supported workflow.

Workspace Context: Data submitted by the user, including trade records, notes, files, and review history, may be processed to provide workspace context and decision-support outputs.

5. Data Storage and Security

All Service data is stored on infrastructure hosted by Amazon Web Services (AWS) in the US-East-1 (N. Virginia) region. We use the following security measures to protect your data:

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. This applies to web, desktop, CLI, and API access. Connections using older, insecure protocols are rejected.

Encryption at Rest: All data stored in our databases and file systems is encrypted at rest using AWS-managed encryption keys. This includes account data, workspace data, chat history, and all other stored information.

Database Security: Our primary database (Supabase/PostgreSQL) enforces Row-Level Security (RLS) on all public tables. RLS policies ensure that database queries can only access rows belonging to the authenticated user, providing an additional layer of data isolation at the database level.

Access Controls: Access to production systems and databases is restricted to authorized personnel only, using multi-factor authentication and role-based access controls. We follow the principle of least privilege, granting only the minimum access necessary for each role.

Monitoring: We monitor our infrastructure for security events, unauthorized access attempts, and anomalous behavior. Security logs are retained for analysis and incident response.

Incident Response: In the event of a data breach or security incident, we will notify affected users by email within 72 hours of confirming the breach, in accordance with applicable law. Notification will include the nature of the incident, the data affected, and the steps we are taking in response.

No system is perfectly secure. While we implement industry-standard security measures, we cannot guarantee absolute security of your data. You are responsible for maintaining the security of your account credentials and your devices.

6. Data Retention

Active Accounts: We retain your account data, workspace data, and usage history for as long as your account is active and as needed to provide the Service.

Account Deletion: If you close your account or request deletion, we retain your data for 30 days following the deletion request. During this period, you may contact us to recover your account and data. After 30 days, your data is permanently and irreversibly deleted from our active systems and databases.

Chat History: Your chat conversations with AI models are stored within your workspaces. You can delete individual conversations or entire chat histories at any time through the Service. Deleted chat data is removed from our active systems promptly.

Billing Records: We retain billing and transaction records for a minimum of 7 years after the transaction date, as required by applicable tax and financial record-keeping laws. These records include transaction amounts, dates, payment methods (masked), and usage summaries. Billing records are retained even after account deletion.

Backups: Our backup systems may retain copies of your data for a limited period (up to 30 days) after deletion from active systems. Backups are encrypted and access-restricted. Data in backups is overwritten as backup cycles complete.

Anonymized Data: Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely for analytics, research, and service improvement purposes.

7. Your Rights

You have the following rights regarding your personal data:

Right to Access: You may request a copy of the personal data we hold about you. We will provide this data in a commonly used, machine-readable format (such as JSON or CSV) within 30 days of your verified request.

Right to Deletion: You may request that we delete your personal data. Upon receiving a verified deletion request, we will delete your data from active systems within 30 days, subject to the retention requirements described in Section 6 (billing records and legal obligations).

Right to Correction: You may update or correct your account information at any time through the Service settings. If you need to correct data that is not editable through the Service, contact us at hello@systemr.ai.

Right to Data Portability: You may export your workspace data, chat history, and configuration through the Service's export features or by requesting a data export from us.

Right to Opt Out of Non-Essential Communications: You may opt out of non-essential email communications (such as product updates and feature announcements) at any time using the unsubscribe link in those emails or by updating your notification preferences in the Service. You cannot opt out of essential account and security notifications.

To exercise any of these rights, contact us at hello@systemr.ai with your request. We may need to verify your identity before processing your request. We will respond to all verified requests within 30 days.

If you are a resident of California, the European Economic Area, the United Kingdom, or another jurisdiction with specific data protection laws, you may have additional rights. Contact us for information specific to your jurisdiction.

8. Cookies and Tracking

The Service uses cookies and similar technologies in a limited and transparent manner.

Essential Cookies: We use session cookies that are strictly necessary for the Service to function. These cookies maintain your authentication state, remember your active workspace, and ensure the security of your session. These cookies are required and cannot be disabled without losing access to the Service.

No Third-Party Advertising Cookies: We do not use third-party advertising cookies, tracking pixels, or retargeting technologies. We do not serve ads in the Service, and we do not allow third-party ad networks to place cookies or trackers through our platform.

No Retargeting: We do not track your browsing activity across other websites. We do not use retargeting or remarketing technologies to show you ads on other platforms based on your use of the Service.

Website and Product Analytics: We may use analytics tools, including Google Analytics and PostHog, to understand public website traffic, referral sources, page engagement, signup flow, product usage patterns, feature adoption, retention, and service quality. Analytics may use cookies or similar technologies to recognize a browser or device across visits.

Analytics Boundaries: We do not intentionally send raw chat prompts, AI responses, uploaded files, trade notes, support message contents, API keys, payment details, wallet details, or other sensitive workspace content to third-party analytics providers. Logged-in product analytics are designed to use event names, feature names, status codes, coarse categories, and aggregated usage patterns rather than raw user-generated content.

Analytics: We may use anonymized, first-party analytics to understand Service usage patterns. This data is collected and processed by our own systems, not by third-party analytics services. It does not include personally identifiable information.

Local Storage: The desktop application and CLI may store configuration data, authentication tokens, and cached data on your local device. This data remains on your device and is not transmitted to our servers except as necessary to operate the Service.

9. Third-Party Services

The Service relies on the following third-party service providers to operate. Each provider receives only the minimum data necessary to perform its function:

Amazon Web Services (AWS): Cloud infrastructure hosting, database services (via Supabase on AWS), AI model access (Anthropic Claude via AWS Bedrock), caching (ElastiCache), and content delivery. AWS processes data in the US-East-1 region under our enterprise agreement.

Stripe: Payment processing for credit and debit card transactions. Stripe receives your payment card details, billing address, and transaction amounts. Stripe's handling of your payment data is governed by Stripe's Privacy Policy and PCI DSS compliance. We do not store full card numbers on our servers.

Anthropic (via AWS Bedrock): AI model provider for Claude. Prompts and context data are sent to Anthropic's models through AWS Bedrock's enterprise API. Under our agreement, this data is not used for model training and is not retained beyond the processing window.

OpenAI (via Microsoft Azure): AI model provider for GPT models and voice services. Prompts, context data, and voice audio (when using voice features) are sent to OpenAI's models through Azure's enterprise API. Under our agreement, this data is not used for model training and is not retained beyond the processing window.

We may add or change third-party service providers as the Service evolves. We will update this policy to reflect material changes in our third-party provider relationships. We require all third-party providers to maintain appropriate security measures and to process your data only as instructed by us.

10. Children

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, you must not create an account, use the Service, or provide any personal information to us.

If we become aware that we have collected personal information from a child under 18, we will take immediate steps to delete that information from our systems and terminate the associated account. If you believe that a child under 18 has provided personal information to us, please contact us immediately at hello@systemr.ai.

The age restriction of 18 applies regardless of the age of majority in your jurisdiction. Trading financial instruments involves significant risk and complexity that is not appropriate for minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the features of the Service. When we make material changes to this policy, we will:

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you must stop using the Service before the updated policy takes effect and may request deletion of your data as described in Section 7.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. The date of the most recent revision is always indicated at the top of this policy.

Previous versions of this Privacy Policy are available upon request by contacting hello@systemr.ai.

Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us at:

System R Technologies LLC 7901 4TH ST N, STE 28529 ST PETERSBURG, FL 33702

Email: hello@systemr.ai

For data access, deletion, or portability requests, please include your registered email address and a clear description of your request. We will respond within 30 days.

This Privacy Policy was last updated on April 5, 2026.