← Back

Privacy Policy

Last updated: 2026-06-15 Version: 1.0

This Privacy Policy explains how Excitek LLC ("we," "us," or "the Operator"), the operator of Ticker Memo (the "Service"), collects, uses, and shares your personal information. It is incorporated by reference into our Terms of Service.

If you are located in the European Economic Area (EEA) or the United Kingdom, please also see Section 9 (International Users and GDPR). If you are a resident of a U.S. state with a comprehensive privacy law (including Texas, California, Virginia, Colorado, and others), please see Section 8 (U.S. State Privacy Rights).

---

1. Information we collect

Information you provide:

• Account information: the email address you authenticate with.
• User content: investment theses you enter, watchlists you create, tickers you track, and related preferences and settings.
• Records of agreement: your acceptance of our Terms of Service and this Privacy Policy, including the date, time, and version accepted.

Information collected automatically:

• Usage and log data: login and activity timestamps, pages or features accessed, and similar usage information.
• Device and connection data: IP address, browser type, device type, and similar technical information.
• Cookies and analytics data: see Section 5.

Payment information: Subscription payments are handled entirely by our payment processor (Stripe). We do not collect or store your full payment card details. We may receive limited billing-related information from Stripe (such as subscription status and the last four digits of a card) to manage your subscription.

We do not intentionally collect sensitive personal information, and we ask that you not enter sensitive personal information into your theses, watchlists, or other user content.

2. How we use information

We use your information to:

• authenticate you and provide, maintain, and operate the Service;
• store and display your theses, watchlists, and tracked tickers, and send you the updates you have configured;
• process subscriptions and billing;
• maintain the security and integrity of the Service and prevent fraud and abuse;
• analyze and improve the Service (including via analytics);
• communicate with you about your account, changes to the Service, or this policy; and
• comply with our legal and accounting obligations.

The legal bases on which we rely (where required, such as under GDPR) are described in Section 9.

3. Payment processing

Subscription billing is processed by Stripe. Your payment card data is collected and processed directly by Stripe and is governed by Stripe's own privacy policy. We do not store your card number, expiration date, or security code.

4. How we share information

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under applicable U.S. state privacy laws.

We share personal information only:

• with service providers / processors who help us operate the Service and who are contractually bound to protect it, including our payment processor (Stripe), hosting and infrastructure providers, email/delivery providers, and analytics providers;
• to comply with law, legal process, or enforceable governmental requests;
• to protect the rights, property, or safety of us, our users, or others, including to enforce our Terms of Service; and
• in connection with a merger, acquisition, or sale of assets, in which case we will require the recipient to honor this policy or notify you of any material change.

5. Cookies and analytics

We use:

• Essential / session cookies that are necessary to log you in and keep you authenticated. These cannot be disabled without breaking core functionality.
• Analytics tools to understand how the Service is used and to improve it. We currently use [ANALYTICS PROVIDER(S), e.g. Plausible / Google Analytics].

Where required by law (for example, for users in the EEA or UK), we request your consent before setting non-essential (analytics) cookies, and you can withdraw consent or manage your preferences at any time. You can also control or refuse cookies through your browser settings, though disabling essential cookies may prevent you from using the Service.

6. Data retention

• Account and user content (email, theses, watchlists): retained while your account is active.
• Billing and accounting records: retained as required for legal, tax, and accounting purposes (typically several years), even after account closure.
• Logs and analytics data: retained for a limited period sufficient for security and product-improvement purposes, then deleted or aggregated.

When you delete your account, we delete or de-identify your account information and user content within a reasonable period, except where we are required or permitted by law to retain it (for example, billing records).

7. Your rights (general)

Depending on your jurisdiction, you may have the right to:

• access the personal information we hold about you;
• correct inaccurate personal information;
• delete your personal information;
• obtain a portable copy of your personal information;
• opt out of certain processing (such as targeted advertising, sale, or profiling — none of which we currently perform); and
• withdraw consent where processing is based on consent.

To exercise any of these rights, contact us. We will respond within the timeframe required by applicable law. We will not discriminate against you for exercising your rights.

8. U.S. State Privacy Rights (Texas, California, and other states)

If you are a resident of a U.S. state with a comprehensive privacy law — including the Texas Data Privacy and Security Act (TDPSA), the California Consumer Privacy Act (CCPA/CPRA), and similar laws in Virginia, Colorado, and other states — you have the rights described in Section 7 as provided by your state's law.

• How to exercise: submit a request to us. We may need to verify your identity before fulfilling your request.
• Authorized agents: where permitted by law, you may use an authorized agent to submit a request on your behalf.
• Appeals: if we deny your request, you may appeal by replying to our decision or contacting us. We will respond to your appeal within the period required by your state's law. If your appeal is denied, you may contact your state attorney general (for Texas residents, the Office of the Texas Attorney General).
• Sale / targeted advertising: we do not sell personal information or process it for targeted advertising or profiling that produces legal or similarly significant effects.

9. International Users and GDPR (EEA / UK)

We offer the Service to users outside the United States. If you are located in the EEA or the UK, the following applies:

• Controller: Excitek LLC is the controller of your personal information.
• Legal bases for processing: we process your personal information to (a) perform our contract with you (providing and billing the Service); (b) pursue our legitimate interests (securing the Service, preventing fraud, and improving the product), balanced against your rights; (c) where you have given consent (for example, non-essential analytics cookies), which you may withdraw at any time; and (d) to comply with legal obligations.
• Your GDPR rights: in addition to the rights in Section 7, you have the right to object to or restrict processing, the right to lodge a complaint with your local supervisory authority, and the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (we do not engage in such automated decision-making about you).
• International transfers: your personal information will be processed and stored in the United States. Where we transfer personal information out of the EEA or UK, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) where required.
• Data retention is as described in Section 6.

To exercise any GDPR right, contact us.

10. Security

We use reasonable technical and organizational measures designed to protect your personal information, including encryption in transit, access controls, and limiting credential and data access to systems we operate. However, no method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

11. Children's privacy

The Service is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date and version above and, where appropriate, provide additional notice (for example, by email or in-app notice). Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

Contact

Questions about this document? Please reach us through our contact form.