Back to ChainStreetChainStreet ResearchChainStreet

Privacy Policy

How ChainStreet Research collects, uses, stores, and shares your personal information — in plain English, aligned with GDPR, UK GDPR, and CCPA/CPRA.

Last updated: May 8, 2026

Plain-English summary

We collect the minimum information needed to run the Platform. We never sell your data. We use it to authenticate you, deliver the product you paid for, personalize your AI Copilot, fight fraud and abuse, and improve the service. You can request export, correction, or deletion at any time.

1. Scope and operator

This Privacy Policy describes how ChainStreet Research (“we,” “us,” “our”) processes personal information of users of chainstreetresearch.com and our mobile and desktop applications (collectively, the “Platform”). For purposes of GDPR/UK GDPR, we are the data controller. For purposes of CCPA/CPRA, we are the business that collects and processes your personal information.

2. Information we collect

a. Account information you provide

  • Email address, full name, chosen username (required to create an account).
  • Hashed password (bcrypt; we never see or store the plaintext).
  • Avatar selection, optional bio, profile fields, badges, and trader-archetype.
  • Subscription tier, billing identifiers from our payment partners (Whop, Stripe), but never card numbers.

b. Usage data we generate as you use the platform

  • Watchlists, alerts, saved theses, paper-trading positions, screener filters, and chart layouts.
  • Quizzes, lessons completed, badges earned, and learning-pathway progress.
  • Community posts, comments, reactions, group memberships, and direct messages.
  • AI Copilot conversation history, including your prompts and the model’s responses (used to power chat memory and personalization).
  • Click and view telemetry, page-load timing, error logs, and feature-usage metrics.

c. Optional integrations you authorize

  • Brokerage integrations — if you connect a brokerage account through a third-party aggregator, we receive read-only position, balance, and order history. We never receive trading credentials and we do not place trades.
  • Portfolio uploads — CSV / spreadsheet uploads of holdings used to generate personalized analysis. Stored encrypted at rest.
  • Push notifications — device push token if you opt in to push alerts.

d. Automatic technical data

  • IP address, approximate geo (country / region only), device type, browser, OS, and timezone.
  • Cookies and similar technologies for authentication, fraud prevention, and analytics.

3. How we use your information

We use the information described above to:

  • Authenticate you and operate your account (legal basis: contract performance);
  • Deliver the features you subscribed to and remember your preferences (contract);
  • Personalize AI Copilot, signals, and recommendations using your watchlist, history, and stated interests (legitimate interest — you may opt out, see Section 7);
  • Send transactional emails (verification, billing, security) and, if you opted in, the Daily Brief newsletter (consent);
  • Detect and prevent fraud, abuse, scraping, and ToS violations (legitimate interest);
  • Improve the Platform through aggregated, de-identified analytics (legitimate interest);
  • Comply with legal obligations including tax, accounting, and law-enforcement requests (legal obligation).

4. AI Copilot memory and personalization

The AI Copilot stores a rolling history of your conversations and a long-term memory profile (interests, risk tolerance, asset preferences) to make responses more relevant. We use this only to serve you. We do not use your individual prompts or responses to train upstream foundation models, and we do not share your conversation history with third parties except our LLM providers (currently Abacus.AI Routes), who process it under confidentiality and data-protection agreements and do not retain it for training without your consent.

You may clear your Copilot memory at any time from Settings → Privacy & Memory.

5. How we share your information

We do not sell your personal information. We share it only in these limited circumstances:

  • Service providers (sub-processors): hosting (Abacus.AI / Vercel-class infra), payment processing (Whop, Stripe), email delivery (Resend / SES), error monitoring (Sentry-class), AI inference (Abacus.AI Routes), and analytics. All bound by data-processing agreements.
  • Other users (community features only): your username, avatar, and posts you choose to publish are visible to other Platform users.
  • Legal compliance: when required by subpoena, court order, regulator request, or to protect rights, property, or safety.
  • Business transfers: in connection with a merger, acquisition, or asset sale, with notice to you.

6. Data retention

We retain account data for as long as your account is active and for a reasonable period after closure to comply with legal, tax, and audit obligations (typically 7 years for billing records). Conversation history, watchlists, and notes are deleted within 30 days of account closure unless you request earlier deletion.

7. Your rights

Depending on your jurisdiction, you have the right to:

  • Access, correct, or export the personal information we hold about you;
  • Request deletion of your account and personal information (“right to be forgotten”);
  • Object to or restrict certain processing, including AI personalization;
  • Withdraw consent for newsletters and marketing emails at any time;
  • Lodge a complaint with your local data-protection authority (e.g., ICO in the UK, CNIL in France, your state Attorney General in the US).

To exercise any right, email [email protected] from the address on your account. We respond within 30 days.

8. Cookies and tracking

We use first-party cookies for authentication and CSRF protection. We use a small number of third-party analytics cookies to understand aggregate usage patterns. We do not use advertising or cross-site tracking cookies. You can disable cookies in your browser, but the Platform will not function correctly without authentication cookies.

9. Security

We use industry-standard safeguards including TLS in transit, AES-256 at rest, bcrypt password hashing, rate-limiting, anomaly detection, and least-privilege access controls. No system is perfectly secure; if we detect a breach affecting your information we will notify you and the appropriate authorities within 72 hours of discovery.

10. International transfers

Our infrastructure is hosted in the United States. If you access the Platform from outside the US, your information will be transferred to and processed in the US under appropriate safeguards (Standard Contractual Clauses where required).

11. Children

The Platform is not directed at children under 18 and we do not knowingly collect data from anyone under 18. If you believe a child has provided us information, contact [email protected].

12. Changes to this policy

We may update this Privacy Policy. Material changes will be communicated by email or in-product banner at least seven (7) days before they take effect.

13. Contact

Questions, requests, or complaints: [email protected].