Privacy Policy

Last Updated: May 5, 2026 · Effective Date: May 5, 2026

This Privacy Policy describes how Tangency ("Tangency," "we," "us," or "our") collects, uses, discloses, retains, and protects information about you when you access or use our website at tangency.ai and our AI-powered trading intelligence platform (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

Questions or privacy requests? Email us at support@tangency.ai. We respond to verifiable privacy requests within 30 days.

Contents

Scope and Applicability
Information We Collect
How We Use Your Information
Legal Basis (GDPR / PIPEDA)
How We Disclose Your Information
Third-Party Service Providers
Cookies and Tracking
Data Retention
Data Security and Breach Notification
International Data Transfers
Children's Privacy
Canadian Privacy Rights (PIPEDA / BC PIPA)
European Privacy Rights (GDPR / UK GDPR)
California Privacy Rights (CCPA/CPRA)
Email Communications and Anti-Spam
Links to Third-Party Websites
Changes to This Privacy Policy
Contact Us

1. Scope and Applicability

This Privacy Policy applies to all personal information processed by Tangency in connection with:

The tangency.ai website (landing page and marketing pages);
The Tangency web application and platform features;
The pre-launch waitlist signup form;
Communications we send to you (transactional and marketing emails).

This Privacy Policy does not apply to third-party websites, applications, or services that may be linked from the Service, or to third-party services whose use is governed by separate privacy policies (see Section 6).

Minimum Age. The Service is intended solely for users who are 18 years of age or older. By using the Service, you represent and warrant that you are at least 18 years old. See Section 11 for our Children's Privacy policy.

2. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically, and information we receive from third-party service providers.

2.1 Information You Provide Directly

Category	Data Elements	How Collected
Account Registration	Name, email address	Via Clerk authentication on account signup
Waitlist Signup	Email address	Via pre-launch signup form on tangency.ai
Communications	Content of messages, requests, or feedback you send to us	Via email or contact forms

2.2 Information Collected Automatically

Category	Data Elements	Source
Usage Data	Pages visited, features accessed, navigation paths, session duration	Plausible Analytics (cookieless)
Device & Browser Information	IP address, user agent string, browser type, operating system, referring URL, device type	Standard HTTP request headers; Cloudflare infrastructure
Aggregate Analytics	Anonymized and aggregated traffic statistics, geographic region (country/city level), performance metrics	Plausible Analytics; Cloudflare

Note on privacy-first analytics. We use Plausible Analytics, which is cookieless and does not track users across sites or build individual profiles. Cloudflare is used as our edge / CDN provider; aggregate data is not linked to your account or used for advertising.

2.3 Information We Do Not Collect

We do not currently collect:

Financial account credentials, brokerage logins, or portfolio data;
Social Insurance Numbers, Social Security Numbers, or government identifiers;
Payment card data or banking account information (no payment processing is currently implemented);
Sensitive personal data as defined under GDPR Article 9 (health, biometric, racial/ethnic origin, political opinions, etc.);
Precise geolocation data.

We will update this Privacy Policy before implementing any payment processing or additional data collection.

3. How We Use Your Information

We use the information we collect for the following purposes:

To provide and operate the Service — authenticate your account, deliver platform features, and respond to your requests;
To manage the waitlist and send pre-launch communications — confirm signup, send launch notifications and onboarding emails;
To send transactional emails — account verification, password reset, billing notifications, and service announcements;
To improve and secure the Service — debug errors, monitor performance, prevent fraud and abuse;
To comply with legal obligations — respond to lawful requests, enforce our Terms of Service, and protect our legal rights.

4. Legal Basis (GDPR / PIPEDA)

Purpose	Legal Basis (GDPR)	Authority (PIPEDA / BC PIPA)
Operating the Service	Performance of a contract (Art. 6(1)(b))	Implied consent through use of Service
Waitlist communications	Consent (Art. 6(1)(a))	Express opt-in consent
Transactional emails	Performance of a contract (Art. 6(1)(b))	Implied consent — necessary to fulfil the service
Service security & analytics	Legitimate interests (Art. 6(1)(f))	Reasonable purpose under PIPEDA Principle 4.3
Legal compliance	Legal obligation (Art. 6(1)(c))	Required by law

5. How We Disclose Your Information

We do not sell your personal information. We disclose information only in the following circumstances:

Service Providers / Processors. We share information with vendors that help us operate the Service (see Section 6). These vendors are contractually bound to use the information only for the purposes we specify.
Legal Compliance. We may disclose information if required by law, court order, or lawful request from a government or law-enforcement authority.
Protection of Rights. We may disclose information to protect the rights, property, or safety of Tangency, our users, or the public.
Business Transfers. If Tangency is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify users in advance where required by law.
With Your Consent. Any other disclosure will occur only with your express consent.

6. Third-Party Service Providers

We use the following service providers (sub-processors) to operate the Service:

Provider	Purpose	Data Shared	Location
Clerk	Authentication, account management	Email, name, login metadata	United States
Cloudflare	Edge / CDN, hosting, DDoS protection	IP address, request metadata	Global edge network
Resend	Transactional and waitlist emails	Email address, message content	United States
Plausible Analytics	Cookieless usage analytics	Page views, anonymized aggregate metrics	European Union

This list will be updated as our infrastructure changes. We choose providers that maintain appropriate technical and organizational security measures and that publish their own privacy commitments.

7. Cookies and Tracking

Tangency uses a minimal set of cookies and similar technologies:

Essential cookies — required for authentication and session management (set by Clerk). These cannot be disabled without impairing core functionality.
Analytics — Plausible Analytics is cookieless and does not place tracking cookies on your device.
Cloudflare security cookies — used for bot mitigation and rate limiting; required for Service availability.

We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking technologies.

Do Not Track

Because we do not engage in cross-site tracking and do not respond to behavioural-advertising networks, we do not currently react differently to "Do Not Track" or Global Privacy Control (GPC) signals. Your privacy is preserved regardless of these settings.

8. Data Retention

We retain personal information only as long as is necessary for the purposes described in this Privacy Policy or as required by law. Specific retention periods:

Data Type	Retention Period
Active account data (name, email, login history)	For the duration of your account, plus 24 months after closure for legal/audit purposes
Waitlist email (if no account is created)	Until you unsubscribe, or 36 months from signup if no engagement
Email communication logs	24 months
Aggregated/anonymized analytics	Indefinitely (cannot be linked to you)
Backup copies	Up to 90 days after deletion from primary storage

You may request earlier deletion at any time by emailing support@tangency.ai, subject to applicable legal-retention obligations.

9. Data Security and Breach Notification

9.1 Security Measures. We use commercially reasonable technical and organizational measures to protect your information, including: encryption in transit (TLS 1.2+), encryption at rest, access controls, secret-rotation procedures, and reputable third-party processors with their own security certifications.

9.2 No Guarantee. No method of transmission or storage is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security.

9.3 Breach Notification. In the event of a breach of security safeguards involving your personal information, we will notify affected users and applicable regulators in accordance with the requirements of:

PIPEDA (Canada) — notification to the Office of the Privacy Commissioner of Canada and affected individuals "as soon as feasible" where there is a real risk of significant harm;
BC PIPA (British Columbia) — corresponding notification obligations to the BC Information and Privacy Commissioner;
GDPR (EEA/UK) — notification to the supervisory authority within 72 hours of awareness;
U.S. state breach laws (including CCPA/CPRA) where applicable.

10. International Data Transfers

Tangency is operated from Canada, and several of our service providers (notably Clerk, Resend, and Cloudflare) process data in the United States. By using the Service, you acknowledge that your information may be transferred to and processed in countries other than your own, including the United States and the EEA.

Where required, we rely on legally recognized transfer mechanisms — including the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum — to provide appropriate safeguards for cross-border transfers.

11. Children's Privacy

The Service is intended only for users aged 18 and older. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected information from a person under 18, we will delete that information promptly. If you believe we may have inadvertently collected information from a minor, contact support@tangency.ai.

12. Canadian Privacy Rights (PIPEDA / BC PIPA)

If you are a resident of Canada, your personal information is processed in accordance with the federal Personal Information Protection and Electronic Documents Act ("PIPEDA") and, for British Columbia residents, the BC Personal Information Protection Act ("BC PIPA").

12.1 Your rights under PIPEDA / BC PIPA

Right of access. You may request access to the personal information we hold about you and information about how it has been used and disclosed.
Right of correction. You may request correction of inaccurate or incomplete personal information.
Right to withdraw consent. You may withdraw your consent to our collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may affect our ability to provide the Service.
Right to challenge compliance. You may file a complaint with our designated privacy contact at support@tangency.ai. If we cannot resolve your concern, you may escalate to:
- The Office of the Privacy Commissioner of Canada (federal), or
- The Office of the Information and Privacy Commissioner for British Columbia (BC residents).

12.2 How to exercise your rights

Email us at support@tangency.ai with the subject line "Privacy Request." We will verify your identity and respond within 30 days. There is no fee for routine requests; minimal fees may apply for excessive or repetitive requests, with notice in advance.

13. European Privacy Rights (GDPR / UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the EU General Data Protection Regulation, the UK GDPR, and equivalent laws:

Access — confirm whether we process your personal data and obtain a copy;
Rectification — correct inaccurate or incomplete data;
Erasure — request deletion of your data, subject to legal-retention requirements;
Restriction — restrict processing in certain circumstances;
Portability — receive your data in a structured, machine-readable format;
Objection — object to processing based on legitimate interests or for direct marketing;
Withdraw consent — where processing is based on consent;
Lodge a complaint — with your local supervisory authority.

To exercise these rights, contact support@tangency.ai.

14. California Privacy Rights (CCPA/CPRA)

If you are a resident of California, the California Consumer Privacy Act and California Privacy Rights Act provide you with the following rights:

Right to Know — what personal information we collect, use, and disclose;
Right to Delete — request deletion of personal information;
Right to Correct — correct inaccurate personal information;
Right to Opt-Out of Sale or Sharing — Tangency does not sell or share personal information for cross-context behavioral advertising;
Right to Limit Use of Sensitive Information — Tangency does not collect sensitive personal information beyond email and account credentials;
Right to Non-Discrimination — we will not discriminate against you for exercising any of these rights.

To exercise these rights, email support@tangency.ai with subject "California Privacy Request." We may verify your identity before processing your request.

15. Email Communications and Anti-Spam

Tangency complies with Canada's Anti-Spam Legislation (CASL), the U.S. CAN-SPAM Act, and equivalent anti-spam laws. We send email only to recipients who have provided consent (express, through the waitlist or signup) or where consent is implied (e.g., transactional emails relating to your account).

Every commercial email we send identifies Tangency and provides a working unsubscribe mechanism.
Unsubscribe requests are honoured within 10 business days, as required by CASL.
Transactional emails (account verification, security notices, billing) are not subject to unsubscribe and may continue while your account is active.

16. Links to Third-Party Websites

The Service may contain links to third-party websites (including X / Twitter, GitHub, payment processors, and others). This Privacy Policy does not apply to those websites. Please review their privacy policies before providing any personal information.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting a notice on the Platform, sending an email to your account address, or updating the "Last Updated" date above. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

18. Contact Us

For privacy questions, requests, or complaints:

Tangency
Website: tangency.ai
Privacy Contact: support@tangency.ai
Subject Line: "Privacy Request"

For external escalation, see Section 12.1 (Canadian residents) or Section 13 (EEA/UK residents).