Privacy Policy

Charlie is operated by Alexandre Lkhaoua, based in France. For any privacy-related request you can reach us at privacy@charliefinancialadvisor.com. We do not currently appoint a Data Protection Officer, the controller handles requests directly.

Account data: email address, hashed authentication credentials (Supabase Auth), and profile preferences (display language, base currency, timezone, response style).

Usage data: chat conversations with Charlie, news articles you opened or unlocked, search queries, navigation timestamps, and feature flags state.

Financial data: portfolio holdings, positions, valuations, bank-connection metadata when you link a bank account through our aggregation partner, and any data you manually enter.

Technical data: IP address, device or browser type and version, locale, crash and error reports, and rate-limit counters used to protect the service from abuse.

Cookies: a session cookie issued by Supabase Auth (required to keep you signed in), a locale cookie storing your language preference, and short-lived rate-limit cookies. We do not run advertising or cross-site tracking cookies.

Web analytics: aggregated, privacy-preserving metrics provided by Vercel Analytics and Vercel Speed Insights. These metrics do not include personal identifiers and are used to monitor performance and uptime.

We do not use third-party advertising trackers, fingerprinting libraries, or session-replay tools.

Identifier for Vendor (IDFV): a per-vendor identifier provided by iOS, used solely to scope local storage and detect app reinstalls. We do not request the Identifier for Advertisers (IDFA) and we do not track you across other apps.

Supabase iOS SDK: stores your authentication session in the iOS Keychain. The session token is the only credential persisted on the device.

Device metadata: iOS version, device model class, application version. Used for crash diagnostics and to determine API compatibility.

Push notifications (planned for a future version): if you opt in, we will store an Apple Push Notification token associated with your account. This is not active in the current release.

App Store data: when you download the app, Apple may share aggregated installation metadata with us through App Store Connect (territory, app version, crashes). This data is provided by Apple, not collected directly by Charlie.

We process personal data to: (a) provide and maintain the Charlie service, (b) authenticate users and protect against unauthorized access, (c) deliver personalized news and portfolio analysis, (d) respond to support requests, (e) bill and manage subscriptions through Stripe, (f) comply with legal obligations including audit logs of account deletion.

Performance of the contract: providing the service you signed up for, including authentication, news delivery, and chat features.

Legitimate interest: protecting the service from abuse, monitoring uptime, and improving the product through aggregated analytics.

Legal obligation: keeping account-deletion audit logs and billing records as required by French and European law.

Consent: optional features such as bank-account connection through Powens or future push notifications. You can withdraw consent at any time.

Active account: we retain your data while your account is active.

Account deletion: when you delete your account through the in-app flow, we erase your personal data immediately. We retain a minimal audit log (user identifier, email, deletion timestamp, summary counts) for five years to meet anti-fraud and legal obligations.

Billing records: invoices and subscription history are retained for ten years through Stripe, as required by French commercial law.

Chat history: retained for twelve months from the last interaction. Older messages are deleted automatically.

Under GDPR you have the right to: access your data, rectify inaccurate data, erase your data, restrict or object to processing, port your data to another service, withdraw consent for optional processing, and lodge a complaint with the French data-protection authority (CNIL, www.cnil.fr).

To exercise these rights, contact privacy@charliefinancialadvisor.com. We answer within 30 days. Most rights can be exercised directly inside the application: you can edit your profile, export your portfolio data, and delete your account from the profile screen.

Most of your data stays in the European Union. Supabase hosts our database and authentication backend in the Frankfurt region (eu-central-1).

Some of our subprocessors are based in the United States (Stripe, Anthropic, Apple, Vercel). These transfers are covered by Standard Contractual Clauses approved by the European Commission, and where applicable by the EU-US Data Privacy Framework.

We protect your data using industry-standard measures: TLS 1.2 or higher for all network traffic, encryption at rest for the database, JWT-based authentication with short-lived tokens, row-level security policies on every table, and least-privilege access controls.

No method of electronic storage is fully secure. We work to maintain reasonable safeguards but cannot guarantee absolute security.

We rely on the following processors to deliver Charlie:

Supabase (Ireland / Germany): authentication, database, storage.

Vercel (United States, EU edge): hosting and deployment.

Stripe (Ireland / United States): subscription billing and payment processing.

Anthropic (United States): the language model that powers the chat assistant. Conversations are processed transiently and are not used to train models.

Powens (France): bank-account aggregation, only if you choose to connect a bank.

Resend (United States): transactional emails (sign-in links, account notices).

MarketAux and Finnhub: news data providers. No personal data is shared.

Apple (United States, Ireland): App Store distribution and crash diagnostics for the iOS app.

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app at least 30 days before they take effect. The latest version is always available on this page, with the date of the last update at the top.

Privacy questions: privacy@charliefinancialadvisor.com.

General support: support@charliefinancialadvisor.com.

Postal mail can be requested through the email channel.