Effective 2026-04-22.5

Privacy Policy

FRACTIQ.AI (“we,” “us,” or “our”), operating from the Kingdom of Saudi Arabia, respects your privacy and handles personal data in accordance with the Saudi Personal Data Protection Law (PDPL) and its implementing regulations. This Policy explains what we collect, why, and the rights you have.

1. Summary

We collect only what we need to run your account and the Service.
Third-party API keys you save are stored in encrypted form and used only to fulfil your own analysis requests.
We never sell or rent personal data.
You can request access, correction, deletion, or export by emailing hello@fractiq.ai.

2. Data We Collect

2.1 Data you provide directly

Account data — email, optional name, and a password if you use email/password sign-in. Passwords are stored in hashed form and are never readable by us in plaintext.
Beta access requests — email, optional name, optional note you submit via the waitlist or an invitation link.
Analysis inputs — ticker symbols, chart screenshots, and timeframes you submit. The structured response is attached to your account.
Commitments and watchlist entries — items you choose to save.
Feedback — anything you send through the in-app feedback form.

2.2 Data collected automatically

Authentication data — session cookies (HTTP-only, signed); IP address and user agent for login attempts, used for rate-limiting and fraud prevention.
Security logs — failed login attempts, administrative actions, and password resets, retained for audit.
Operational telemetry — request paths, response status codes, and error traces, used for reliability. Not used for marketing.
Product analytics (opt-in only) — if you explicitly consent via the cookie banner, we use Microsoft Clarityto collect anonymised usage metrics, clickmaps, and session replays. Clarity automatically masks text input and personally identifying content. You can withdraw consent at any time from the cookie banner or Profile → Preferences, which stops further recording. Without your consent, Clarity is never loaded.

2.3 Data we store with special protections

Your AI provider API keys — stored in encrypted form. Keys are used in memory only while fulfilling an analysis request you initiate, sent directly to the upstream AI provider, and discarded. Plaintext keys are never logged, never shown to our staff, and never returned to your browser after you save them. You can view a masked hint, rotate, or delete your keys any time in Profile.
Two-factor authentication secrets — if you enable 2FA, the shared secret is stored in encrypted form. Backup recovery codes are stored only as hashes, and each is single-use.

2.4 Data we do NOT collect

Brokerage credentials, wallet addresses, or trade execution data.
Tracking pixels or third-party fingerprinting scripts.
The plaintext of any API key after you save it. Staff can see only a short masked hint for support purposes.

3. How We Use Your Data

We process personal data only on the following legal bases:

To perform our contract with you — run your account, authenticate logins, route analyses to your chosen provider, and persist the results you save.
Legitimate interests — abuse prevention, service reliability, and product analytics at an aggregate level.
Consent — optional product-update emails, where offered. You can withdraw consent at any time from Profile or by emailing us.
Legal obligation — responding to lawful orders from Saudi authorities or other competent jurisdictions.

4. Third Parties

We use a small number of reputable sub-processors for hosting, database, rate-limiting, DNS, and transactional email. Each is contractually required to handle personal data consistently with this Policy. A current list is available on request to hello@fractiq.ai.

AI analysis calls are fulfilled by the third-party AI provider whose API key you supply. Your prompt, ticker, and chart image are sent to that provider on your behalf. Use of each provider is governed by that provider’s own terms and privacy policy.

5. Data Retention

We retain personal data for as long as your account is active and thereafter only for what is needed to comply with legal obligations, resolve disputes, and enforce our agreements. Security and audit logs are retained for the period we consider necessary to detect and investigate abuse. Data tied to your account is deleted on a reasonable schedule after you request deletion, subject to retention obligations imposed by law.

6. Your Rights Under PDPL

As a data subject, you have the right to:

Be informed of how your data is collected and used (this policy).
Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your personal data, subject to our legal and regulatory obligations.
Request a portable copy of your data in a commonly-used electronic format.
Object to, or request restriction of, specific processing activities.
Withdraw consent where processing is based on consent.

To exercise any of these rights, email hello@fractiq.ai. We will respond within the period required by applicable law. If you believe we have mishandled your data, you may lodge a complaint with the Saudi Data & AI Authority (SDAIA).

7. Security

We apply industry-standard technical and organisational measures to protect your data, including encryption in transit and at rest for sensitive material, authenticated sessions, role-gated administrative access, and rate-limited sensitive endpoints. No security program is perfect — if you discover a vulnerability, report it in confidence to hello@fractiq.ai and we will acknowledge promptly.

8. Cookies

We use the following cookie categories:

Strictly necessary — session and CSRF cookies. Cannot be turned off without breaking sign-in.
Preferences — language and theme stored locally in your browser (not technically a cookie).
Analytics (opt-in) — Microsoft Clarity uses first-party cookies to tie anonymised session-replay sessions together. Only set if you explicitly accept analytics via the cookie banner. No marketing cookies are used.

9. Referral Invitations

If you invite someone using your personal referral link, we record the email address the invitee enters and the fact that they used your link so that we can grant them access. We also record the invitee’s IP address and browser user-agent at the moment of redemption, strictly for abuse prevention; these short-lived fields are cleared on a rolling basis once the initial anti-abuse window has passed. You see only a partially-redacted form of each invitee’s email (for example, a***@example.com) in your Profile. Invitees are not automatically added to any marketing list.

10. Cross-Border Transfers

To run the Service we rely on a small number of sub-processors for application hosting, managed database, rate-limiting, transactional email, and content delivery. At present the majority of our infrastructure is hosted outside the Kingdom of Saudi Arabia, primarily in the United States and the European Union. In addition, any AI inference call you initiate with your own provider API key is routed directly to the relevant AI provider — these providers may process your request in the United States or another jurisdiction of their choosing.

We transfer personal data across borders on one or more of the following PDPL Article 29–32 bases, as applicable:

Your consent to these cross-border transfers, given by accepting this Privacy Policy on signup;
Necessity for performing our contract with you (running your account);
Contractual safeguards with each sub-processor that oblige them to handle personal data consistently with PDPL standards.

If you do not wish your data to be transferred outside the Kingdom, please do not use the Service. You may request the current list of sub-processors at hello@fractiq.ai.

11. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has submitted data, email us and we will delete it.

12. Changes to This Policy

If we materially change this Policy, we will announce the change via in-app notice or email. The current version is always available at /privacy.

13. Contact

Privacy requests and data subject rights: hello@fractiq.ai
General and legal: support@fractiq.ai