Privacy Policy

Welcome to ChartLense. Your privacy is a top priority for us. This Privacy Policy explains what information we collect, how we use and protect it, and your rights regarding your data. Our practices are designed to comply with the Google Chrome Web Store User Data Policy, including the Limited Use requirements, as well as the General Data Protection Regulation (GDPR).

ChartLense has a single purpose: to provide you with **AI-powered visual analysis of trading charts**. All the data we collect and process is strictly necessary to fulfill this core function.

a. Screenshot Data

When you use our extension, you will capture a screenshot of a trading chart. This screenshot is the primary piece of data we process. We use this screenshot exclusively to provide you with the AI analysis you requested.

b. Account and Usage Information

• **Account Information:** When you create an account using Google Firebase Authentication, we collect your email address for authentication and communication purposes.
• **Payment Information:** If you subscribe to a paid plan, our payment processor, Stripe, will collect and process your payment information. We do not store your full credit card details.
• **Usage Data:** We collect data about your interactions with our service, such as the number of analyses you perform, to manage your quota and improve our service.

c. Technical and Interaction Data

Active Tab URL: To ensure our service works correctly, the extension checks the URL of your active tab to verify that you are on a supported charting website. We do not store or track your browsing history across different sites.

User Interaction: We process your click on the "Analyze" button to initiate the chart analysis. We do not monitor other user activities like mouse movements or keyboard input.

To provide our service, we need to share your screenshot data with a few trusted third-party service providers. We have carefully vetted these providers to ensure they meet our strict privacy and security standards.

• **Cloudflare, Inc.:** We use Cloudflare as a secure proxy to process and route your requests. Your screenshot data passes through Cloudflare's network on its way to the AI provider.
• **OpenAI and Google:** We send your screenshot to our AI providers, OpenAI and Google, who perform the visual analysis. They process the image and return the analysis to us.
• **Stripe, Inc.:** We use Stripe for payment processing and subscription management.
• **Google Firebase:** We use Firebase Authentication for secure account creation and management. This service securely handles your login credentials.

We do not sell, rent, or share your personal information with any other third parties for their own marketing purposes.

a. Data Retention

We do not permanently store your screenshots. They are deleted immediately after the analysis is complete. Our third-party providers have their own data retention policies for abuse and misuse monitoring:

• Our AI providers, OpenAI and Google, retain screenshot data for abuse and misuse monitoring for a maximum of 30 days (OpenAI) and 55 days (Google), after which it is deleted.
• Your account information and usage data are retained for as long as your account is active and for a maximum of 36 months after your last activity to comply with legal obligations.

b. Human Access to Data

We have a strict policy prohibiting human access to your data. The only exceptions are:

• When it is necessary for security purposes, such as investigating abuse.
• To comply with applicable laws.
• When you give us your explicit consent to access your data to resolve a technical issue.

The use and transfer to any other app of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Under the GDPR, you have the following rights:

• Right to access your personal data
• Right to rectification of incorrect data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

To exercise any of these rights, please contact us at privacy@chartlense.com. We will respond to your request within 30 days.

We are committed to protecting your data. We use commercially acceptable means to protect your personal data against unauthorized access or alteration, including:

• Encryption of all data in transit using SSL/TLS.
• Secure storage of your account information.
• Regular security assessments of our systems.
• Strict access controls and authentication measures.

We may update our privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date at the top.

If you have any questions or concerns about your privacy, you can contact our Data Protection Officer at dpo@chartlense.com.

The data controller responsible for the processing of your personal data is:
Kolmira UG (haftungsbeschränkt)
Scanbox #17325
Ehrenbergstr. 16a
10245 Berlin
Germany