Privacy Policy

Version 1.4 · Effective July 4, 2026 · Operated by VisAI Group LLC

This Privacy Policy describes what data MarketIntel collects, why, how long we keep it, who we share it with, and how you can access or delete it. Plain English where possible; legal precision where required.

1. The Short Version

MarketIntel is designed to work without a user account. By default we identify you only by a pseudonymous device identifier generated on first launch — a random ID that lets us recognize your device across sessions but that is not, by itself, tied to your real-world identity. We do not require your name, email, phone number, or government ID.

A note on "pseudonymous" vs "anonymous": because a device identifier can be linked to the data you generate in the app (your watchlist, your usage), privacy law generally treats it as "pseudonymous" rather than truly "anonymous." We use the more accurate term "pseudonymous" throughout this Policy.

We collect the minimum data needed to make the product useful (the markets you bookmark, your subscription tier, your support tickets) and a small amount of anonymous product-usage telemetry (which screens you viewed, which markets you tapped) so we can improve the app.

We do NOT sell your data. We do NOT show ads. We do NOT track you across other apps or websites.

If any of this changes materially, we will update this Privacy Policy and bump the version number shown at the bottom.

2. Who We Are

MarketIntel is operated by VisAI Group LLC, a Wyoming limited liability company. For privacy questions, contact support@visaigroup.com.

For purposes of this Privacy Policy, VisAI Group LLC is the "data controller" of any personal data processed within MarketIntel.

3. What We Collect

We collect three categories of data:

(a) Default — collected from every user, used to operate the Service:

  • A randomly-generated pseudonymous device identifier (e.g. "device_1779685394919_d19wb5us7"). This is not your Apple ID, Google ID, IDFA, or any cross-app identifier. It is pseudonymous rather than anonymous because it can be linked to the other data you generate in the app.
  • Your subscription tier, billing period, and subscription usage counters (e.g. how many AI analyses you've used this month).
  • The markets you bookmark to your watchlist.
  • Your personal prediction "calls" (the "I think YES / NO" tracking feature) and their associated snapshots.
  • Pseudonymous product-interaction events (which screens you viewed, which markets you tapped, how long sessions lasted). These events are keyed to your device identifier only — no email, name, or other personal data.
  • Pseudonymous diagnostic data (crash reports, error stack traces, performance metrics), keyed only to a one-way hashed install identifier.

(b) Optional — collected only if you choose to use a feature that requires it:

  • If you create a "Recovery-Code Account" (an optional feature that lets you restore your watchlist and subscription on a new device): your email address, a chosen short nickname, and a one-way cryptographic hash of your recovery code. We never store the plaintext recovery code.
  • If you include an email in a Support ticket: that email address, used solely for follow-up.
  • If you enable push notifications: a push token issued by Apple or Google.
  • The full subject and body of any Support ticket you submit.

(c) Inferred — derived from the above to make the app useful:

  • A category-affinity profile derived from which markets you bookmark and tap (e.g. "interested in Crypto and Politics") — used solely to personalize the "For You" rail. Stored only on our servers, not shared with third parties.

What we do NOT collect:

  • Your name, postal address, phone number, government ID, or date of birth.
  • Precise or coarse geolocation.
  • Your contacts, photo library, microphone audio, or camera feed.
  • Your browsing history outside MarketIntel.
  • Any data from other apps on your device.
  • Any financial data — Apple In-App Purchase handles all subscription payments; we never see your payment card.

4. How We Use Your Data

We use the data described above to:

  • Operate the product (show you the markets you bookmarked, count your AI analyses against your subscription's monthly cap, render your "For You" rail, etc.).
  • Diagnose and fix bugs (pseudonymous crash reports and error logs).
  • Improve the product (pseudonymous product-usage analytics tell us which features matter to users so we can prioritize accordingly).
  • Respond to your support tickets.
  • Send transactional emails IF you have opted into a feature that requires it (e.g. account recovery, push-token registration).
  • Comply with legal obligations, enforce our Terms, and protect against fraud or abuse.

We do NOT use your data to:

  • Advertise to you inside or outside MarketIntel.
  • Sell, lease, or trade to data brokers, marketers, or any third party.
  • Train large-language models (your support-ticket text is read only by humans on our team; nothing is bulk-uploaded to OpenAI, Anthropic, or Google for training).
  • Build a cross-app advertising profile.

5. Service Providers We Share Data With

To operate MarketIntel we route certain data through a small set of third-party service providers. Each is bound by their own privacy policy and the data-processing agreement we have on file.

  • OpenAI, Anthropic, and Google ("Google" here means Google's Gemini models) — the large-language-model providers that power the AI Event Analyst, the Expert engine, and the Multi-Model Consensus ensemble. When you request an AI analysis, our servers send these providers ONLY (i) the text of your question or the public metadata of the market you selected (title, category, prices, volume, end date) and (ii) related public news headlines. We do NOT send your device identifier, email, nickname, IP address, watchlist, subscription data, or any other account data — the request originates from our servers, so the providers see our infrastructure, not you. Outputs are generated in real time by a fully automated ensemble with no human review. Each provider operates under enterprise API terms that prohibit using API inputs or outputs to train or fine-tune their models without our explicit opt-in (which we have not given), and each applies a limited abuse-monitoring retention window (typically up to 30 days) after which inputs are deleted. All three providers process this data on infrastructure located in the United States.
  • Sentry — receives pseudonymized crash reports and error stack traces, keyed only by a one-way hashed install identifier, with no session-replay and personally-identifying-data scrubbing enabled.
  • PostHog — receives pseudonymized in-product analytics events (which screens you viewed, which taps you made), keyed by your pseudonymous device identifier only. We have disabled client-IP collection (GeoIP off) and do NOT enable session-replay recording, so no video of your screen is ever captured.
  • Apple In-App Purchase — processes all subscription payments. We never see your payment card number, name, address, or any other Apple ID data.
  • Emergent (our deployment-platform provider) — auto-provisions and operates the managed database that stores all the data described in §3 in encrypted-at-rest form. The database runs on MongoDB Atlas, and this data is processed and stored in the United States and India. We do not operate this database directly; access to it is restricted to authorized Emergent personnel under MFA-gated, least-privilege controls.
  • TheSportsDB — provides the sports schedules and scores you see in the Sports tab. We send only a league code (e.g. "NBA"); we do NOT send any user-identifying data to TheSportsDB.

We do NOT sell your data to any party. We will only disclose data to a third party that is NOT on this list if: (a) we are legally compelled to do so (subpoena, court order); (b) you explicitly ask us to (e.g. as part of a support escalation); (c) a future business combination occurs (acquisition or merger), in which case we will notify you in-app before any transfer.

6. How Long We Keep Your Data

We keep your data only as long as it is useful for the purposes stated above:

  • Your account, watchlist, calls, and subscription data: as long as your device identifier remains active, plus twenty-four (24) months after your last app activity, after which it is purged automatically.
  • Anonymous analytics events: 90 days from collection (a TTL index on the database collection enforces this automatically).
  • AI matching logs (used to improve question-to-market resolution): 90 days from collection (TTL-enforced).
  • Support tickets: 24 months from creation, or longer if there is an ongoing legal matter.
  • Crash reports: 30 days in Sentry, then automatically purged by Sentry.
  • Backups: encrypted point-in-time snapshots are kept for up to 30 days for disaster-recovery purposes.

You can request earlier deletion at any time by following §8 below.

7. Your Rights

Regardless of where you live, you have the following rights with respect to your data:

  • The right to know what we have collected about you (see §3 above for the comprehensive list).
  • The right to access a copy of your data in a portable format.
  • The right to request correction of any inaccurate data.
  • The right to request deletion of your data ("right to be forgotten").
  • The right to opt out of any optional data collection (e.g. revoke email, disable push notifications, opt out of analytics).
  • The right to lodge a complaint with your local data-protection authority if you believe we have mishandled your data.

Region-specific notices. Additional jurisdiction-specific rights and disclosures appear below and control to the extent they differ from this section: California (§11), Canada (§12), Australia (§13), and India (§14). How we transfer data internationally is described in §15.

For California residents: California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA") additional rights are described in §11 below.

For European Economic Area and United Kingdom residents: the General Data Protection Regulation ("GDPR") and UK GDPR provide you with the rights described above, plus the right to data portability and the right to restrict processing. The lawful basis we rely on is "legitimate interest" (for product operation and analytics) and "consent" (for optional features like Recovery-Code accounts and push notifications).

8. How to Delete Your Data

You can delete your data yourself, instantly, from inside the app: go to Settings → Account → "Delete My Data" (the "Danger Zone"). To prevent accidental deletion, you must type the word DELETE to confirm. This permanently and immediately removes your device record, watchlist, prediction calls, subscription record, notification preferences, and any Recovery-Code Account, and cannot be undone.

Alternatively, you may email support@visaigroup.com from the email address you used to create your Recovery-Code Account (if any), OR include your device identifier in the message (visible in Settings → Account in-app), and we will permanently delete your data within thirty (30) days of receipt.

Note: Some data may persist in encrypted backups for up to thirty (30) additional days as the rolling backup window expires. Backup copies are never accessed except in a verified disaster-recovery scenario.

Note: If you delete your data while on a paid subscription, the subscription's auto-renewal continues until you separately cancel it from iOS Settings → [your Apple ID] → Subscriptions → MarketIntel.

9. How We Protect Your Data

We use industry-standard safeguards proportionate to the sensitivity of the data:

  • All data in transit between your device and our servers is encrypted via HTTPS / TLS 1.3.
  • All data at rest in our database is encrypted via the database provider's managed AES-256 encryption.
  • Recovery-code plaintext is NEVER stored — only a one-way cryptographic hash. Even VisAI Group LLC engineers cannot recover your plaintext code if you lose it.
  • Access to production data is limited to authorized personnel with a documented operational need, secured behind multi-factor authentication; the production database is operated by our hosting provider (Emergent) under MFA-gated, least-privilege access controls.
  • We log all production-data access and review logs periodically for anomalies.
  • Sub-processors (OpenAI, Anthropic, Google, Sentry, PostHog, Emergent, MongoDB Atlas, Apple, TheSportsDB) are bound by their own enterprise-grade security commitments.

No security model is perfect. If we ever experience a data incident that affects you, we will notify you in-app and, where you have provided one, via email, within the timeframes required by applicable law (typically 72 hours from confirmation).

10. Children

MarketIntel is intended for adult users. You must be at least 18 years old to use the Service, and certain prediction-market and probability features require you to be at least 21 years old, reflecting their financial-and-event-outcome subject matter (see Terms §4). We do not knowingly collect personal data from children under the age of 13. If you believe a child has provided us data, please email support@visaigroup.com and we will delete it promptly.

11. Notice to California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act grant you the following additional rights:

(a) Right to Know — request a copy of the specific categories and pieces of personal information we have collected about you, the categories of sources, the business purpose, and the categories of third parties with whom we share it. The answer to all three is in §3, §4, and §5 above.

(b) Right to Delete — request deletion of your personal information; see §8.

(c) Right to Correct — request correction of inaccurate personal information.

(d) Right to Opt Out of Sale or Sharing — we do not "sell" personal information as that term is defined under the CCPA, and we do not "share" it for cross-context behavioral advertising. There is no opt-out toggle because we don't engage in those activities to begin with.

(e) Right to Limit Use of Sensitive Personal Information — we do not collect sensitive personal information as defined under the CCPA.

(f) Right to Non-Discrimination — we will not deny service, charge different prices, or provide a lower-quality product because you exercise any of the above rights.

To exercise any of these rights, email support@visaigroup.com with the subject line "CCPA Request" and a verifiable description of your data (such as the device identifier visible in Settings → Account, or the email used for a Recovery-Code Account). We will respond within 45 days.

12. Notice to Canadian Residents (PIPEDA)

If you are located in Canada, we handle your personal information in accordance with the Personal Information Protection and Electronic Documents Act ("PIPEDA") and applicable provincial privacy laws.

(a) Consent — We collect, use, and disclose your personal information only for the purposes described in this Policy. For our default, product-operation processing we rely on your implied consent through your continued use of the Service; for optional features (such as a Recovery-Code Account or push notifications) we rely on your express consent, which you may withdraw at any time.

(b) Access and correction — You may request access to the personal information we hold about you and request correction of inaccuracies. See §7 and §8.

(c) Purpose limitation — We limit collection to what a reasonable person would consider appropriate in the circumstances, and we do not use your information for purposes beyond those disclosed here without your consent.

(d) Cross-border storage — Your information is stored on servers in the United States and India (see §15). By using the Service you acknowledge that your information may be processed outside Canada and may be accessible to authorities in those countries under applicable law.

(e) Complaints — You may direct a complaint to us at support@visaigroup.com, and you have the right to escalate to the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca.

13. Notice to Australian Residents (Privacy Act 1988 / APPs)

If you are located in Australia, we handle your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs").

(a) Collection (APP 3/5) — We collect only the personal information described in §3, and only by lawful and fair means, directly from you or from your use of the Service. This Policy serves as our APP 5 collection notice.

(b) Use and disclosure (APP 6) — We use and disclose your personal information only for the purposes described in §4 and §5, or for a directly related secondary purpose you would reasonably expect.

(c) No direct marketing (APP 7) — We do not use your personal information for direct marketing and we do not sell it.

(d) Cross-border disclosure (APP 8) — Your personal information is stored and processed in the United States and India, and may be handled by the sub-processors listed in §5, which are located in the United States and India. See §15.

(e) Access, correction, and complaints (APP 12/13) — You may request access to and correction of your personal information (see §7–§8). You may lodge a complaint with us at support@visaigroup.com; if unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

14. Notice to Residents of India (DPDP Act 2023)

If you are located in India, we process your personal data in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act").

(a) Role — For the purposes of the DPDP Act, VisAI Group LLC is the "Data Fiduciary" that determines the purpose and means of processing your personal data.

(b) Notice and consent — This Policy is our notice of the personal data we process and the purposes for which we process it. Where we rely on your consent (for optional features), that consent is free, specific, informed, and unconditional, and you may withdraw it as easily as you gave it.

(c) Your rights as a Data Principal — You have the right to access a summary of your personal data and processing, the right to correction and erasure, the right to grievance redressal, and the right to nominate another individual to exercise your rights in the event of death or incapacity.

(d) Grievance redressal — To exercise any right or raise a grievance, contact us at support@visaigroup.com. If your grievance is not resolved, you may approach the Data Protection Board of India.

(e) Cross-border processing — Your personal data is stored and processed in the United States and India (see §15). Where processing occurs outside India, we do so consistent with the DPDP Act's provisions on the transfer of personal data outside India.

15. International Data Transfers

VisAI Group LLC is based in the United States. The Service's servers and managed database (a MongoDB Atlas cluster provisioned and operated by our hosting provider Emergent) process and store data in the United States and India, and our other sub-processors (see §5) are located primarily in the United States. If you access the Service from outside these countries — including from the European Economic Area, the United Kingdom, Switzerland, Canada, or Australia — your personal data will be transferred to, stored in, and processed in the United States and India, where data-protection laws may differ from those in your jurisdiction.

Where such transfers are subject to the GDPR or UK GDPR, we rely on the European Commission's Standard Contractual Clauses ("SCCs") — and, for UK transfers, the UK International Data Transfer Addendum — incorporated into our agreements with the relevant sub-processors, together with supplementary technical measures (encryption in transit and at rest, access controls, and data minimization) as our transfer mechanism. For transfers from other jurisdictions, we rely on your informed consent and/or the contractual and security safeguards described in this Policy.

You may request a copy of the relevant transfer safeguards by emailing support@visaigroup.com.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Effective Date" and "Version" at the bottom of this document will be updated whenever it changes. We will surface a non-blocking in-app notice for any material change (such as adding a new sub-processor or a new category of data collection) before that change takes effect.

We will NOT silently expand the scope of data collection. If you do not agree with an update, you may stop using MarketIntel and request deletion of your data per §8.

17. Contact

Questions, requests, or complaints about this Privacy Policy: support@visaigroup.com.

For non-privacy support, use the in-app feedback button (the floating chat-bubble icon) or the Help & Glossary screen.

Effective Date: July 4, 2026. Version: 1.4.