LEGAL

Privacy Policy

Last updated: April 8, 2026

Summary

InFactLive ("we," "us," or "our") operates the website at infactlive.com. We respect your privacy and try to collect as little personal information as possible. The short version:

We collect your email address when you create an account, plus standard web traffic data (IP address, browser type) when you visit the site.
We use this information to operate the service, authenticate you, and (if you opt in) send you notifications.
We do not sell your personal data to anyone.
We do not show advertising on InFactLive.
You can request deletion of your account and personal data at any time by emailing us.

The rest of this document explains the details.

Information we collect

Information you provide

When you create an InFactLive account, we collect:

Email address — used as your account identifier and for verification, password reset, and (if you opt in) service notifications.
Password — stored only as a salted hash by Amazon Web Services Cognito, our authentication provider. We never see, store, or have access to your plaintext password.
Profile information from third-party sign-in — if you sign in with Google, we receive your email address and (optionally) your name and profile picture from Google. We do not request or receive any other information from your Google account.

Information collected automatically

When you visit InFactLive, we and our infrastructure providers automatically collect:

IP address — used for rate limiting, abuse prevention, and aggregate traffic analysis.
Browser and device information — user agent, screen size, and similar details, used to ensure the site renders correctly.
Usage data — pages viewed, features used, errors encountered. We use this to understand which features matter and to debug problems.

Local storage

InFactLive uses your browser's local storage (not traditional cookies) to keep you signed in and to cache certain data for performance. Specifically:

Authentication tokens — issued by Amazon Cognito after you sign in. These let you stay signed in across browser sessions for up to 30 days.
Cached ticker search index — improves search performance on return visits.

You can clear this data at any time through your browser's settings. Doing so will sign you out and require you to sign in again on your next visit.

How we use your information

We use the information we collect to:

Provide, maintain, and improve InFactLive
Authenticate you and keep your account secure
Send you account-related emails (verification codes, password resets, security notifications)
Communicate with you about service updates or changes you've opted into
Detect and prevent abuse, fraud, and unauthorized access
Comply with legal obligations
Analyze aggregate usage to improve features and performance

Information we do not collect

For clarity, we want to explicitly state what we do not collect:

We do not collect your real name, address, phone number, date of birth, or any other identifying information beyond your email.
We do not collect financial information. We do not have payment processing yet. When we add paid subscriptions, payment will be handled entirely by a third-party processor (such as Stripe), and we will never see or store your credit card numbers, bank account numbers, or other payment credentials.
We do not track you across other websites.
We do not use behavioral advertising technologies.
We do not knowingly collect information about your trading activity, brokerage accounts, or holdings outside of public SEC filings.

How we share information

We do not sell, rent, or trade your personal information. We share information only in these limited circumstances:

Service providers

We use third-party services to operate InFactLive. These providers process data on our behalf and are contractually obligated to protect it:

Amazon Web Services — hosting, databases, content delivery, and authentication (via AWS Cognito). AWS processes the personal information you provide as part of operating the service.
Google — if you choose to sign in with Google, your authentication is processed by Google according to their privacy policy.

Legal requirements

We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

If InFactLive is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and a prominent notice on this site before any such transfer.

Data sources

The financial data displayed on InFactLive — insider trades, institutional holdings, stock prices — is sourced from publicly available filings and feeds, primarily the U.S. Securities and Exchange Commission's EDGAR system. This data is not personal information about you and is not subject to this privacy policy. It is public information that any member of the public can access directly from the SEC.

Data retention

We retain your account information for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal, accounting, or fraud-prevention purposes.

Aggregate, anonymized usage data may be retained indefinitely.

Your rights

You have the following rights regarding your personal information:

Access — request a copy of the personal information we hold about you
Correction — ask us to correct inaccurate information
Deletion — request deletion of your account and associated personal data
Export — receive your data in a portable format
Withdrawal of consent — opt out of any communications you previously opted into

To exercise any of these rights, email us at patrick@infactlive.com. We will respond within 30 days.

California residents: Under the California Consumer Privacy Act (CCPA), you have additional rights including the right to know what personal information we collect, the right to request deletion, and the right to non-discrimination for exercising your rights. We do not sell personal information, so opt-out-of-sale rights do not apply.

European users: Under the GDPR, you have the right to lodge a complaint with your local data protection authority if you believe we have not handled your information appropriately. Our legal basis for processing your information is your consent (when you create an account) and our legitimate interests in operating the service.

Security

We take reasonable measures to protect your information:

All traffic to InFactLive is encrypted using HTTPS
Passwords are hashed and salted by AWS Cognito using industry-standard algorithms
Authentication uses the Secure Remote Password (SRP) protocol — your password is never transmitted to our servers in plaintext
Our infrastructure is hosted on AWS and benefits from their security practices, including AWS Shield for DDoS protection
API endpoints are rate-limited and protected by origin verification

That said, no system is perfectly secure. If you become aware of a security issue affecting InFactLive, please email us at patrick@infactlive.com immediately.

Children's privacy

InFactLive is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are a parent and believe your child has provided us with personal information, please contact us and we will delete it.

Changes to this policy

We may update this privacy policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify you by email or via a prominent notice on the site. Continued use of InFactLive after changes take effect constitutes acceptance of the updated policy.

Contact

If you have any questions about this privacy policy or our practices, please contact us at:

Email: patrick@infactlive.com
Operator: InFactLive
Location: Burlington, North Carolina, USA