PRIVACY
Privacy Policy
VM Genius Privacy Policy
Effective Date: March 1, 2026
Last Updated: March 1, 2026
1. Introduction
VM Genius ("VM Genius," "we," "us," or "our"), operated by Hong Kong Vector Matrix Technology Limited (香港向量矩陣科技有限公司), a company incorporated under the laws of the Hong Kong Special Administrative Region of the People's Republic of China ("Hong Kong") with its registered office in Hong Kong, provides a web-based and mobile securities-analysis platform, including market dashboards, watchlists, AI-generated investment analysis, quantitative model tools, and related services (collectively, the "Services"), accessible at vmgenius.com and through our mobile applications.
This Privacy Policy describes the categories of personal information we collect, the purposes for which we process it, the parties with whom we disclose it, and the rights and choices available to you. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, your use of the Services or your express consent constitutes the lawful basis for the processing described herein.
This Privacy Policy is incorporated by reference into, and forms part of, our Terms of Service.
Important Notice — Not Investment Advice. The Services, including any AI-generated analysis, indicators, backtests, or quantitative outputs, are provided for informational purposes only and do not constitute investment, financial, legal, or tax advice, nor a solicitation or recommendation to buy, sell, or hold any security. This notice is provided for the avoidance of doubt and does not limit the privacy disclosures set out below.
2. Personal Information We Collect
We collect personal information from and about you in the following categories. The specific information collected depends on how you interact with the Services.
2.1 Information You Provide Directly
· Identifiers and account credentials. When you register for an account, authentication and identity management are performed through our third-party identity provider, Clerk. We and/or Clerk collect your name, email address, password or federated single sign-on (SSO) credentials, and a unique user identifier.
· Profile and preference data. Information you add to your profile, display preferences, and notification settings.
· User-generated content and inputs. Securities symbols you add to watchlists, parameters and queries you submit for AI analysis, custom quantitative strategy configurations, and any feedback, support requests, or other content you submit.
· Transaction and subscription data. Records relating to your subscription tier, credit balance and consumption, and entitlements. Payment card data, where applicable, is collected and processed directly by our third-party payment processor; we do not store full payment card numbers.
2.2 Information Collected Automatically
· Device and technical data. Device type, operating system and version, application version, mobile device identifiers, browser type, language settings, and crash and diagnostic data.
· Usage and network activity. Pages and features accessed, watchlist and analysis activity, session duration, interaction timestamps, referring URLs, and Internet Protocol (IP) address.
· Push notification tokens. Where you enable push notifications, we collect and store device push tokens necessary to deliver notifications through Apple Push Notification service and Firebase Cloud Messaging.
· Cookies and similar technologies. As described in Section 5.
2.3 Information from Third-Party Sources
· Identity and SSO providers. Where you authenticate via a federated provider (e.g., Google or other SSO), we receive your name, email address, and identifier from that provider in accordance with its terms.
· Market data providers. Securities and market data displayed in the Services is obtained from third-party data vendors; such data is not personal information about you.
2.4 Inferences
We may derive inferences from the foregoing data — such as inferred interests, feature usage patterns, and product preferences — to operate, personalize, and improve the Services.
We do not intentionally collect special categories of personal data (such as health, biometric, genetic, or precise geolocation data), and we request that you not submit such data through the Services.
3. How We Use Personal Information
We process personal information for the following purposes and, where the General Data Protection Regulation ("GDPR") or analogous law applies, on the legal bases indicated:
· Creating and administering your account; authenticating access — Performance of a contract
· Providing, maintaining, and operating the Services, including watchlists, AI analysis, and quantitative tools — Performance of a contract
· Processing subscriptions, credits, and entitlements — Performance of a contract
· Delivering push notifications you have enabled — Consent / performance of a contract
· Communicating with you regarding service-related and transactional matters — Performance of a contract / legitimate interests
· Sending marketing communications — Consent (where required) / legitimate interests
· Analyzing usage to improve, secure, and develop the Services — Legitimate interests
· Detecting, preventing, and addressing fraud, abuse, and security incidents — Legitimate interests / legal obligation
· Complying with legal obligations and enforcing our Terms of Service — Legal obligation / legitimate interests
We do not use your watchlist symbols, analysis queries, or inputs to make decisions producing legal or similarly significant effects through solely automated means.
4. How We Disclose Personal Information
We disclose personal information only as described below and do not sell personal information for monetary consideration.
· Service providers and processors. We engage third parties to perform functions on our behalf, including identity and authentication (Clerk), cloud hosting and database services, push-notification delivery (Apple, Google/Firebase), analytics, payment processing, and customer support. Such parties are authorized to process personal information only as necessary to provide their services and under contractual confidentiality and data-protection obligations.
· Corporate affiliates. We may share personal information with our subsidiaries and affiliated entities under common control, for purposes consistent with this Privacy Policy.
· Legal and regulatory disclosures. We may disclose personal information where we believe in good faith that disclosure is required by applicable law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of VM Genius, our users, or others.
· Business transfers. In connection with any merger, acquisition, financing, reorganization, sale of assets, or insolvency, personal information may be transferred to the relevant counterparties or successors, subject to the protections of this Privacy Policy.
· With your consent or at your direction. We may disclose personal information for any other purpose with your consent.
5. Cookies and Similar Technologies
We and our service providers use cookies, software development kits (SDKs), local storage, and similar technologies to authenticate sessions, remember preferences, maintain security, and analyze usage. Strictly necessary technologies are required for the operation of the Services and cannot be disabled within the Services. You may control non-essential cookies through your browser or device settings; disabling certain technologies may impair functionality. Where required by applicable law, we obtain consent before deploying non-essential cookies.
6. Data Retention
We retain personal information for as long as your account remains active and thereafter for the period necessary to fulfill the purposes described in this Privacy Policy, to comply with our legal, accounting, and regulatory obligations, to resolve disputes, and to enforce our agreements. When personal information is no longer required, we will delete or anonymize it in accordance with applicable law and our retention schedule.
7. Security
We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction, including authentication via a specialized identity provider, encryption in transit, and access controls. No method of transmission or storage is, however, completely secure, and we cannot guarantee absolute security.
8. International Data Transfers
We and our service providers may process and store personal information in jurisdictions other than the one in which you reside, including the United States. Where personal information of individuals in the European Economic Area, the United Kingdom, or Switzerland is transferred to a jurisdiction not recognized as providing an adequate level of data protection, we implement appropriate safeguards, such as the European Commission's Standard Contractual Clauses, to protect such transfers.
9. Your Privacy Rights
9.1 Rights of Individuals in the European Economic Area, the United Kingdom, and Switzerland
Subject to applicable law, you have the right to: (a) access your personal information; (b) rectify inaccurate or incomplete data; (c) erase your data ("right to be forgotten"); (d) restrict processing; (e) object to processing based on legitimate interests or for direct marketing; (f) data portability; and (g) withdraw consent at any time without affecting the lawfulness of prior processing. You also have the right to lodge a complaint with your competent supervisory authority.
The data controller is Hong Kong Vector Matrix Technology Limited.
9.2 Rights of Individuals in Hong Kong
Under the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong, you have the right to ascertain whether we hold your personal data, to request access to and a copy of such data, to request correction of inaccurate data, and to be informed of our policies and practices in relation to personal data. We will respond to a data access or correction request within the statutory period and may charge a fee not exceeding that permitted by law.
9.3 Rights of United States Residents
Depending on your state of residence (including under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and analogous statutes), you may have the right to know and access the personal information we have collected, to request deletion or correction, to opt out of the "sale" or "sharing" of personal information and of targeted advertising, and to be free from unlawful discrimination for exercising these rights. We do not sell personal information for monetary consideration.
9.4 Exercising Your Rights
To exercise any right, contact us using the details in Section 13. We will verify your identity before fulfilling a request, including by confirming control of the account email. You may use an authorized agent where permitted by law. We will respond within the period required by applicable law.
10. Children's Privacy
The Services are intended for users who are at least 18 years of age and are not directed to minors. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected personal information from a minor, we will delete it promptly. If you believe a minor has provided us personal information, please contact us.
11. Third-Party Services and Links
The Services may contain links to or integrations with third-party websites and services that we do not operate or control. This Privacy Policy does not apply to such third parties, and we encourage you to review their privacy policies.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last Updated" date and, where required by applicable law, provide additional notice or obtain your consent. Your continued use of the Services after the effective date of any changes constitutes acceptance of the revised Privacy Policy.
13. How to Contact Us
For questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact:
· Data controller: Hong Kong Vector Matrix Technology Limited (香港向量矩陣科技有限公司)
· Privacy contact / Data Protection Officer: [to be provided]
· Registered office: Hong Kong