Skip to content

Privacy Policy

Last updated: April 9, 2026

This Privacy Policy describes how VORENTH (“Company,” “we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you use the VORENTH platform, website, APIs, email services, and all related services (collectively, the “Platform”). By using the Platform, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

  • Account information: Email address, full name, and password (hashed, never stored in plaintext).
  • Payment information: Billing details are collected and processed directly by Stripe, Inc. We do not store credit card numbers, CVVs, or full payment card details on our servers.
  • Search queries: Topics and questions you submit for intelligence analysis.
  • Watchlist data: Topics you choose to monitor through the Platform.
  • Exposure data: Exposure type and weight tags you assign to watchlist items (e.g., "holding," "supplier"). Used to personalize intelligence reports to your specific exposure profile. Exposure data is never shared between users.
  • Prediction data: Forward claims and outcome assessments you submit through Prediction Tracking.
  • Profile updates: Display name changes and other profile information you provide.
  • Communications: Any messages or correspondence you send to us.

1.2 Information Collected Automatically

  • Usage data: Pages visited, features used, search frequency, report views, and interaction patterns.
  • Analytics data: Product usage events, page views, feature interactions, and web performance metrics collected via PostHog (see Section 3). For authenticated users, this data is associated with your user ID.
  • Device information: Browser type, operating system, screen resolution, and device identifiers.
  • Log data: IP address, access times, referring URLs, and error logs.
  • Signal and analysis data: Signal Mesh anomaly detection results, Cascade Engine outputs, narrative integrity scores, conviction scores, calibration metrics, prediction market calibration anchors, and convergence alerts generated by the Platform for your queries.
  • Cookies: Authentication and analytics cookies (see Section 6).

1.3 Information We Do Not Collect

  • We do not use third-party advertising trackers or sell data to advertisers.
  • We do not collect biometric data, location data, or contacts from your device.
  • We do not access or collect data from your social media accounts.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Platform: Process search queries, generate intelligence reports, manage your account and subscription.
  • Send communications: Daily intelligence briefings (if you have watchlist items), welcome emails, service announcements, and security notifications.
  • Process payments: Manage subscriptions and billing through Stripe.
  • Improve the Platform: Analyze aggregated usage patterns to improve intelligence quality and user experience. Search queries are classified by topic category to improve analysis quality. New queries may reference your prior reports and signal history to provide better analysis.
  • Generate autonomous intelligence: Process Signal Mesh scans, update forecast tracking outcomes, generate Cascade models, produce narrative integrity assessments, compute conviction and calibration scores, and retrieve prediction market data for probability calibration.
  • Personalize exposure intelligence: Match your exposure tags against report entities to assess how intelligence affects your specific positions. Exposure events are recorded per user and never shared between accounts. Risk levels are computed from your individual event history.
  • Enforce our Terms: Detect and prevent fraud, abuse, rate limit violations, and unauthorized access.
  • Comply with law: Respond to legal requests and prevent harm as required by law.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only with the following categories of service providers, strictly as necessary to operate the Platform:

  • Supabase (Database & Authentication): Stores your account data, search history, reports, and watchlists. Hosted on AWS infrastructure with encryption at rest and in transit.
  • Stripe (Payment Processing): Processes subscription payments. Subject to Stripe's Privacy Policy. PCI DSS Level 1 certified.
  • Vercel (Hosting): Hosts and serves the Platform. Processes HTTP requests including IP addresses.
  • Anthropic (AI Processing): Search queries and report data are sent to Anthropic's Claude API for intelligence synthesis. Anthropic's API does not use customer inputs for model training but may retain inputs for up to 30 days for trust and safety purposes. Queries may contain geopolitical, market, or policy-related content. Subject to Anthropic's API Terms and Privacy Policy.
  • PostHog (Product Analytics): Collects usage events, page views, feature interactions, and web performance metrics. For authenticated users, we share your user ID, email address, and subscription tier for cohort analysis and product improvement. This data is pseudonymized (linked to your user ID) but not fully anonymized. PostHog processes data on US-based infrastructure. Data is retained for up to 13 months. Subject to PostHog's Privacy Policy.
  • Polymarket (Prediction Market Data): Public prediction market prices are retrieved from Polymarket's API to calibrate forecast probability estimates. Your search queries inform which markets are queried but are not shared with Polymarket. No personal data is sent to Polymarket.
  • Upstash (Rate Limiting): Processes rate limit counters via Redis to prevent abuse. Counters are keyed by user ID or IP address but do not store query content or personal profile data. Counters expire automatically within minutes.
  • Resend (Email Delivery): Delivers transactional emails (briefings, welcome emails). Receives your email address and email content.
  • xAI (Social Signal Analysis): For Command-tier subscribers, search queries may be sent to xAI's Grok API to retrieve social signal data from X (formerly Twitter). Query content is sent to xAI for processing. Subject to xAI's Terms of Service and Privacy Policy.
  • Polygon.io (Market Data): Retrieves market data including ticker snapshots, forex rates, and financial news. Your search queries inform which market data is retrieved but no personal data is shared with Polygon.io.

We maintain appropriate data processing agreements with all service providers listed above. All vendors process data in the United States. We are responsible for ensuring vendor compliance with applicable data protection obligations.

We may also disclose information if required by law, subpoena, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.

4. Data Storage and Security

4.1 Storage

Your data is stored on Supabase (PostgreSQL on AWS) with Row-Level Security (RLS) ensuring that each user can only access their own data. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

4.2 Security Measures

  • Passwords are hashed using bcrypt (never stored in plaintext).
  • Sessions use HTTP-only, secure cookies.
  • API endpoints are rate-limited to prevent abuse.
  • Database access is restricted by Row-Level Security policies.
  • Environment variables and secrets are encrypted and managed through secure infrastructure.
  • Security headers (HSTS, X-Frame-Options, Content-Type-Options) are enforced on all responses.

4.3 Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of becoming aware of the breach, in compliance with applicable data protection laws.

5. Data Retention

  • Account data: Retained for the duration of your account. Deleted upon account deletion request.
  • Search history and reports: Retained for the duration of your account to power features like timeline analysis and report history.
  • Payment records: Retained as required by tax and financial regulations (typically 7 years).
  • Signal Mesh and Narrative Warfare data: Retained for the duration of your account. Anomaly detection logs may be retained in anonymized form for system calibration.
  • Forecast Tracking data: Retained for the duration of your account. Forecasts (scored, tracked claims) and analytical signals (informational, unscored) are stored separately. Historical accuracy and calibration data may be retained in anonymized form to improve analytical quality.
  • Cascade and Graph data: Retained for the duration of your account.
  • Server logs: Retained for up to 90 days for security and debugging purposes.
  • PostHog analytics: Retained for up to 13 months. PostHog data is pseudonymized (linked to user ID), not fully anonymized.
  • Truly anonymized data: Irreversibly de-identified, aggregated data that cannot be linked to any individual may be retained indefinitely for system improvement.

Deletion requests will be honored except where we are required to retain data by law (e.g., tax records for 7 years) or where we have legitimate legal obligations. Personal data is deleted within 30 days of an account deletion request, except where legal retention requirements apply.

6. Cookies

We use the following categories of cookies:

  • Essential cookies: Authentication session cookies (HTTP-only, secure) and CSRF protection cookies required for the Platform to function.
  • Analytics cookies: First-party cookies set by our PostHog integration for product analytics, session identification, and feature usage tracking. These help us understand how the Platform is used and improve the experience.

We do not use advertising cookies, social media cookies, or third-party ad tracking cookies. We do not participate in cross-site tracking or targeted advertising.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data. You can delete your account and all associated data from your Account Settings page. This action is irreversible and permanently removes your profile, search history, reports, and watchlist data.
  • Portability: Request an export of your data in a structured, machine-readable format.
  • Opt-out of communications: Unsubscribe from daily briefing emails at any time via the link in the email or by removing all watchlist items.
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at intel@vorenth.com. We will respond to your request within 30 days.

8. International Data Transfers

The Platform is hosted in the United States. If you access the Platform from outside the United States, your data will be transferred to and processed in the United States. By using the Platform, you consent to this transfer. We rely on standard contractual clauses and service provider agreements to ensure adequate data protection for international transfers.

9. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. By accessing the Platform, you represent that you are at least 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will promptly delete it and terminate the associated account.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect and how it is used.
  • The right to delete your personal information.
  • The right to opt-out of the sale of personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing:
    • Contractual necessity (Art. 6(1)(b)): Account creation, search queries, report generation, subscription management, and core Platform functionality.
    • Legitimate interest (Art. 6(1)(f)): Product analytics (PostHog), security monitoring, fraud prevention, and Platform improvement. We have conducted a balancing test and determined that our interest in improving the Platform does not override your rights. You may object to this processing at any time by contacting us.
    • Consent (Art. 6(1)(a)): Daily briefing emails and marketing communications. You may withdraw consent at any time by unsubscribing or removing watchlist items.
    • Legal obligation (Art. 6(1)(c)): Tax records, fraud prevention, and compliance with legal requests.
  • Privacy contact: For GDPR-related inquiries, data subject access requests, or complaints, contact intel@vorenth.com.
  • Right to object: You have the right to object to processing based on legitimate interest at any time.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification at least 30 days before they take effect. Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, concerns, or data requests, contact us at:

VORENTH
Privacy Inquiries: intel@vorenth.com
General: intel@vorenth.com