ValueAlpha

Privacy Policy

Effective date: February 25, 2026  ·  Last updated: February 25, 2026

1. Introduction

This Privacy Policy describes how ValueAlpha (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use our website at valuealpha.ai and our platform at app.valuealpha.ai (collectively, the “Service”).

By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

2. Age Restriction

Our Service is intended solely for individuals at least 18 years of age. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a person under 18, we will delete it promptly. Contact us at [email protected] if you believe this has occurred.

3. Information We Collect

3.1 Information You Provide Directly

  • Name and contact information (email address)
  • Financial and business data you input for valuation purposes
  • Payment information processed securely through Stripe (we do not store card data)
  • Any information you provide when contacting our support team
  • Waitlist registration email address

3.2 Information Collected Automatically

  • IP address (for analytics, fraud prevention, and security)
  • Device information: type, operating system, and browser
  • Usage data: pages visited, features used, session duration, and click patterns
  • Report activity: reports generated, inputs submitted, and download status
  • Referral sources and UTM parameters for marketing attribution

3.3 Cookies & Tracking

We use cookies and similar technologies for authentication, session management, analytics, and marketing attribution. See Section 9 for details.

4. How We Use Your Information

We use collected information to:

  • Deliver the Service: Generate and deliver valuation reports based on your inputs.
  • Process payments: Facilitate secure transactions through Stripe.
  • Provide support: Respond to inquiries and resolve technical issues.
  • Improve the platform: Analyze usage patterns and improve our algorithms and UX.
  • Marketing communications: Send product updates, waitlist notifications, and promotional emails (with opt-out available at any time).
  • Security & fraud prevention: Detect and prevent unauthorized access, competitor misuse, and fraudulent activity.
  • Legal compliance: Comply with applicable laws, regulations, and legal processes.

5. Email Communications & Opt-Out

We may send transactional emails (purchase receipts, report delivery, account notifications) and promotional emails (product updates, new features, waitlist updates).

You may opt out of promotional emails at any time by clicking “Unsubscribe” in any email or by contacting us at [email protected] with “Unsubscribe” in the subject line. Opting out does not affect transactional emails necessary to deliver the Service.

We comply fully with the CAN-SPAM Act and applicable email marketing regulations.

6. Data Sharing & Disclosure

6.1 We Do Not Sell Your Data

We will never sell, rent, or trade your personal or financial information to third parties for their marketing purposes.

6.2 Trusted Service Providers

We share data only with service providers necessary to operate the Service, including:

  • Stripe — payment processing (PCI-DSS Level 1 certified). We do not store card data.
  • Supabase — authentication and database infrastructure.
  • Cloudflare — hosting, CDN, and DDoS protection.
  • Analytics providers — aggregated usage analytics and performance monitoring.

All providers are contractually obligated to maintain confidentiality and may use your data only as authorized by us.

6.3 Legal Obligations

We may disclose your information if required by law, court order, or government investigation, or to protect our rights, property, users, or the public.

7. Data Security

We implement industry-standard security measures including SSL/TLS encryption in transit, encrypted storage for sensitive data, access controls, and regular security monitoring. Payment processing is handled entirely by Stripe under PCI-DSS Level 1 standards.

No method of transmission over the internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

Data Breach Notification: In the event of a breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law, including the nature of the breach, types of data affected, and remedial steps taken.

8. Data Retention

  • Account data: Retained while your account is active or as needed to provide the Service.
  • Transaction records: Retained for legal compliance, licensing enforcement, and fraud prevention.
  • Financial inputs: Retained as part of your report history while your account is active.
  • Analytics data: Retained in aggregated form for product improvement.
  • Marketing data: Retained until you opt out or request deletion.

Even after account deletion, we may retain certain data as required by law or for legitimate business purposes such as fraud prevention and dispute resolution.

9. Cookies & Tracking Technologies

We use the following types of cookies:

  • Essential cookies: Required for authentication and session management. Cannot be disabled.
  • Analytics cookies: Track page views, feature usage, and session behavior to improve the platform.
  • Marketing cookies: Track UTM parameters and campaign attribution.

You can control non-essential cookies through your browser settings. Disabling cookies may limit certain features of the Service.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Opt-out: Opt out of marketing communications at any time.
  • Portability: Request your data in a portable format where applicable.

To exercise these rights, contact us at [email protected]. We will respond within a reasonable timeframe as required by applicable law. Note that certain data may be retained for legal compliance and fraud prevention even after deletion requests.

11. State-Specific Privacy Rights

11.1 California (CCPA/CPRA)

California residents have the right to know what personal information is collected and how it is used, request deletion (subject to exceptions), opt out of the sale of personal information (we do NOT sell your data), correct inaccurate information, and not be discriminated against for exercising privacy rights.

11.2 Other State Privacy Laws

We comply with applicable state privacy laws including the Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, and similar statutes. Residents of these states have rights comparable to those described for California residents.

To submit a state privacy request, email [email protected] with your state name and “Privacy Request” in the subject line. We will respond within the legally required timeframe.

12. Third-Party Links

Our website may contain links to third-party sites or services. We are not responsible for the privacy practices of those sites and encourage you to review their policies.

13. Changes to This Policy

We may update this Privacy Policy at any time. Changes become effective upon posting. We will update the “Last updated” date at the top of this page. Continued use of the Service after any change constitutes acceptance of the updated Policy.

14. Contact Us

For privacy questions, data requests, or concerns:
[email protected]
General: [email protected]

We will respond to privacy inquiries within seven (7) business days.