Privacy Policy

Effective Date: May 21, 2026 · Previous version: April 20, 2026

TheInvestmentAnalyst.com ("we," "us," or "our") operates TickerOne (the "Game"), a daily stock prediction game available as native iOS and Android applications (with a web preview at theinvestmentanalyst.com/marketcall). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the Game.

1. Information We Collect

Information You Provide

• Account information: Email address and display name, provided when you create an account or sign in with Apple or Google.
• Game predictions: Your daily stock predictions, including predicted direction (up/down), confidence level, price-range calls, and optional wildcard selections.
• In-app messages between friends ("trash talk" feature): When you send a curated message to a friend (e.g., a taunt, reaction, or comeback nudge), we store the sender, recipient, message catalog key, and timestamp. The message body itself is selected from a fixed catalog and is not free-text user input.
• Friend connections: When you add or accept a friend, we store the relationship so you can see each other on the Friends leaderboard, send curated messages, and challenge each other to 1v1 Battles.
• 1v1 Friend Battle records (v1.0.6): When you challenge a friend or accept a challenge, we store the challenger, opponent, game date, status, both players' scores, and the winner. This is shown to both participants in their Battles inbox / history.
• Private League membership (v1.0.6): When you create or join a private league we store the league's name, owner, invite code, optional date bounds, and your membership row. Other league members can see you on the league leaderboard.
• Equipped avatar badge (v1.0.6): The avatar badge you select in Settings is stored against your account and displayed next to your display name on tournament and league leaderboards.
• Pro bio (admin-flagged users only, v1.0.6): Users who are flagged as Pro Picks by an administrator may have a short biography (≤140 characters) attached to their profile, surfaced on the Pro Picks rail.
• Support reports: If you use the in-app "Report an Issue" form, the text of your report along with diagnostic context (see below).

Information Collected Automatically

• Game scores and statistics: Points earned, streaks, accuracy rates, leaderboard rankings, and historical performance data generated from your predictions.
• Signup cohort (v1.0.6): The year-month of your signup (e.g. "2026-05"), used to group you with people who joined in the same month for the Cohort leaderboard. Derived from your account creation date; not separately requested.
• Derived behavioural metrics (v1.0.6): The Stats screen surfaces analytical breakdowns derived from your prediction history — confidence calibration, direction-tilt rate, hot-hand bias, loss-chasing rate, alignment with Pro Picks, range adoption rate, win/loss asymmetry, skill-vs-luck Bayesian estimate, strength-by-confidence-and-direction matrix, and multiplier-capture share. These are computed on demand from data you already provided through gameplay; we do not store new categories of personal data to produce them, nor do we share these analyses with third parties.
• Login dates: The date of each login, used to calculate daily login rewards and streak tracking.
• Authentication tokens: A JSON Web Token (JWT) stored in your browser's localStorage (web) or Keychain/Keystore (native app) to keep you signed in. This is not a tracking cookie.
• Push notification tokens (native app only): On iOS and Android, we register your device with Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) to deliver notifications you have opted in to receive. The token is an opaque identifier generated by Apple/Google and cannot be used to track you across other apps.
• Notification preference flags: Per-category toggles for daily reminder, results-ready, streak warning, championship, milestones, re-engagement, and marketing email opt-in. Stored against your account so we honour your choices across devices.
• Live Activity tokens (iOS only): If you opt into Live Activities on iOS 16.1+, we register a short-lived activity token so we can update the lock-screen widget during market hours. Token expires when the activity ends or after the daily game resolves.
• Timezone (native app only): Your device's IANA timezone string (e.g. "Europe/London") is captured at registration so notifications respect your local quiet hours. No other location data is collected.
• IP address: Your IP address is recorded in server logs and used for rate limiting to protect against abuse. It is not used for advertising or tracking.
• Diagnostic context (support reports only): When you submit a support report, we attach platform information (iOS/Android/Web), app version, user-agent, current screen, recent client errors, and last failed API call.
• Crash logs and diagnostics: Both server (Sentry) and client (browser console) crashes are logged to help us debug failures. Crash reports include the stack trace, app version, platform, and your user ID if you were authenticated. They do not include passwords, prediction values, or your friend messages.

Information We Do NOT Collect

• Payment or financial information (prizes are fulfilled externally via gift cards)
• Precise or approximate geolocation data
• Contacts, camera, microphone, photos, or device sensor data
• Browsing history outside the Game
• Advertising identifiers (IDFA on iOS, AAID on Android)

2. How We Use Your Information

We use the information we collect for the following purposes:

• Operate the Game: Create and manage your account, process your daily predictions, calculate scores, and maintain leaderboards.
• Daily login rewards: Track your login dates to award daily login bonuses and maintain streak counts.
• Prize fulfillment: Use your email address to contact winners and deliver prizes via Tremendous (a third-party gift card fulfillment service). Only your email address is shared with Tremendous for this purpose.
• Authentication: Issue and validate JWT tokens so you can remain signed in across sessions.
• Game improvement: Analyze aggregate, anonymized game data (e.g., overall prediction accuracy trends) to improve the Game experience. We do not build individual behavioral profiles.

3. Data Storage and Security

Your data is stored in a SQLite database on a server hosted by Railway.app, a cloud application hosting platform. We implement reasonable administrative and technical safeguards to protect your information, including:

• Encrypted HTTPS connections for all data in transit
• JWT-based authentication with token expiration
• Server-side input validation and sanitization

No method of electronic storage or transmission is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

4. Third-Party Services

The Game integrates with the following third-party services, each processing a specific slice of data on our behalf. We do not use advertising networks or tracking pixels.

Yahoo Finance API

We use the Yahoo Finance API to retrieve real-time and historical stock price data used in the Game. No user data is transmitted to Yahoo Finance; we only request publicly available market data.

LearnWorlds

The Game may be embedded within the LearnWorlds learning platform. If you access the Game through LearnWorlds, an SSO token may be passed to authenticate your session. LearnWorlds' own privacy policy governs data collected by their platform. LearnWorlds privacy policy.

Sign in with Apple / Google Sign-In (native app)

On iOS, you may sign in using Sign in with Apple. On iOS and Android, you may sign in using Google. In both cases, the third-party identity provider returns your email address (and optionally display name) to us. We do not receive your Apple ID password, Google password, or any other account data. You may revoke access at any time from your Apple ID settings or Google account permissions.

Apple Push Notification service (APNs) & Firebase Cloud Messaging (FCM)

To deliver push notifications on the native app, we register an opaque device token with Apple (iOS) or Google Firebase (Android). The token is an identifier for the device, not for you personally. Notifications can be disabled at any time from your device settings or the in-app preferences.

Tremendous (prize fulfillment)

Prize winners receive gift cards fulfilled through Tremendous. When you win a prize, we share your email address with Tremendous solely for gift card delivery. Tremendous' privacy policy governs their handling of that information.

Resend (transactional email)

Password reset emails, account-deletion confirmations, support-report receipts, and championship winner notifications are delivered via Resend, an email delivery service. Resend processes the recipient email address and message content on our behalf as a data processor.

Sentry (error tracking)

We use Sentry to capture server-side errors for debugging purposes. Captured errors include the stack trace, request path, and may include your user ID if you were authenticated at the time. Sentry does not receive your email, password, or prediction content.

Railway.app (hosting)

Our application server and database are hosted on Railway.app. Railway processes data on our behalf as a hosting provider. Their privacy policy governs their infrastructure services.

5. Cookies and Local Storage

The Game does not use cookies for advertising, analytics, or tracking. We use browser localStorage solely to store your JWT authentication token, which keeps you signed in. This token is not shared with any third party and is automatically invalidated upon expiration.

6. Children's Privacy & Age Rating

The Game is not directed at children under the age of 13 and is rated for users 12 and over. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as promptly as possible. If you believe a child under 13 has provided us with personal information, please contact us at the address below.

The Game is a skill-based prediction game. While it uses terminology familiar from financial markets (predictions, confidence, streaks, multipliers), no real money is wagered by players. Prizes are awarded by us on a monthly basis to leaderboard leaders and are not tied to any individual user stake.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Game. Specifically:

• Account data (email, display name): Retained until you delete your account.
• Game data (predictions, scores, statistics, streaks, wildcards, friendships): Retained for the duration of your account to maintain historical records, leaderboard integrity, and streak data. Hard-deleted when you delete your account.
• Authentication tokens: Expire after 30 days and are replaced upon each new login session.
• Push notification logs: Retained for 90 days for open-rate analytics and then deleted. Hard-deleted when you delete your account.
• Support reports: Retained for 12 months after resolution for audit purposes. Hard-deleted when you delete your account.
• Server-side request logs: Retained by our hosting provider (Railway) for up to 30 days per their default retention.
• Referral ledger entries: Retained indefinitely for accounting purposes but user references are anonymised when either party deletes their account.

You can delete your account and all associated data at any time via the in-app menu (Menu → Delete my account), or by contacting us using the information in Section 10 below.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal data. Note that deleting your account will permanently remove your game history and leaderboard records.
• Data portability: Request a machine-readable export of your data.
• Objection: Object to certain processing of your data where applicable under local law.

To exercise any of these rights, please contact us using the information below. We will respond to your request within 30 days.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy within the Game and updating the "Effective Date" at the top of this page. Your continued use of the Game after any changes constitutes your acceptance of the revised policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

TheInvestmentAnalyst.com
Email: support@theinvestmentanalyst.com
Website: https://theinvestmentanalyst.com

For UK users exercising rights under the UK GDPR, you may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

For EU users exercising rights under the GDPR, you may also lodge a complaint with your national data protection authority.