Privacy Policy

This Privacy Policy describes how Crossroads Consulting LLC, doing business as The IPO Radar ("Company," "we," "us," or "our"), collects, uses, and shares your personal information when you use our website at theiporadar.com and our related services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

• Email address — used for account creation, passwordless sign-in (magic link), and alert delivery.
• Investment thesis — the free-form text you write describing the types of companies you want to be alerted about.
• Notification preferences — your choices regarding email and/or Telegram delivery, mute settings, and related configurations.

1.2 Information Collected Automatically

• Telegram user ID — a numeric identifier collected only if you choose to connect Telegram as a delivery channel. We do not collect your Telegram username, profile photo, or other profile data.
• IP address and browser metadata — collected for security, abuse prevention, and debugging purposes.
• Server logs — contain internal user UUIDs, request timestamps, and error information. Server logs do not contain your email address or other directly identifying information.

1.3 Payment Information

All payment processing is handled by Stripe. We never see, receive, or store your payment card numbers. Stripe collects and stores your payment information pursuant to its own privacy policy. We receive from Stripe your subscription status and billing history (plan type, payment dates, and amounts).

1.4 Cookies

We use a single essential cookie: an HttpOnly, Secure session cookie that keeps you signed in. This cookie has a lifetime of approximately 7 days and is strictly necessary for the Service to function. We do not use any analytics cookies, advertising cookies, or tracking cookies.

When you interact with our payment flow, you may be redirected to Stripe's hosted checkout page, which may set its own cookies. Those cookies are governed by Stripe's privacy policy, not ours.

1.5 Email Tracking

Our email delivery provider (SendGrid) includes tracking pixels and rewritten links in the emails we send. This allows us to measure email open rates and link click rates for the purpose of monitoring deliverability and improving the Service. You can prevent this tracking by disabling image loading and link previews in your email client.

2. How We Use Your Information

We use your information for the following purposes:

• Providing the Service — authenticating your account, processing your investment thesis, matching you with relevant SEC filings, and delivering alerts.
• AI processing — we send your investment thesis text and SEC filing text to third-party AI providers (such as OpenAI) to parse your thesis into structured categories and to extract structured business intelligence from filings. These providers process this data as our service providers pursuant to their respective API data usage policies, which generally prohibit using API inputs for model training.
• Billing — managing your subscription and processing payments through Stripe.
• Communication — sending you transactional emails (sign-in magic links, welcome emails, alert delivery), service-related communications (billing confirmations, policy updates, product announcements), and other messages necessary for the operation of the Service.
• Security and abuse prevention — detecting and preventing fraud, unauthorized access, and other harmful activity.
• Debugging and reliability — using server logs to diagnose errors and maintain service uptime.
• Improving the Service — analyzing aggregate, non-identifying usage patterns to improve matching quality and the overall user experience. This includes using de-identified, aggregated thesis data to produce features such as trending investment themes. Aggregate data cannot reasonably be used to identify any individual subscriber.

3. How We Share Your Information

We do not sell your personal information. We share your information only with the following categories of service providers, and only to the extent necessary for them to perform their function:

We may also disclose your information if required to do so by law, in response to a valid legal process (such as a subpoena or court order), or to protect the rights, property, or safety of the Company, our users, or the public.

4. Data Storage and Security

Your data is primarily stored and processed in the United States. We use vendors with global infrastructure who may process data in other regions pursuant to their own privacy policies.

We implement reasonable administrative, technical, and physical safeguards to protect your personal information. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you cancel your subscription and request deletion of your data, we will delete your personal information within 30 days, except where we are required to retain it by law (for example, billing records for tax purposes). Server logs are retained for a limited period for debugging purposes and are purged periodically.

6. Your Rights

6.1 All Users

Regardless of where you are located, you may:

• Access your personal information by logging into your account dashboard.
• Update your investment thesis and notification preferences at any time.
• Cancel your subscription at any time through the Stripe customer portal.
• Unsubscribe from email alerts with one click, or from Telegram alerts by sending /unsubscribe to our bot.
• Request deletion of your account and personal data by contacting us at privacy@theiporadar.com.

6.2 European Economic Area (EEA) Residents

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing. We process your data on the following bases: (a) performance of a contract (providing the Service you subscribed to); (b) legitimate interests (security, abuse prevention, service improvement); and (c) your consent (where applicable, such as connecting Telegram).
• Right to access. You may request a copy of the personal data we hold about you.
• Right to rectification. You may request correction of inaccurate personal data.
• Right to erasure. You may request that we delete your personal data, subject to legal retention obligations.
• Right to restriction of processing. You may request that we limit how we process your data in certain circumstances.
• Right to data portability. You may request a machine-readable copy of the personal data you provided to us.
• Right to object. You may object to processing based on legitimate interests.
• Right to withdraw consent. Where we rely on your consent, you may withdraw it at any time.

For EU data subjects, our vendors operate under Standard Contractual Clauses (SCCs) or equivalent mechanisms for international data transfers.

To exercise any of these rights, contact us at privacy@theiporadar.com. We will respond within 30 days.

6.3 California Residents — CCPA / CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with the following rights regarding your personal information:

• Right to know — request disclosure of the personal information we collect, use, and share.
• Right to delete — request deletion of personal information we have collected from you, subject to limited exceptions.
• Right to correct — request correction of inaccurate personal information we maintain about you.
• Right to opt out of sale or sharing — direct us not to sell or share your personal information.
• Right to limit use of sensitive personal information— direct us to limit our use of sensitive personal information to only that necessary to provide the service.
• Right to non-discrimination — exercise these rights without receiving discriminatory treatment in pricing or service quality.

We do not sell or share your personal information.We do not sell or rent personal information to third parties, and we do not engage in cross-context behavioral advertising. We share personal information only with the service providers strictly necessary to operate the Service (Stripe for payment, SendGrid for email delivery, Telegram for messaging, Render for hosting, Vercel for the frontend), each under a written contract limiting their use to providing services on our behalf.

How to exercise your CCPA / CPRA rights: email privacy@theiporadar.com from the email address associated with your account, stating which right you wish to exercise. We will respond within 45 days. There is no fee for exercising these rights, and you may designate an authorized agent to act on your behalf.

7. Children's Privacy

The Service is not directed to anyone under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from someone under 18, we will delete that information promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 15 days before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

9. Contact

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

Crossroads Consulting LLC, d/b/a The IPO Radar
1413 Ave Ponce de Leon, STE 401
San Juan, PR 00907

Email: privacy@theiporadar.com
General support: support@theiporadar.com