Legal
What information Ridhics collects when you use Ridhics EVA, how we use it, and how we protect it.
This policy explains what information Ridhics collects when you use the Ridhics EVA web application, our APIs, or the EVA MCP server, including when EVA is used as a connector or app inside an AI assistant such as ChatGPT or Claude, and how we use and protect it.
What is public, not personal: the market and fundamental data the Service serves is public-domain SEC/XBRL data, such as 10-K, 10-Q, and 8-K filings and tagged facts. Ridhics does not collect brokerage records or personal investment holdings. Your watchlists and assumptions are confidential even when the underlying securities data is public.
We use information to provide and maintain the Service; authenticate you; enforce subscription tiers and abuse-prevention controls; meter usage and bill; provide support; detect and prevent abuse; secure the platform; and improve product reliability, quality, and user experience using operational metrics and, where feasible, aggregated or de-identified information. We do not sell or share your personal information as those terms are used under the CCPA/CPRA, and we do not use your client content to train any model, whether Ridhics-owned or third-party, except where you expressly agree in a separate written agreement.
Where the EU or UK GDPR applies, our legal bases include performance of a contract for account access and service delivery; legitimate interests for security, abuse prevention, product reliability, and customer support; legal obligations for billing, tax, compliance, and dispute records; and consent where required for optional communications or non-essential cookies.
Account data is retained while your account is active. Usage counters are short-lived, with Redis counters generally retained for approximately 32 days. User queries, analysis request logs, application audit logs, and authentication logs are retained for 90 days by default, unless a shorter or longer enterprise retention period is agreed in writing. Enterprise audit-log retention may be configured up to 1 year. Billing, payment, tax, security, and legal records may be retained longer where required, including up to 7 years for payment and tax records. After account closure or a verified deletion request, we delete or de-identify client content within 30 days unless retention is required by law, security, billing, dispute-resolution, or a separate enterprise agreement; backup copies roll off under normal backup cycles. You may request deletion as described below.
We use TLS in transit; encryption at rest where supported by our cloud and database providers; API keys stored as hashes; abuse-prevention controls; least-privilege access controls; organization-scoped access controls for customer data; audit logging for sensitive operational paths; and incident-response procedures. The MCP server exposes public SEC/XBRL and related market-data outputs through dedicated service paths. No method is perfectly secure, but we apply industry-standard safeguards. Security questions or vulnerability reports may be sent to support@ridhics.com.
Subject to applicable law, including California's CCPA/CPRA, Canada's PIPEDA, and the EU/UK GDPR where applicable, you may request to access, correct, export, or delete your personal information, and to close your account. If your client content contains personal information, these rights may apply to that content as well. California residents may also request information about categories of personal information collected and disclosed, opt out of sale or sharing (Ridhics does not sell or share personal information), and exercise rights without unlawful discrimination. Contact support@ridhics.com. We respond within 30 days, unless a longer period is permitted by law.
Our infrastructure is hosted in AWS US-East-1, United States, including AWS and TigerData/TimescaleDB infrastructure used by the Service. If you access the Service from outside that region, your information may be transferred to and processed there. Where required, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses, Data Privacy Framework-certified providers where applicable, and contractual data-processing terms. Enterprise customers may request a Data Processing Addendum and subprocessor information.
www.ridhics.com uses cookies and local storage strictly necessary for authentication and preferences, such as session tokens and theme preferences. We do not use third-party advertising trackers.
The Service is a business/professional tool and is not directed to children under 18. We do not knowingly collect personal information from children under 18.
We may update this policy. Material changes will be posted here with a revised effective date and, where appropriate, notice.
support@ridhics.com · Ridhics Inc, Unit 098, 285 Taunton Rd E, Oshawa, ON, Canada L1G 3V2.