Your data. Your rights. Our obligations.

Who We Are

Pingr is operated by a real, registered Irish company. The data controller for personal data collected through the Pingr platform is:

As the data controller, Pingr Intelligence Limited decides why and how your personal data is processed. We are responsible for making sure that processing is lawful, fair, and transparent under the EU General Data Protection Regulation (GDPR) 2016/679 and the Irish Data Protection Act 2018. Our supervisory authority is the Data Protection Commission of Ireland.

We do not sell your data. We do not build advertising profiles. We do not share your data with data brokers. Those are not slogans, they are commitments this policy holds us to.

What We Collect

We collect only the data we need to run the Service. Here is the complete list, with nothing left out.

Account Data

• Email address. Required to create an account, send the alerts you ask for, and contact you about your subscription.
• Username or name. Used to identify your account and personalise communications.
• Password. Stored only as a bcrypt hash with a per-user salt. We never store or see your plaintext password.
• Account tier. Free, Pro, or Investor, used to decide which features you can access.
• Account creation timestamp. For support and audit purposes.

Usage Data

• Authentication tokens. A signed JWT issued when you log in, used to verify your requests. Held in your browser, not stored server-side beyond validating the session.
• Watchlist and preferences. The tickers and insiders you choose to track, plus your alert settings such as score thresholds and category filters.
• Delivery preferences. The timing and format of the email alerts you set up.

Technical Data

• IP address. Logged by our hosting infrastructure for security and rate limiting.
• Browser and device type. Read from standard HTTP headers, used for compatibility and debugging.
• Request logs. Timestamps and endpoints accessed, kept for a maximum of 30 days for security monitoring.

What We Do Not Collect

• We do not collect payment card numbers or bank details. Payments are handled entirely by Stripe, which never passes us your card data.
• We do not collect special category data: no biometric data, health data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, or data about your sex life or sexual orientation.
• We do not buy, rent, or receive personal data from third-party data brokers.

How We Use Your Data

We use your personal data for these purposes, and no others.

We do not use your personal data for advertising, and we do not share it with advertisers. We do not make automated decisions about you that have legal or similarly significant effects.

Legal Basis for Processing (GDPR)

Under Article 6 of the GDPR, we rely on the following legal bases.

Article 6(1)(b), Performance of a Contract

Most of what we do is necessary to give you the Service you signed up for: creating your account, delivering signals and email alerts, and managing your subscription. Without this processing we cannot run the Service.

Article 6(1)(a), Consent

We rely on consent for sending you marketing communications that are separate from service messages, and for anything else where we have specifically asked for and received your explicit consent. You can withdraw consent at any time through your dashboard settings or by emailing privacy@pingr.email. Withdrawing consent does not affect processing we carried out before you withdrew it.

Article 6(1)(f), Legitimate Interests

We rely on legitimate interests for security monitoring, preventing abuse, improving the Service through aggregated analytics, and answering support requests. We have weighed these interests against your rights and concluded they do not override your reasonable expectations as a user of a data tool.

Article 6(1)(c), Legal Obligation

We may process personal data to comply with Irish and EU law, including lawful requests from regulators, courts, and law enforcement.

Special Category Data

We do not intentionally collect special category data as defined in Article 9 of the GDPR. If you think we have collected such data by accident, email privacy@pingr.email and we will remove it.

Insider Filing Data

Pingr is built on public information. It is worth being clear about what that means for privacy.

Where the data comes from

Pingr processes publicly available filings from the US Securities and Exchange Commission (SEC) EDGAR system, specifically Form 4 insider transaction reports. These filings are public record under US law. They contain the names, roles, and reported transactions of corporate insiders, who are third parties, not Pingr users.

How we treat it

This filing data is public information about company insiders, not personal data you give us about yourself. We present and analyse it, but we do not combine it with your account to profile you. Your own activity on the platform, such as the tickers you save or watch, is tied to your account only to personalise your feed, and for no other purpose.

If you are named in a filing

If you are a corporate insider whose name appears on Pingr because of a public SEC filing and you have a concern, email legal@pingr.email and we will respond.

Data Sharing

We do not sell your personal data and we do not share it with advertisers or data brokers. We share data only in the limited cases below.

Service Providers

We use a small set of trusted providers to run the Service. Each processes data on our behalf under its own data protection terms.

• Render. Hosting for our backend and database (PostgreSQL). Stores account data, encrypted at rest. Based in the United States.
• Vercel. Hosting for our website. Processes IP addresses and request logs to serve the interface. United States and global edge network.
• Brevo. Transactional and alert email delivery. Receives email addresses to send the messages you signed up for. Based in the European Union.
• Stripe. Payment processing. Receives your email and handles the transaction under PCI-DSS. We never receive or store your card number.
• OpenAI. Generates short written summaries of signals. Receives ticker symbols, insider names, and trade context drawn from public filings. We do not send OpenAI any information that identifies you.

Legal Disclosure

We may disclose personal data to courts, regulators, or law enforcement where required by law. Where we are permitted to, we will tell you before we comply.

Business Transfers

If Pingr is ever involved in a merger, acquisition, or sale of assets, personal data may transfer to the new entity. We will email affected users and post a notice at least 30 days beforehand, and the new entity will be bound by equivalent protections.

Data Retention

We keep personal data only as long as we need it to run the Service, meet legal obligations, and resolve disputes.

After the retention period, data is securely deleted or anonymised so it can no longer be linked to you. Anonymised, aggregated data may be kept for statistics and product improvement.

Security

We apply technical and organisational measures appropriate to the data we hold.

• Encryption in transit. All traffic between your browser and our servers uses TLS. All calls to third-party services use HTTPS.
• Encryption at rest. Our database storage is encrypted at rest by our hosting provider.
• Password hashing. Passwords are hashed with bcrypt and a per-user salt. We have no way to read them.
• Signed authentication. API access requires a valid signed JWT, checked on every request.
• Rate limiting. Public endpoints are rate limited to resist brute force and abuse.
• Secret management. Keys and credentials are held as environment variables and never committed to source code.
• Restricted access. Production database credentials are limited to our own infrastructure.

No system is perfectly secure, and we will not pretend otherwise. We take security seriously, but we cannot guarantee our systems will never be compromised. If a breach affects your personal data, we will notify the Data Protection Commission and, where required, you, within the timeframes set by Articles 33 and 34 of the GDPR.

Cookies & Local Storage

Pingr mainly uses your browser's local storage rather than cookies to hold your session token, tier, and preferences on your own device. That data stays on your device unless you take an action that syncs it to us.

We use only essential cookies needed for the Service to work and to protect against cross-site request forgery. We do not use tracking cookies, advertising cookies, or third-party analytics cookies on our platform.

You can control cookies through your browser settings, but disabling essential cookies may stop the Service from working. Clearing local storage removes your locally saved preferences.

International Data Transfers

Some of our providers, including Render, Vercel, Stripe, and OpenAI, are based in the United States. Sending data to them is an international transfer under Chapter V of the GDPR.

Where a provider is not covered by an EU adequacy decision, we rely on the Standard Contractual Clauses approved by the European Commission to protect those transfers. You can ask which mechanism applies to your data by emailing privacy@pingr.email.

Your Rights

Under the GDPR you have the following rights over your personal data. We honour them for all users.

Access (Art. 15)

You can ask for a copy of the personal data we hold about you, along with the purposes, recipients, and retention periods. We respond within 30 days, extendable by up to 60 more for complex requests, with notice.

Rectification (Art. 16)

You can ask us to correct inaccurate data. You can update most of it yourself in your dashboard; for the rest, email privacy@pingr.email.

Erasure (Art. 17)

You can ask us to delete your data where it is no longer needed, where you withdraw consent, or where you object to legitimate-interest processing. We action this within 30 days, except where law requires us to keep certain records such as payment history. Account deletion cannot be reversed.

Restriction (Art. 18)

You can ask us to pause processing of your data in certain situations, for example while we check a rectification request.

Data Portability (Art. 20)

Where processing is based on consent or contract and is automated, you can ask for your data in a structured, machine-readable format (JSON or CSV) to take elsewhere.

Objection (Art. 21)

You can object to processing based on legitimate interests, including any direct marketing. If you object to direct marketing, we stop immediately.

Automated Decisions (Art. 22)

We do not make solely automated decisions about you that produce legal or similarly significant effects. The scores Pingr produces are informational outputs about public filings, not decisions about you.

How to Exercise Your Rights

Email privacy@pingr.email with your name and your account email. We may verify your identity first, to protect you against someone impersonating you. We will not charge a fee for reasonable requests.

Right to Complain

If you think we have mishandled your data, you can complain to the Data Protection Commission of Ireland (dataprotection.ie), or to the supervisory authority in your EU country of residence.

Age Requirement

Pingr is not directed at, and does not knowingly collect personal data from, anyone under the age of 18. The Service involves financial filing data intended for adults. If you are under 18, you may not use the Service.

If we learn we have collected data from someone under 18, we will delete it. If you believe this has happened, email privacy@pingr.email.

Third-Party Services

Pingr relies on the third parties below. Each has its own privacy policy, and we are responsible for them only where they act as our data processor under contract.

• Stripe. Payment processing. Stripe Privacy Policy
• Brevo. Email delivery. Brevo Privacy Policy
• OpenAI. AI text generation. OpenAI Privacy Policy
• Vercel. Frontend hosting. Vercel Privacy Policy
• Render. Backend and database hosting. Render Privacy Policy
• Yahoo Finance. Market price data. We send ticker symbols, never your data, to retrieve prices.

Links from Pingr to external sites are for convenience. We do not control those sites and are not responsible for their privacy practices.

Marketing Communications

We may send you occasional messages about new features and updates, either where you have consented or where we have a legitimate interest in telling existing subscribers about a service they already use. You can opt out at any time by clicking unsubscribe in any marketing email, changing your dashboard preferences, or emailing privacy@pingr.email.

Opting out of marketing does not stop service messages such as security notices, billing confirmations, and the alerts you set up yourself.

Changes to This Policy

We may update this policy as our practices or the law change. For material changes we will email the address on your account at least 14 days in advance, post a notice in the dashboard, and update the effective date at the top of this page.

Using the Service after a change takes effect means you accept the updated policy. If you do not agree, you can stop using the Service and request account deletion before the change takes effect. Previous versions are available on request from privacy@pingr.email.

Contact & Complaints

For any privacy question, data request, or complaint, contact us:

We aim to respond within 30 days, extendable by up to 60 more for complex requests, with notice. If you are not satisfied with our response, you can contact the supervisory authority:

• Ireland / EU: Data Protection Commission, dataprotection.ie

This Privacy Policy was last updated on June 1, 2026 and is effective from that date.