Security & Privacy
**Our Commitment**
Your research is yours. We use enterprise-grade encryption for all data, both in transit and at rest. Documents and notes are never used to train AI models without your explicit consent. You can export or delete your data, or close your account, at any time.
## Data Security
- Encryption: Data encrypted at rest (AES-256) and in transit (TLS 1.2+).
- Access Controls: Role-based permissions, monitoring, and regular audits.
- Tenant Isolation: Your documents and derived insights remain scoped to your account. No cross-tenant mixing.
- Data Deletion: Permanent deletion of files, annotations, and derived artifacts is available through account settings.
## Data Collection & Usage
**What We Collect**
- Account Information: Name, email address, authentication credentials.
- Content You Provide: Documents, notes, annotations, and any files you choose to upload or sync.
- Usage Metadata: Logs of feature usage, queries, and interactions for performance and reliability monitoring.
**How We Use It**
- Service Delivery: To power search, summarization, and research workflows.
- Analytics: To improve system performance and user experience (aggregated, non-identifiable).
- Feature Development: To enhance platform capabilities and build new features.
## Privacy & Control
- Private by Default: Upload files directly; third-party syncs (e.g., OneDrive, Google Drive) are optional and require explicit user action.
- No Training Without Opt-In: Customer data is never used to train or fine-tune AI models unless you sign a separate data-use agreement.
- User Control: You may revoke storage integrations, export all provenance records, and request permanent deletion at any time.
## Regulatory Compliance
We honor applicable privacy regulations:
- GDPR (EU): Rights of access, rectification, erasure ("right to be forgotten"), and portability. Learn more at gdpr.eu.
- CCPA (California): Rights to know, delete, opt-out of sale, and non-discrimination. Details at California Attorney General's Office.
Enterprise customers may request a Data Processing Addendum (DPA) for additional contractual protections. For more information on data protection standards, visit ISO 27001 standards.
## Subprocessors
We work with select infrastructure and processing providers to deliver services securely. All subprocessors are contractually bound to maintain equivalent data protection and security standards.
(Current list of subprocessors available upon request.)
## Cookies & Tracking
We use cookies for:
- Essential functionality: Authentication, session management, security.
- Analytics: Usage insights to improve performance.
- Preferences: Remembering user settings.
You can manage or disable cookies through your browser settings.
## Disclaimer — AI-Generated Content
ValuWiki provides tools to help users generate summaries, analyses, and answers using AI. Outputs are automatically generated from your uploaded content and licensed/public sources.
- Not investment advice. Nothing on this platform constitutes investment recommendations.
- For research support only. Content should not be relied on as the sole basis for decisions.
- Your responsibility. You are responsible for verifying, reviewing, and interpreting outputs with professional judgment.
- No broker/dealer services. ValuWiki is not a registered investment adviser or broker-dealer.
## Contact
Questions or concerns about security or privacy? We're committed to transparency and compliance.
For additional privacy resources, visit Privacy.org or learn about FTC privacy guidelines.
Learn more about our evidence-first approach to AI research and read our Terms of Service.
**Last updated: September 2025**