InvestBuddy is an AI-powered portfolio optimization platform that uses a 2-Layer Stacked LSTM (128→64 units, 142,000 parameters) with 46 features. The Phase 2 model was trained on 85 symbols (2019-2026) with 13,014 sequences. Our monthly friction-optimized rebalancing strategy achieves +63.41% Alpha over the S&P 500.

How accurate are the AI predictions?

Our Phase 2 LSTM model achieves 57.68% directional accuracy on 10-day stock predictions (training) and 55.41% OOS win rate in backtesting (241 trades). This honest validation includes transaction costs and slippage. By combining ML predictions with monthly rebalancing to minimize friction, the strategy achieves +63.41% Alpha over the S&P 500 benchmark. Models use 46 features across 85 symbols. Note: Past performance does not guarantee future results.

Is there a free trial?

Yes! We offer a 7-day free trial with full access to all features including AI stock recommendations, portfolio optimization, real-time analytics, and market regime detection. No credit card required.

What makes InvestBuddy different from other investment platforms?

InvestBuddy combines a 2-Layer Stacked LSTM neural network (142,000 parameters) with 46 features for stock predictions, monthly friction-optimized rebalancing to minimize transaction costs, and real-time market regime detection. We provide full transparency into AI reasoning with confidence scores. The result: +63.41% Alpha over the S&P 500 with monthly rebalancing that avoids the 130% spike in broker fees from excessive trading costs.

InvestBuddy Privacy Policy

1. Introduction

InvestBuddy.ai ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our portfolio management platform, including our web application, MCP (Model Context Protocol) server, API services, and third-party integrations.

Data Controller: InvestBuddy.ai is the data controller responsible for your personal data.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, password (encrypted)
Phone Verification: Phone number (for trial verification and security)
Profile Information: Investment preferences, risk tolerance, investment goals
Portfolio Data: Stock holdings, quantities, purchase prices, transactions
API Keys: Self-generated API keys for MCP server and third-party integrations (hashed and encrypted)
Payment Information: Processed securely by third-party payment processors (we don't store full card details)
Communications: Messages you send us through contact forms or support requests

2.2 Automatically Collected Information

Usage Data: Pages visited, features used, time spent, click patterns
API Usage: API endpoint calls, request/response data, rate limit usage, error rates
MCP Server Activity: Tool invocations (predict, analyze, discover), request parameters, response times
Device Information: Browser type, operating system, device identifiers
IP Address: Your IP address for security and analytics
Cookies: See our Cookie Policy for details
Log Data: Access times, error logs, performance data

2.2.1 Guest Mode & IP-Based Rate Limiting

Important: When you use our API or MCP tools through ChatGPT Actions without providing an API key (Guest Mode), we collect and temporarily store your IP address for rate limiting and abuse prevention purposes.

What We Collect: IP address, request timestamps, daily request count
Purpose: To enforce daily usage limits (5 requests/day for guests), prevent abuse, and ensure fair access for all users
Retention: IP address data is automatically deleted after 24 hours from last request
Legal Basis: Legitimate interest in preventing service abuse and ensuring system stability
No Tracking: We do NOT use guest IP addresses for marketing, profiling, or cross-device tracking
Your Rights: You can request deletion of your IP data by contacting support@investbuddy.ai

To avoid IP tracking, you can create a free account and use your own API key. This provides the same 5 requests/day limit but uses your account ID instead of IP address for tracking.

2.3 Information from Third Parties

Market Data: Stock prices, company information from financial data providers
OAuth Providers: If you sign in with Google, we receive basic profile information
News & Sentiment: Aggregated market news and sentiment data
AI Platform Integrations: When you use our MCP tools through ChatGPT, Claude Desktop, or other AI platforms, we receive your queries and send responses. These platforms have their own privacy policies.

3. How We Use Your Information

3.1 Legal Bases for Processing (GDPR)

We process your personal data based on:

Contract Performance: To provide the services you requested
Legitimate Interests: To improve our service, prevent fraud, ensure security
Consent: For marketing communications, cookies (where required)
Legal Obligations: To comply with applicable laws and regulations

3.2 Specific Uses

Service Delivery: Portfolio analysis, risk assessment, recommendations
MCP & API Services: Processing prediction requests, market analysis, portfolio optimization via our API and MCP server
Third-Party Integrations: Enabling ChatGPT, Claude Desktop, and other AI platforms to access our stock prediction and analysis tools
Account Management: Authentication, subscription management, support, API key generation
Communications: Service updates, price alerts, newsletters (with consent)
Personalization: Tailored recommendations based on your preferences
Analytics: Understanding usage patterns, API performance, ML model accuracy improvements
Security: Fraud prevention, abuse detection, rate limiting, API key validation, system security
ML Training: Improving our machine learning models (anonymized data only)
Compliance: Meeting legal and regulatory requirements

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

4.1 Service Providers

Cloud Hosting: Railway, AWS, or similar providers
Email Services: For transactional emails and notifications
SMS Services: Twilio for phone verification
Payment Processors: For subscription billing
Market Data Providers: Twelve Data, Alpha Vantage
Analytics: Usage analytics and monitoring tools

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.1.1 AI Platform Integrations

When you use InvestBuddy through third-party AI platforms, your data is subject to both our Privacy Policy and the platform's own privacy policy:

ChatGPT (OpenAI): When using our Custom GPT, your queries are sent to ChatGPT, which then calls our API. OpenAI's privacy policy applies to data in their systems.
Claude Desktop (Anthropic): When using our MCP server through Claude Desktop, your queries are processed locally, then sent to our API. Anthropic's privacy policy applies.
Other MCP Clients: Any MCP-compatible client may access our tools using your API key. Review their privacy policies.

Data Collection from AI Platforms:

With API Key: We receive your stock queries and prediction requests. We cannot identify individual users unless they include personal information in queries.
Guest Mode (No API Key): We collect your IP address for rate limiting purposes as described in section 2.2.1. The AI platform cannot see your IP address.
What ChatGPT Sees: ChatGPT/Claude sees your questions and our API responses. They do NOT see your IP address, API key, or any data stored in our database.
What We See: We see the stock symbols and parameters you request, your IP address (if using Guest Mode), and your API key identifier (if logged in). We do NOT see your conversation with the AI platform.

4.1.2 Internal Access (Administrators)

Authorized InvestBuddy administrators have limited access to user data for the following purposes:

User Support: To assist with account issues, technical problems, and customer inquiries
System Administration: To maintain platform security, monitor for abuse, and ensure service quality
Security Monitoring: To investigate suspicious activity, fraud prevention, and security incidents

What Administrators Can Access:

User account information (name, email, subscription status, trial dates)
Active login sessions (IP addresses, user agents, login times)
API usage statistics and rate limit data
System logs for debugging and security purposes

Safeguards: Administrator access is restricted to essential personnel only, all access is logged for audit purposes, and administrators are bound by confidentiality agreements. We do NOT access your portfolio holdings, trading strategies, or financial data unless explicitly requested by you for support purposes.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or to:

Comply with legal obligations
Protect our rights, property, or safety
Prevent fraud or security issues
Protect the rights and safety of our users

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Your Rights (GDPR & Privacy Rights)

You have the following rights regarding your personal data:

5.1 Access & Portability

Right to Access: Request a copy of your personal data
Data Portability: Receive your data in a structured, machine-readable format

5.2 Correction & Deletion

Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")

5.3 Control & Restriction

Right to Restriction: Limit how we process your data
Right to Object: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent for marketing or optional processing

5.4 How to Exercise Your Rights

To exercise any of these rights, please:

Email us at: support@investbuddy.ai
Use the Contact Form
Access your Settings Page for account management

We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

6. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

Active Accounts: Data retained while your account is active
Deleted Accounts: Most data deleted within 30 days; some data retained for legal/security purposes
Guest Mode IP Addresses: Automatically deleted after 24 hours from last request (used only for rate limiting)
API Keys: Revoked keys deleted after 90 days; active keys retained while account is active
API Logs: Request/response logs retained for 90 days for debugging and security; aggregated analytics retained longer
Transaction Records: Retained for 7 years for accounting and legal compliance
Marketing Data: Removed within 30 days of unsubscribing
Logs & Analytics: Aggregated data retained for service improvement

7. Data Security

We implement industry-standard security measures to protect your data:

Encryption: Data encrypted in transit (TLS/SSL) and at rest
Password Security: Passwords hashed with bcrypt
API Key Security: API keys hashed with SHA-256, never stored in plain text, transmitted via secure headers
Access Controls: Role-based access, principle of least privilege, API rate limiting by tier
Monitoring: Security monitoring, intrusion detection, API abuse detection
Regular Audits: Security assessments and vulnerability scanning
Secure Infrastructure: Hosted on secure, certified cloud platforms

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Cookies and Tracking

We use cookies and similar technologies. For detailed information, please see our Cookie Policy.

You can manage cookie preferences through:

Our cookie consent banner (first visit)
Your browser settings
Your Account Settings

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the EU Commission
Adequacy decisions for countries with equivalent data protection
Privacy Shield or successor frameworks (where applicable)

10. Children's Privacy

InvestBuddy.ai is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Marketing Communications

We may send you promotional emails about new features, offers, or updates. You can opt out at any time by:

Clicking "unsubscribe" in any marketing email
Updating preferences in your Settings
Contacting us at support@investbuddy.ai

Note: You cannot opt out of essential service-related communications (e.g., security alerts, subscription confirmations).

12. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

Email notification to registered users
Prominent notice on our platform
Updated "Last Modified" date at the top of this page

Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us:

Email: support@investbuddy.ai

Contact Form: Contact Us