Privacy Policy

How we collect, use, and protect your data

Last Updated: December 7, 2025

This Privacy Policy explains how Rumi Financial Observability Platform collects, uses, stores, and protects your personal information.

1. Introduction

Rumi Financial Observability Platform ("we," "our," or "the Service") is committed to protecting your privacy. This Privacy Policy describes how we handle your data when you use our AI-powered financial monitoring platform.

By using Rumi, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

  • Username and Email: For account creation and authentication
  • Password: Encrypted using bcrypt (we never store plain-text passwords)
  • Profile Information: Full name, role (admin/analyst/viewer)
  • Authentication Tokens: JWT tokens for session management

2.2 Financial Data

  • Watchlist Companies: Stock symbols and company names you monitor
  • Observations: Custom monitoring rules and trigger conditions you create
  • Investment Thesis: Thesis points you document for your positions
  • Email Insights: AI-generated insights and summaries delivered to you

Note: All financial market data is obtained from third-party providers (Financial Modeling Prep, SEC EDGAR) and is subject to their privacy policies.

2.3 Usage Data

  • Monitoring Activity: Observations created, triggers processed
  • Feature Usage: Which trigger types and schedules you use
  • Session Data: Login timestamps, session duration
  • Error Logs: Technical errors for debugging (no personal data)

2.4 Technical Information

  • Browser Information: User agent, browser type
  • IP Address: For security and rate limiting
  • Cookies: Session cookies for authentication (no tracking cookies)
  • Cache Data: Temporary storage of API responses (Redis/in-memory)

3. How We Use Your Information

Primary Uses:

  • Provide AI-powered financial monitoring and observation services
  • Maintain your watchlist, observations, and preferences
  • Authenticate and secure your account
  • Generate personalized email insights when your conditions are met
  • Cache financial data to improve performance

AI Processing:

  • OpenAI: Primary AI provider for insight generation and thesis analysis
  • OpenAI Embeddings: Used for semantic search and vectorization
  • Data Sent to AI: Company symbols, financial data, your thesis points
  • AI Provider Policies: Subject to OpenAI terms and policies

Service Improvement:

  • Monitor system performance and identify bugs
  • Analyze feature usage to improve user experience
  • Optimize AI model selection for cost and quality
  • Improve observation triggers based on usage patterns

4. Data Storage and Security

Security Measures:

Encryption

All data encrypted in transit (HTTPS) and at rest

Password Security

Bcrypt hashing with salt (never plain-text)

Database Security

MongoDB with authentication and access control

Session Management

JWT tokens with 7-day expiration

Data Storage Locations:

  • Primary Database: MongoDB (your account, observations, preferences)
  • Vector Store: MongoDB for semantic search and embeddings
  • Email History: Stored with observation records for reference
  • Session Data: Encrypted JWT tokens (browser cookies)

5. Data Retention

We retain your data for the following periods:

  • Account Data: Until you delete your account
  • Observations: Until you delete or cancel them
  • Email Insight History: Stored with observations for reference
  • Session Tokens: 7 days or until logout
  • Error Logs: 30 days

6. Third-Party Services

AI Providers:

  • OpenAI

    Used for insight generation, thesis analysis, and embeddings

    Privacy Policy

Financial Data Providers:

  • Financial Modeling Prep (FMP)

    Stock prices, financials, earnings data

    Privacy Policy
  • SEC EDGAR

    Public company filings (10-K, 10-Q)

    Privacy Policy

Important: We do not sell or share your personal information with third parties for marketing purposes. Data is only shared with service providers necessary for functionality.

7. Your Rights

Access

Request a copy of all data we have about you

Correction

Update or correct your account information

Deletion

Delete your account and all associated data

Export

Download your observations and insight history

To exercise these rights, contact us at: privacy@rumi-ai.com

8. Cookies and Tracking

We use minimal cookies for essential functionality only:

  • Session Cookie: JWT authentication token (httpOnly, secure, 7-day expiration)

We do NOT use: Third-party tracking cookies, advertising cookies, or analytics cookies.

9. Children's Privacy

Rumi is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Updating the "Last Updated" date at the top of this page
  • Sending an email notification (for material changes)
  • Displaying a notice in the application

11. Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: privacy@rumi-ai.com

Support: support@rumi-ai.com

Compliance Standards

Rumi Financial Observability Platform adheres to:

  • • SOC 2 Type II security standards
  • • GDPR compliance (for EU users)
  • • Industry best practices for financial data handling
  • • Bank-grade encryption and security measures
Privacy Policy | Rumi