Legal · Last Updated 17 May 2026

Privacy Policy

This policy explains what personal information AMORDAD Capital collects, why we collect it, how we use it, and the rights you have over it.

01

Who We Are

AMORDAD Capital is a research publication operated by Amordad Research Tool, a company incorporated in Ontario, Canada. We publish AI-generated investment research tools for educational and informational purposes. We are not a registered investment adviser, broker-dealer, or financial planner in any jurisdiction. For privacy enquiries, contact us at BOD@amordad.capital.com.
02

Information We Collect

We collect the following information when you create an account or use our service:

Information you provide directly:

  • Email address
  • Username
  • Password (stored as a bcrypt hash — we never store your plaintext password)
  • Chosen plan (trial, monthly, or annual)
  • Consent records (age attestation, sanctions attestation, terms acceptance, marketing preference, timestamp, version)

Information collected via Stripe (payments):

  • Stripe Customer ID
  • Stripe Subscription ID
  • Payment status and subscription period end date

Information collected automatically:

  • IP address (logged by Vercel infrastructure)
  • Browser user agent
  • Request timestamps
  • Analysis usage counts per calendar month
03

How We Use Your Information

  • Account creation and authentication — to create and manage your account and verify your identity on each session.
  • Subscription billing — to process payments, manage plan upgrades and cancellations, and send renewal reminders via Stripe and (where opted in) email.
  • Service delivery — to count your monthly analysis usage against your plan limit and to display your saved analyses in your dashboard.
  • Customer support — to respond to enquiries you send through our contact page.
  • Security and fraud prevention — to detect and block abuse, enforce sanctions compliance, and protect our infrastructure.
  • Legal and regulatory compliance — to retain records as required by applicable law.
  • Product updates (if opted in) — to send you information about new features or offers where you have given marketing consent.
04

Legal Bases (GDPR Users)

If you are located in the European Economic Area or the United Kingdom, we rely on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract (Art. 6(1)(b)) — processing necessary to create your account, authenticate you, and administer your subscription.
  • Legitimate Interest (Art. 6(1)(f)) — security monitoring, fraud prevention, sanctions screening, and service improvement, where our interests do not override your fundamental rights.
  • Consent (Art. 6(1)(a)) — optional marketing email communications (you may withdraw consent at any time) and non-essential cookies and analytics.
  • Legal Obligation (Art. 6(1)(c)) — tax, audit, and other records we are required by law to retain.
05

Processors and Subprocessors

We share your data with the following third parties only to the extent necessary to operate the service:

  • StripePayment processing and subscription management. Location: United States (Dublin, IE for EU customers).
  • VercelHosting, edge network, serverless functions. Location: United States (global edge).
  • Vercel KV (Upstash Redis)User records, analysis metadata, usage counters. Location: United States.
  • NextAuth.jsSession management (JWT, no external server). Location: No data leaves your infrastructure.
  • Financial Modeling Prep (FMP)Market data for analysis (ticker queries only — no personal data sent). Location: United States.
  • Google FontsWeb font delivery (loaded only after functional cookie consent). Location: United States.
  • ResendTransactional and subscription renewal emails. Location: United States.

We do not sell, rent, or trade your personal information to any third party.

06

International Transfers

Some of our processors are located in the United States. Where personal data is transferred outside Canada or the EEA, we rely on: (a) Stripe's Standard Contractual Clauses (SCCs) for EU/EEA data; (b) Vercel's Data Processing Addendum; and (c) Upstash's Data Processing Addendum. Copies of these instruments are available from the respective providers on request.
07

Cookies and Trackers

We use a consent banner to obtain your preferences before setting non-essential cookies. We operate three categories: (1) Necessary — session tokens and authentication cookies required for the service to function; these cannot be disabled. (2) Functional — preferences such as font loading (Google Fonts); disabled until consent is given. (3) Analytics — we do not currently run any analytics service. We do not use advertising or tracking cookies of any kind.
08

Retention

Account data is retained for the lifetime of your account plus seven years for tax and audit purposes. Server access logs are retained for 90 days. Deleted accounts are purged within 30 days except for records that applicable law requires us to retain. Monthly usage counters expire automatically after 35 days.
09

Your Rights

Depending on your jurisdiction, you may have the following rights. To exercise any of them, email BOD@amordad.capital.com.

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — request erasure of your data, subject to legal retention requirements.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Restriction — ask us to restrict processing while a dispute is resolved.
  • Withdraw Consent — withdraw marketing consent at any time without affecting lawfulness of prior processing.
  • Quebec Law 25 (residents of Quebec) — you have additional rights including the right to be informed of automated decision-making that affects you, and to request human review of such decisions.

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA/CPRA). If you are unsatisfied with our response, you have the right to lodge a complaint with your supervisory authority.

10

Person Responsible for Privacy (Quebec Law 25)

In accordance with Quebec Law 25 (Act respecting the protection of personal information in the private sector), the person responsible for the protection of personal information at AMORDAD Capital is: {NAME_TO_BE_DESIGNATED}, reachable at BOD@amordad.capital.com.
11

California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know — the categories and specific pieces of personal information we collect, use, and disclose.
  • Right to Delete — request deletion of your personal information, subject to exceptions.
  • Right to Correct — request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information — we do not use sensitive personal information beyond what is necessary to provide the service.
  • Right to Opt-Out of Sale or Sharing — AMORDAD does not sell or share personal information for cross-context behavioural advertising. No opt-out mechanism is required, but we provide one as a courtesy: email BOD@amordad.capital.com.

We will not discriminate against you for exercising any of these rights.

12

Children

AMORDAD is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal information, we will delete it promptly. If you believe a minor has submitted information to us, please contact BOD@amordad.capital.com.
13

Breach Notification

In the event of a personal information breach that poses a real risk of significant harm to individuals, we will notify affected individuals and the relevant supervisory authority in accordance with: (a) PIPEDA's "real risk of significant harm" standard (Canada); (b) GDPR's 72-hour notification requirement (EEA/UK); and (c) applicable U.S. state breach notification laws. We maintain an internal breach log and will cooperate fully with regulatory investigations.
14

Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page will reflect the date of the most recent revision. We will notify you of material changes by email (if you have provided one) or by a prominent notice on the site before the changes take effect. Continued use of AMORDAD after the effective date of a revised policy constitutes your acceptance of the changes. The current consent version is 2026-05-17.v1.
15

Contact

For any privacy-related enquiries, to exercise your rights, or to reach the person responsible for privacy protection, please contact us at BOD@amordad.capital.com or through our contact page.

AMORDAD Capital · Privacy Office

Last Updated · 17 May 2026 · Version 2026-05-17.v1
AMORDAD

Value investing intelligence in the tradition of the Six.

© 2026 AMORDAD Capital, Research
Product
FeaturesPricingDemoRoadmap
Resources
MethodologyFAQGlossarySample Letters
Legal
AboutContactDisclaimerTerms of ServicePrivacy Policy

AMORDAD Capital is a research publication — not a registered investment adviser, broker-dealer, portfolio manager, or financial planner in any jurisdiction. The "Investment Office" designation is a brand name for this publication and does not imply a regulated investment management firm. AMORDAD is not affiliated with, endorsed by, or connected to Berkshire Hathaway, Pershing Square, TCI Fund Management, Himalaya Capital, Baupost Group, or any named investor. All output is AI-generated and intended for educational purposes only. Past performance does not indicate future results. All investing involves risk, including the loss of principal.

AMORDAD Capital · © 2026 · Published from Canada