Privacy Policy

Last updated: June 11, 2026

This Privacy Policy explains how we collect, use, share, and protect information when you use Wall Street Friend at wsfriend.com (the "Service"). Wall Street Friend is a free web app for earnings analytics, SEC filing research, earnings-date predictions, and paper-trading backtests. We've written this policy to be specific to how the Service actually works — what we collect, who we work with, and the choices you have.

1. Scope & Who We Are

The Service is operated by All Things AI, Inc., a Delaware corporation ("All Things AI," "we," "us," or "our"). For the purposes of the EU/UK General Data Protection Regulation, All Things AI, Inc. is the data controller for personal data processed through the Service.

This policy applies to the wsfriend.com website and the features available there. It does not apply to third-party websites or services that we link to or that you reach through the Service. If you have questions about this policy, contact us at support@allthingsn.com.

2. Information We Collect

We collect only what we need to run the Service. Specifically:

(a) Account information from Google sign-in

You sign in with "Sign in with Google" (Google OAuth 2.0). When you do, Google shares a limited set of profile information with us — typically your name, email address, and your Google account ID. We use this to create and identify your account. We do not receive or store your Google password, and we do not store any password of our own.

(b) Content you create

When you use the Service while signed in, we store the work you create and save — for example, your saved earnings-date predictions and your paper-trading backtests, including their configuration and results — so they're available the next time you sign in.

(c) Usage & device data

We use Google Analytics 4 (measurement ID G-GCXM59R5DB) to understand how the Service is used. This typically includes the pages you visit, referring/exit pages, approximate location (derived from IP, usually city/region-level), and device and browser information such as device type, operating system, and screen size. We use this in aggregate to improve the Service.

(d) Cookies & local storage

We and our analytics provider use cookies and similar storage:

• A Django session cookie and a CSRF cookie — set when you are signed in, to keep you logged in and to protect against cross-site request forgery.
• A theme preference (light/dark) stored in your browser's localStorage so the Service remembers how you like it to look.
• Google Analytics cookies — used to measure usage as described above.

(e) Server logs

Like most websites, our servers automatically record log data when you access the Service, including your IP address, request timestamps, the pages or resources requested, browser/user-agent, and similar technical details. We use these logs to operate, secure, and troubleshoot the Service.

3. How We Use Information

• Provide the Service — authenticate you, run earnings analytics, SEC filing research, earnings-date predictions, and paper-trading backtests.
• Save your work — store and retrieve your saved predictions and backtests across sessions.
• Secure the Service — protect against fraud, abuse, and security incidents, and maintain the integrity of accounts.
• Understand usage — analyze aggregate trends to fix problems and improve features.
• Communicate — respond to support requests and send important service-related messages.

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

• Performance of a service — to deliver the features you ask for, including signing you in and saving your predictions and backtests.
• Legitimate interests — to secure, maintain, and improve the Service and understand how it is used, balanced against your rights.
• Consent — where required, for analytics cookies and similar technologies; you can withdraw consent at any time.

5. How We Share Information

We do not sell your personal information. We share information only with the service providers (processors) we rely on to run the Service, and only as needed:

• Google — for authentication (Google OAuth 2.0 sign-in) and analytics (Google Analytics 4).
• Alpaca (alpaca.markets) — provides market and price data (IEX feed on the free tier) and powers the paper-trading features. Prices are end-of-day/daily bars, not real-time streaming.
• Our hosting and infrastructure providers — to host the application, store data, and deliver the Service.

We may disclose information if required to do so by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of All Things AI, our users, or the public.

Company filings and earnings signals shown in the Service come from SEC EDGAR (sec.gov/edgar). That data is public information about companies and contains no personal information about you.

6. Cookies & Analytics Choices

Our session and CSRF cookies are strictly necessary for signed-in functionality. The theme preference is stored in localStorage and is used only to remember your light/dark choice. Google Analytics cookies help us measure usage. You have several controls:

• Browser controls — most browsers let you block or delete cookies and clear localStorage. Note that blocking necessary cookies may break sign-in.
• Google Analytics opt-out — you can install the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics.
• Global Privacy Control (GPC) — where applicable, we honor a GPC signal sent by your browser as a valid request to opt out of "sale"/"sharing."

7. Data Retention

We keep your account information and the content you create (your saved predictions and backtests) for as long as your account is active or as needed to provide the Service. We retain server logs and analytics data for a limited period for security and operational purposes. If you ask us to delete your account or data, we will do so, subject to any obligations to retain certain information by law. To request deletion, email support@allthingsn.com.

8. Security

We use reasonable technical and organizational measures to protect your information. The Service is served over HTTPS, and because authentication is handled through Google sign-in, we do not store any passwords. That said, no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

9. Your Privacy Rights

California (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how we use and share it.
• Delete personal information we have collected about you.
• Correct inaccurate personal information.
• Opt out of the "sale" or "sharing" of personal information — note that we do not sell personal information.
• Exercise these rights without discrimination in the price or quality of the Service.

EEA & UK (GDPR / UK GDPR)

If you are in the EEA or UK, you have the right to access, rectification, erasure, restriction of processing, data portability, and to object to processing. Where we rely on consent, you may withdraw it at any time. You also have the right to lodge a complaint with your local data protection authority.

How to exercise your rights

To exercise any of these rights, email us at support@allthingsn.com. We may need to verify your identity before acting on a request.

10. Children's Privacy

The Service is not directed to children under 13 (or under 16 in the EEA), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us at support@allthingsn.com and we will delete it.

11. International Data Transfers

We are based in the United States, and your information may be processed and stored in the United States. If you access the Service from outside the U.S., you understand that your information may be transferred to and processed in a country with different data protection laws than your own.

12. Do Not Track & Global Privacy Control

There is no common industry standard for responding to browser "Do Not Track" (DNT) signals, so the Service does not currently respond to DNT. However, where applicable law requires it, we honor the Global Privacy Control (GPC) signal as a request to opt out of "sale"/"sharing."

13. Third-Party Links

The Service may contain links to third-party websites, such as SEC EDGAR or other resources. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party site you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes may be communicated through the Service. Your continued use of the Service after an update means you accept the revised policy.

15. Contact Us