← Back to MR AI

Privacy Policy

Last updated: April 4, 2026  ·  MR AI — Forex & Crypto Intelligence Platform

1. Introduction

MR AI ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit, register for, and use our website and services, including our Forex & Crypto Intelligence Platform (the "Service"). Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service. By accessing or using MR AI, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

2. Information We Collect

2a. Information You Provide Directly

We collect information that you voluntarily provide to us when you create an account, subscribe to our Service, or interact with our platform:
  • Account Registration— Email address, password (hashed and encrypted by Supabase Auth), and account creation timestamp.
  • Payment Information— When you purchase a paid subscription, our payment processors (Razorpay for India, Stripe for international users) collect billing name, billing address, country, payment method details, and transaction history. We do not directly store credit card information; payment data is tokenized and stored securely by our payment processors. We retain invoice records, subscription status, and billing history for accounting and customer support purposes.
  • Profile & Settings— Any profile information you choose to add, such as subscription tier, notification preferences, and account settings.
  • Communications — If you contact our support team, we collect your email, subject line, message content, attachments, and any supplementary information you provide to resolve your inquiry.
  • Age Verification — By creating an account, you represent that you are at least 18 years old. We do not collect name, phone number, national ID, or government-issued identification documents at signup unless required by law.

2b. Automatically Collected Information

We automatically collect certain information about your device and how you interact with our Service:
  • Device Information— Operating system, browser type, browser version, mobile device model, and device identifiers.
  • Access Logs — IP address, access time, pages/features viewed, links clicked, time spent on each page, and referral source. These logs are retained for 30 days for security and debugging purposes.
  • Usage Analytics — Feature usage patterns, API calls, signal searches, watchlist interactions, and alert configurations. We use Vercel Analytics (planned) to track these interactions. Vercel Analytics collects basic usage data such as page views, user engagement, and performance metrics. For detailed information, see Vercel's Privacy Policy at vercel.com/privacy.
  • Performance Data — Page load times, error logs, and platform stability metrics to help us optimize the Service.
  • Geolocation — We infer general location (country/region) from your IP address to ensure compliance with regional regulations. We do not collect precise GPS location data.

2c. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:
  • Essential Cookies— Supabase authentication session cookies (sb-access-token, sb-refresh-token) are essential for account authentication and maintaining your logged-in session. These cookies are required for the Service to function and cannot be disabled.
  • Functional Cookies— Cookies that remember your preferences (language, theme mode, notification settings) to personalize your experience.
  • Analytics Cookies— Vercel Analytics may place cookies to track usage patterns and measure Service performance. These are non-essential and can be blocked or cleared.
  • No Marketing Cookies— We do not currently use marketing or third-party tracking cookies, pixels, or retargeting scripts. We do not share user data with social media platforms or advertising networks.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service. Analytics and functional cookies can be disabled without loss of core functionality.

2d. Third-Party Data Sources

We aggregate publicly available market data from the following third-party providers. These providers may collect your IP address and basic usage information when you access data through our Service:
  • Market Data APIs — CoinGecko (cryptocurrency data), GeckoTerminal (token charts), FRED (US economic data), Finnhub (stock market data), Yahoo Finance (global market data), DeFiLlama (DeFi protocol data), Alpaca (trading data), CFTC (Commodity Futures Trading Commission reports), CryptoPanic (news aggregation), MarketAux (market intelligence), NewsAPI (news feeds), and RSS feeds (news sources).
  • Hosting & Infrastructure— Vercel (web hosting, analytics), Supabase (database, authentication, row-level security), and AWS (underlying infrastructure for Supabase).
  • Payment Processing— Razorpay (India-based payment processor) and Stripe (international payment processor).

For privacy policies of these third parties, please visit their respective websites. We are not responsible for their privacy practices.

3. How We Use Your Information

We use the information we collect for the following purposes:
  • Service Delivery — To provide, maintain, and improve the Service, including delivering market signals, data analysis, and alerts.
  • Account Management — To create and manage your account, process subscription changes, and handle account recovery or security requests.
  • Payment Processing — To process payments, issue invoices, manage subscriptions, and prevent fraud or unauthorized transactions.
  • Communications — To send you service-related notifications (password resets, account alerts, subscription updates) and respond to your support inquiries. We will not send marketing or promotional emails unless you explicitly opt in.
  • Analytics & Improvement— To analyze usage patterns, identify feature gaps, optimize platform performance, and conduct A/B testing. All analytics data is aggregated and anonymized; individual user behavior is not profiled.
  • Security & Compliance— To detect and prevent fraud, unauthorized access, and abuse. To comply with legal obligations, court orders, and government requests. To enforce our Terms of Service and other agreements.
  • Legal Obligations — To comply with applicable laws in India, the EU, the US, and other jurisdictions where our users are located.

We do not use your personal information for AI model training, behavioral targeting, or creation of user profiles for marketing purposes without your explicit consent.

4. Data Sharing & Third Parties

We do not sell, rent, trade, or otherwise disclose your personal information to third parties for their marketing purposes. However, we may share your information in the following circumstances:
  • Payment Processors — Razorpay (for India-based payments) and Stripe (for international payments) receive your billing information (name, address, payment method) to process transactions. These processors are bound by their own privacy policies and PCI compliance standards.
  • Service Providers — Vercel (hosting, analytics), Supabase (database & auth, AWS backend), and error tracking services receive technical logs to maintain and troubleshoot the Service.
  • Legal & Compliance— We may disclose your information if required by law (court orders, government subpoenas, regulatory agencies), to protect our legal rights, or to respond to legitimate law enforcement requests in accordance with GDPR Article 6(1)(c), CCPA Section 1798.100(d), and Indian IT Act Section 43A.
  • Business Transfers — If MR AI is acquired, merges with another entity, or undergoes bankruptcy, your personal information may be transferred as part of that transaction. We will provide notice and seek your consent where required by law.
  • Aggregated Data — We may share aggregated, anonymized statistics and insights (e.g., "Platform has 10,000 users," "Most-watched currency pair is EUR/USD") with partners, investors, and researchers. This data cannot identify you.

We do not share personal information with social media platforms, advertising networks, or data brokers. All third parties that receive personal information are contractually bound to maintain confidentiality and use your data only for the specified purpose.

5. Data Storage, Security & Infrastructure

5a. Data Storage

All user data is stored in Supabase-managed PostgreSQL databases hosted on Amazon Web Services (AWS) in the US region. Supabase implements row-level security (RLS) policies to ensure that users can only access their own data. Encrypted backups are taken daily and retained for 30 days. Critical backups are archived for 1 year for disaster recovery.

5b. Encryption & Security Measures

  • In Transit — All data transmitted between your browser and our servers is encrypted using TLS 1.3. Our domain certificate is issued by Let's Encrypt and auto-renewed.
  • At Rest — Database encryption is enabled at the Supabase/AWS level using AES-256 encryption.
  • Password Hashing — Passwords are hashed using Supabase Auth's bcrypt algorithm and salting. We never store or transmit passwords in plain text.
  • Access Control — Only authorized engineers have limited database access for maintenance. All administrative access is logged.
  • Vulnerability Scanning— We conduct periodic security audits and penetration testing to identify and remediate vulnerabilities.

5c. Incident Response

In the event of a data breach or security incident that affects personal information, we will:
  • Investigate the incident within 24 hours
  • Notify affected users within 72 hours (or as required by law) with details of what was compromised and steps they should take
  • Notify relevant regulatory authorities (ICO for EU users, CCPA for California users, etc.) if legally required
  • Document the breach and maintain records for compliance purposes

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and comply with legal obligations:
  • Account Data — Retained while your account is active. If you delete your account, we will securely erase all personal information within 30 days, except where retention is required by law.
  • Access Logs — Retained for 30 days for security purposes, then permanently deleted.
  • Payment & Billing Records— Retained for 7 years to comply with Indian income tax requirements, GDPR accounting standards, and US tax regulations.
  • Aggregated Analytics— Retained indefinitely, as this data is anonymized and cannot identify you.
  • Support Communications— Retained for 2 years to resolve disputes and maintain service history.
  • Legal Holds — If litigation or regulatory investigation is pending, we will retain relevant data until the matter is resolved.

You can request deletion of your account and associated personal data at any time by emailing support@mr-ai.com. We will process deletion requests within 30 days, unless a legal hold prevents immediate deletion.

7. Your Privacy Rights

Depending on your jurisdiction, you have the following rights regarding your personal information:

7a. European Economic Area (GDPR)

If you are a resident of the EU, UK, or EEA, you have the following rights under the General Data Protection Regulation:
  • Right to Access — You can request a copy of all personal information we hold about you.
  • Right to Rectification— You can correct inaccurate or incomplete information.
  • Right to Erasure — You can request deletion of your personal data, except where we have a legal obligation to retain it.
  • Right to Restrict Processing— You can request that we limit how we use your information.
  • Right to Data Portability— You can request your data in a machine-readable format (CSV, JSON) to transfer to another service.
  • Right to Object — You can object to specific processing activities (e.g., analytics, profiling).
  • Right to Withdraw Consent— You can withdraw consent for optional processing at any time.

7b. California (CCPA & CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
  • Right to Know — You can request what personal information we collect, use, and disclose.
  • Right to Delete — You can request deletion of personal information, subject to legal exceptions.
  • Right to Correct — You can request correction of inaccurate personal information.
  • Right to Opt Out — You can opt out of the sale or sharing of your personal information (we do not currently engage in these activities).
  • Right to Non-Discrimination— We will not deny you service, charge higher prices, or provide lower quality service for exercising your privacy rights.

7c. India (IT Act & BharatCloud Principles)

If you are an Indian resident, you have rights under the Indian Information Technology Act 2000 and emerging data protection norms:
  • Right to Information— You can request what information we collect and how we use it.
  • Right to Correction— You can request correction of inaccurate data.
  • Right to Deletion — You can request deletion of your account and associated data.
  • Grievance Redressal— You can escalate privacy complaints to our Grievance Officer at support@mr-ai.com.

7d. How to Exercise Your Rights

To exercise any of the above rights, please send a written request to support@mr-ai.com with the following information:
  • Your full name and email address associated with your account
  • Clear description of your request (e.g., "Access," "Delete," "Export")
  • Any reference ID or account details that help us locate your information
  • Copy of government-issued ID (for verification purposes)

Response Timeline: We will acknowledge your request within 7 business days and respond fully within 30 days (or 45 days for complex requests). If we cannot fulfill your request, we will explain the reason. You have the right to appeal our decision to the relevant data protection authority.

Verification: We may ask you to verify your identity before processing sensitive requests (data access, deletion) to prevent unauthorized disclosure.

8. International Data Transfers

MR AI operates globally, and your personal information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States (Vercel, Supabase).

EU Users: If you are in the EU/EEA, we rely on the following legal mechanisms for international transfers: (a) Standard Contractual Clauses (SCCs) between MR AI and Supabase/Vercel, (b) Adequacy decisions where applicable, and (c) Your explicit consent. We have executed Data Processing Agreements (DPAs) with all processors. By using our Service, you consent to the transfer of your information outside the EEA.

Other Users: If you are outside the EU, we comply with applicable laws in your jurisdiction regarding cross-border data flows.

9. Third-Party Links & Services

Our Service may contain links to third-party websites and services (e.g., external market data providers, payment gateways) that are not operated by us. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third party before providing your information or using their services.

10. Children's Privacy

MR AI is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will delete it immediately and notify the parent or guardian. If you believe we have collected information from a minor, please contact us at support@mr-ai.com.

11. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. Currently, our Service does not respond to DNT signals. However, you can disable cookies and tracking through your browser settings or by contacting us at support@mr-ai.com.

12. California Consumer Rights (CPRA Disclosure)

Under the CPRA, we must disclose the following categories of personal information we collect:
  • Identifiers (email, IP address)
  • Commercial information (payment history, subscription tier)
  • Internet activity (browser type, pages visited, clicks)
  • Geolocation data (inferred country from IP)
  • Professional information (job title if voluntarily provided)

We collected this information for purposes of providing the Service, processing payments, and improving our platform. We do not sell or share this information with third parties for their own marketing. California residents can opt out of sales/sharing by contacting us at support@mr-ai.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email (sent to the email address associated with your account) or by displaying a prominent notice on our website. Your continued use of the Service after such notice constitutes your acceptance of the updated Privacy Policy. The "Last updated" date at the top of this policy reflects the date of the most recent revision. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

14. Data Protection Officer & Compliance

14a. Contact Information

For privacy-related questions, data requests, complaints, or to exercise your privacy rights, contact us at:

Email: support@mr-ai.com

Mailing Address: MR AI, India (Please include your name, email, and detailed request in your correspondence)

14b. Regulatory Authority Contacts

  • EU/UK Data Protection Authority: Your local supervisory authority (e.g., ICO for UK, local agency for your EU country)
  • California Attorney General: privacy@doj.ca.gov
  • Indian Data Protection: Ministry of Electronics & Information Technology (MeitY), Government of India

15. Glossary of Terms

  • Personal Information:Any information that identifies or can reasonably identify an individual.
  • Processing: Any operation performed on personal information, including collection, use, storage, disclosure, and deletion.
  • Controller: The entity (MR AI) that determines the purposes and means of processing.
  • Processor: An entity (e.g., Supabase, Vercel, Razorpay) that processes data on behalf of the controller.
  • Data Subject: The individual whose personal information is processed.
  • Consent: Freely given, specific, and informed agreement to process personal information.