HiLo Finance – Privacy Policy

Effective Date: January 1, 2026 | Version: 2.0 | Last Updated: May 26, 2026

HiLo Finance, Inc. ("HiLo", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application ("App" or "Platform"). By using the Platform, you consent to the data practices described in this Policy.

California Residents: If you are a California resident, additional privacy rights under the California Consumer Privacy Act (CCPA) apply. See Section 12 below.

1. Information We Collect

Information You Provide

• Account Information: Phone number, username, first name, last name, email address
• Profile Information: Profile picture, bio, trading experience, investment preferences
• Payment Information: Billing address, payment method details (processed by Stripe; we do NOT store full credit card numbers)
• Communications: Messages, chats, posts, comments, trade alerts shared via the Platform
• Support Requests: Information you provide when contacting customer support

Automatically Collected Information

• Device Information: Device type, operating system, unique device identifiers, mobile network information
• Usage Data: App features used, screens viewed, time spent, interactions with content
• Log Data: IP address, browser type, access times, crash reports, error logs
• Location Data: Approximate location based on IP address (not precise GPS location)

Information from Third Parties

• GetStream: Chat message metadata, user presence status
• Stripe: Payment confirmation, subscription status
• Twelve Data: Market data requests (anonymized)
• SnapTrade (Passiv Inc.) — Mentors only: Brokerage account trade execution data (symbol, instrument type, side, price, quantity, execution timestamp, brokerage order ID, account identifier). HiLo receives this data via SnapTrade webhooks for the purpose of verifying Mentor trades. Brokerage login credentials are NOT shared with HiLo.
• Analytics Providers: Mixpanel, Firebase Analytics — aggregated usage statistics

2. How We Use Your Information

• Authenticate your identity via SMS OTP and create and manage your account
• Enable messaging via GetStream and process subscription payments via Stripe
• Display market data via Twelve Data and send push notifications
• Verify Mentor trade execution data received from SnapTrade against published trade alerts
• Analyze usage patterns to improve user experience and develop new features
• Comply with legal obligations and detect and prevent fraud, abuse, and security threats
• Send promotional emails about new features or Mentor offerings (opt-out available)

3. Data Sharing and Disclosure

We do NOT sell your personal information to third parties.

We share data with the following third-party service providers who perform services on our behalf:

• GetStream: Chat messaging — username, user ID, profile picture, messages
• Stripe: Payment processing — name, email, billing address, payment method
• Twelve Data: Market data — symbol requests (anonymized)
• Twilio: SMS verification — phone number
• Mixpanel: Analytics — device ID, usage events (anonymized)
• Firebase: Push notifications and analytics — device token, app events
• AWS S3: File storage — profile pictures, uploaded images
• SnapTrade (Passiv Inc.) — Mentor accounts only: Brokerage connectivity and trade verification — SnapTrade user ID/secret, brokerage account identifiers, trade execution records (symbol, side, price, quantity, timestamp). Login credentials are NOT shared with HiLo.

All service providers are contractually required to protect your data and use it only for specified purposes.

We may disclose your information if required by law, regulation, or legal process, including subpoenas, court orders, or government requests from SEC, FINRA, CFTC, or law enforcement.

4. Data Security

We implement industry-standard security measures including TLS/SSL encryption for data in transit, encryption at rest on AWS servers, phone-based OTP login, role-based access restrictions, and automated security monitoring and intrusion detection. No system is 100% secure; you acknowledge this inherent risk by using the Platform.

5. Data Retention

Active account data is retained for the duration of your account plus 30 days. Most data is deleted within 30 days of account closure. Some data is retained longer to comply with legal requirements (e.g., SEC 7-year recordkeeping rule for compliance audit logs). Backup data is deleted within 90 days.

6. Your Privacy Rights

You may access and update your profile information within the App settings. You may request deletion of your account and personal data by emailing [email protected]. We will delete your data within 30 days, except where retention is required by law. You may opt out of promotional emails by clicking "Unsubscribe" in any marketing email or emailing [email protected]. You may disable push notifications in your device settings or within the App.

7. Children's Privacy

The Platform is NOT intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child under 18 has provided us with personal information, contact [email protected] immediately, and we will delete the account.

8. International Users

The Platform is operated from the United States. If you access the Platform from outside the U.S., your information will be transferred to, stored, and processed in the U.S. By using the Platform, you consent to this transfer. EU residents may have additional rights under GDPR — contact [email protected] to exercise them.

9. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties. We encourage you to read their privacy policies before providing any personal information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Minor changes are effective immediately upon posting; material changes take effect 30 days after notice via email or in-app notification. Previous versions are available upon request at [email protected].

11. Cookies and Tracking Technologies

We do not use cookies in the mobile app. However, our service providers (Mixpanel, Firebase) may use similar tracking technologies to collect usage data. You can limit tracking via your device settings (iOS: "Limit Ad Tracking", Android: "Opt out of Ads Personalization").

12. California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have the right to know what personal information we collect (categories, sources, purposes, and specific pieces), request deletion of your personal information (subject to legal retention requirements), and be free from discrimination for exercising your CCPA rights.

We do NOT sell your personal information. No opt-out action is required. Email [email protected] to exercise your rights; we will verify your identity and respond within 45 days. You may designate an authorized agent to make requests on your behalf by providing written authorization.

13. Contact Us

HiLo Finance, Inc. | San Francisco, CA 94102 | Privacy: [email protected] | Support: [email protected]