Privacy Policy

1. Introduction; Scope; Acceptance

1.1 This Privacy Policy (this “Policy”) explains how Vintara Investing (“Vintara,” “we,” “us,” or “our”) collects, uses, stores, discloses, and otherwise processes personal information when you: (a) visit or use vintarainvesting.com (the “Website”); (b) sign up for newsletters or other communications via our embedded subscribe form or client portal at app.vintarainvesting.com (the “Client Portal”); (c) purchase paid subscriptions or products; and (d) otherwise interact with our content, services, or Materials (collectively, the “Services” or “Materials”).

1.2 By accessing or using the Services, by registering for or subscribing to newsletters, or by otherwise providing personal information to us, you acknowledge that you have read, understood, and consent to the collection, use, storage, disclosure, and processing of your personal information as described in this Policy. If you do not agree, do not use the Services and do not provide personal information.

1.3 This Policy is incorporated into and supplements any other agreement you may have with us (including our Terms, Condition, Disclosures, and Conflicts). To the extent of any conflict between this Policy and a separate written agreement expressly signed by both parties, the signed agreement controls.

2. Controller; Contact; Data Protection Officer

2.1 Controller. For the purposes of applicable data protection laws, Vintara Investing is the data controller for personal information collected through the Services.

2.2 Contact. If you have questions, want to exercise privacy rights, or wish to make a complaint, contact: support@vintarainvesting.com. You may also mail a request to our corporate address if published elsewhere on the Site.

2.3 Data Protection Officer / Representative. If required by applicable law and upon request, we will provide contact details for our data-protection representative or Data Protection Officer.

3. Categories of Personal Information We Collect

3.1 Information You Provide.

We collect personal information you provide directly to us, including:

• 3.1.1 Identifiers and contact data: first name, last name, email address, phone number, postal address (if provided), and other contact details.
• 3.1.2 Account credentials and profile data: username, password (securely hashed), profile preferences, and other profile fields entered in the Client Portal.
• 3.1.3 Payment and billing information: payment card data and billing details when you purchase paid subscriptions or products (payment data is processed by third-party payment processors; see Section 7).
• 3.1.4 Communications content: any content you submit to us in messages, feedback, support requests, or contributions.

3.2 Information Collected Automatically.

When you access the Website or use the Client Portal, we and our service providers automatically collect:

• 3.2.1 Usage and analytics data: pages viewed, timestamps, time on page, click data, referring URL, search queries, and other engagement metrics.
• 3.2.2 Device and connection data: IP address, device identifiers, browser type and version, operating system, screen resolution, language, and other technical metadata.
• 3.2.3 Cookies, web beacons, local storage, and similar technologies consistent with Section 8 below.

3.3 Aggregated & De-identified Data.

We may aggregate or de-identify personal information and use such aggregated/de-identified data for any purpose (analytics, product development, research). Aggregated/de-identified data is not subject to this Policy to the extent it is truly anonymized.

4. How We Use Personal Information; Legal Bases

4.1 Purposes.

We use personal information for the following business purposes:

• 4.1.1 To provide the Services, including delivering newsletters, premium reports, account administration, client-portal access, billing, and transactional communications.
• 4.1.2 To communicate with you about the Services, respond to inquiries, and provide support.
• 4.1.3 To personalize and improve the Services, measure engagement, and perform analytics.
• 4.1.4 For marketing and promotional purposes where you have consented or where permitted by law.
• 4.1.5 To detect, prevent, and mitigate fraud, abuse, security incidents, and other harmful activities.
• 4.1.6 To comply with applicable law, regulation, legal process, or governmental requests and to enforce our agreements.

4.2 Legal Bases.

Where applicable law requires a legal basis for processing (e.g., GDPR), we rely on one or more of the following: (a) consent (where obtained); (b) performance of a contract or to take steps at your request prior to entering into a contract; (c) compliance with legal obligations; and (d) legitimate interests (for analytics, security, fraud prevention, product improvement), provided such interests are not overridden by your rights or freedoms. For California residents, we process personal information consistent with the CCPA/CPRA and other applicable state laws.

5. Third-Party Processors, Partners & Disclosures

5.1 Service Providers.

We disclose personal information to third-party service providers who perform services on our behalf, including but not limited to:

• 5.1.1 Beehiiv — newsletter delivery, subscription management, and components of the Client Portal. Beehiiv processes subscriber data on our behalf under contractually agreed-upon terms; please review Beehiiv’s privacy documentation for details.
• 5.1.2 Email delivery and analytics vendors that support delivering, tracking, and analyzing email campaigns.
• 5.1.3 Payment processors, merchant acquirers, and payment gateways for billing and payment authorizations.
• 5.1.4 Hosting and infrastructure providers, cloud services, monitoring, and logging tools. 5.1.5 Legal, accounting, and professional advisors, auditors, and regulators where necessary for compliance, legal claims, or audits.

5.2 Contractual Safeguards.

We require third-party processors to process personal information only on our documented instructions and to implement appropriate technical and organizational measures to protect the data. Where required by law, we enter data-processing agreements, standard contractual clauses (SCCs), or other appropriate safeguards.

5.3 Other Disclosures.

We may disclose personal information: (a) to comply with legal process or governmental requests; (b) to protect rights, property, or safety of Vintara, our users, or the public; (c) in the event of a merger, acquisition, financing, or asset sale (subject to buyer’s obligation to assume data-protection commitments, where possible).

6. International Transfers

6.1 Location of Processing. Personal information may be stored or processed in the United States or other countries where our service providers operate.

6.2 Safeguards. Where personal information is transferred outside your jurisdiction (including transfers from the EEA/UK), we implement appropriate safeguards such as SCCs, adequacy decisions, or contractual protections as required by applicable law. Contact support@vintarainvesting.com for details about the safeguards that apply to your data.

7. Payments & Billing

7.1 Third-Party Processors. Payment information you provide during purchases is processed by third-party payment processors and gateways. We do not store full payment card numbers on our servers unless explicitly stated; tokenized or limited payment data may be retained as necessary for refunds, chargebacks, and accounting.

7.2 Review Processor Policies. Before providing payment information, review the payment processor’s privacy and security documentation because payment processors are separate controllers or processors with their own terms.

8. Cookies, Tracking, & Advertising

8.1 Technologies. We and our vendors use cookies, local storage, web beacons, and similar technologies to operate and improve the Services, remember your preferences, provide analytics, and enable marketing.

8.2 Choices. You can control cookie settings through your browser or device. Where required, we provide a cookie-consent mechanism on the Website that allows you to accept or reject non-essential cookies. Rejecting tracking cookies may limit the functionality of some features.

8.3 Advertising & Third-Party Tracking. We may permit third-party advertising networks and analytics providers to place cookies or use similar technologies on the Website for measurement and advertising purposes. These parties have their own privacy practices; we do not control them. For opt-outs, use industry opt-out mechanisms (e.g., AdChoices) or browser/privacy settings.

9. Data Retention; Deletion; Account Closure

9.1 Retention Principle. We retain personal information only as long as necessary to fulfill the purposes described in this Policy, to comply with legal obligations, to resolve disputes, and to enforce our agreements.

9.2 Retention Periods. Retention periods vary by data category and purpose (e.g., subscriber records retained while the account is active, transactional data retained for tax/accounting periods). Upon request and subject to legal obligations, we will delete or anonymize personal information.

9.3 Account Closure & Deletion. If you close your account or request deletion, we will disable account access and, where feasible, delete or de-identify personal information within a commercially reasonable time, except where retention is necessary for legal, fraud prevention, audit, or legitimate business purposes.

10. Security

10.1 Safeguards. We implement commercially reasonable administrative, technical, and physical measures designed to protect personal information against unauthorized access, loss, misuse, or alteration (encryption in transit, access controls, logging, etc.).

10.2 No Absolute Guarantee. No security system is impenetrable. We cannot guarantee absolute security of your personal information and disclaim liability for unauthorized access except as required under applicable law.

10.3 Data Breach. In the event of a security incident that materially affects your personal information, we will act promptly to contain and remediate the incident and will notify affected individuals and regulators as required by law. Notification timelines may vary by jurisdiction.

11. Your Rights & How to Exercise Them

11.1 Overview. Depending on your jurisdiction, you may have rights including access, rectification, deletion, restriction of processing, objection to processing (including for direct marketing), portability, and the right to withdraw consent where consent is the legal basis. We will honor valid requests in accordance with applicable laws.

11.2 EU / EEA / UK (GDPR)

If you are located in the EEA/UK you may: request access to personal data; request correction; request erasure; request restriction; object to processing; request portability; and lodge a complaint with a supervisory authority. Contact support@vintarainvesting.com to exercise these rights.

11.3 California Residents (CCPA / CPRA)

If you are a California resident you may: request disclosure of categories and specific pieces of personal information collected; request deletion of personal information; request correction; opt-out of “sale” or “sharing” where applicable; and request non-discrimination for exercising privacy rights. Submit requests to support@vintarainvesting.com. We will verify requests in accordance with law.

11.4 Other Jurisdictions

Residents of other jurisdictions may have additional rights; please contact support@vintarainvesting.com for assistance.

11.5 Verification. To protect privacy and security, we will verify your identity before fulfilling rights requests. We may require additional information to process your request and may decline requests that are frivolous or cannot be verified.

11.6 Authorized Agents. You may designate an authorized agent to submit requests on your behalf; we may require proof of authorization and identity verification.

12. Do Not Sell / Sharing & Marketing Choices

12.1 Do Not Sell / Share. We do not knowingly “sell” or “share” personal information for monetary consideration in a manner that would trigger opt-out rights under applicable laws; where applicable laws define “sale” or “sharing” more broadly, you may have the right to opt-out. To exercise opt-out rights or request choices, contact support@vintarainvesting.com.

12.2 Marketing Choices. You may opt out of marketing emails by using the unsubscribe link in emails or by contacting support@vintarainvesting.com. Opting out of marketing does not affect transactional or service messages. For SMS communications we require explicit consent; standard message and data rates may apply and you may opt out by following instructions in any message (e.g., reply STOP).

13. Children’s Privacy

13.1 Age Restrictions. The Services are not directed to children under 13 (or higher minimum age where local law requires). We do not knowingly collect personal information from children below the applicable age.

13.2 If we become aware that we have collected personal information from a child in violation of law, we will take steps to delete that information promptly.

14. Automated Decision-Making & Profiling

14.1 Nature. We may use automated processing and profiling for analytics, personalization, and product-improvement purposes. Automated processing does not make decisions that have legal or similarly significant effects on individuals unless we explicitly notify you and obtain consent where required by law.

14.2 Rights. Where required, you may request meaningful information about the logic involved and request human review of automated decisions.

15. International, Mergers & Transfers

15.1 Corporate Transactions. In the event of a merger, acquisition, bankruptcy, reorganization, or sale of assets, personal information may be transferred to successor entities. We will require any successor to honor the terms of this Policy.

15.2 International Transfers. See Section 6 regarding cross-border transfers and safeguards.

16. Links to Third-Party Sites

16.1 Third-Party Policies. The Services may link to third-party websites or embed third-party content. This Policy does not apply to third parties; you should review their privacy and cookie notices. We are not responsible for third-party practices or content.

17. Retention, Recordkeeping & Audit

17.1 Consent Records. We record and retain consent records, opt-in/opt-out choices, and related metadata (timestamps, policy version, and method) as necessary to demonstrate compliance.

17.2 Audit & Logs. We retain logs and records for security, compliance, and legitimate business purposes subject to retention schedules described in Section 9.

18. Limitation of Liability; Remedies; No Warranty

18.1 DISCLAIMER OF WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SERVICES AND ALL INFORMATION PROVIDED HEREUNDER ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, OR NON-INFRINGEMENT.

18.2 LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER VINTARA INVESTING NOR ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING FROM OR RELATING TO THIS POLICY, THE SERVICES, OR THE PROCESSING OF PERSONAL INFORMATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OUR AGGREGATE LIABILITY FOR ANY CLAIM ARISING HEREUNDER SHALL BE LIMITED TO THE GREATER OF (A) THE SUBSCRIPTION FEES ACTUALLY PAID BY YOU TO VINTARA INVESTING IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) USD $1,000, EXCEPT WHERE PROHIBITED BY LAW. THIS LIMITATION SHALL NOT APPLY TO LIABILITY THAT CANNOT BE LIMITED BY APPLICABLE LAW.

18.3 REMEDIES. The remedies available to you for violation of your privacy rights shall be those provided under applicable law. Nothing in this Policy is intended to waive or limit rights that cannot be waived under applicable law.

19. Governing Law; Dispute Resolution; Supervisory Authorities

19.1 Governing Law. This Policy and any disputes arising out of it are governed by the laws of the State of Illinois, without regard to conflict-of-law principles.

19.2 Supervisory Authorities. For residents of the EEA/UK, you may lodge a complaint with the applicable supervisory authority. For California residents, remedies are available under the CCPA/CPRA. Contact information for supervisory authorities is available from public government resources.

20. Changes to This Policy; Effective Date

20.1 Updates. We may update this Policy from time to time. We will post the revised Policy on the Website with an updated “Effective Date.” Where required by law for material changes affecting rights, we will provide prominent notice (e.g., email notification to affected users). Continued use of the Services after publication of changes constitutes acceptance of the revised Policy.

20.2 Versioning. We maintain version history and will retain records of prior versions for audit purposes.

21. How to Exercise Rights; Contact Information

21.1 To exercise privacy rights, submit a request or ask questions, contact: support@vintarainvesting.com. Include sufficient information to allow us to verify your identity and to locate your personal information. We will respond within the timeframe required by applicable law.

21.2 For data-protection requests from the EEA/UK, California, or other jurisdictions, please indicate your jurisdiction and the specific right you are exercising in your request.

22. Miscellaneous

22.1 Severability. If any provision of this Policy is determined invalid or unenforceable, the remaining provisions remain in full force and effect.

22.2 No Waiver. A failure by us to enforce any right or provision does not constitute a waiver of that right.

22.3 Entire Agreement. This Policy, together with other agreements to which you have agreed (e.g., Terms, Disclosures), constitutes the complete and exclusive statement of the parties’ privacy-related obligations.