1. Introduction

Welcome to Rize Capital. This Privacy Policy governs the processing of personal data in connection with our AI-powered investment analysis platform accessible at https://rize.capital. We recognize that privacy is fundamental to trust, particularly in financial services, and we've designed our data practices to reflect this commitment.

Our platform leverages artificial intelligence to analyze financial markets and investment opportunities. As you engage with our Service, we want you to understand exactly how we handle your information, what control you maintain over it, and the measures we take to protect it.

A critical preliminary matter: Rize Capital provides analytical tools and market insights through AI technology. We do not offer investment advice, portfolio management services, or personalized financial recommendations. Our AI systems, while sophisticated, can produce errors or generate inaccurate information—a phenomenon known as "hallucination" in AI contexts. Users must independently verify all information and should not base investment decisions solely on our platform's output.

2. Our Identity and Contact Information

The data controller responsible for your personal information is currently Tammo Elsner, operating from Altenwall 1-3, 28195 Bremen, Germany. You may reach us at hello (ät) rize.capital or by phone at +49 151 58366525.

We note that Rize Capital GmbH is presently in formation. Upon successful incorporation and registration in the German Commercial Register, the GmbH will assume all data protection responsibilities. Until such time, Tammo Elsner personally ensures compliance with applicable data protection laws.

3. The Information We Process

Account and Profile Information

When you create an account with Rize Capital, we collect your email address and the password you create. While optional, many users choose to provide additional professional context such as their name, company affiliation, and areas of investment interest. This additional information helps us tailor the platform experience but is never required for basic functionality.

Your Interactions with Our AI Systems

The core of our Service involves processing your queries to our AI system. When you submit questions about markets, companies, or investment strategies, we process these queries to generate analytical responses. We maintain a record of these interactions to improve our services and, with your permission, to refine our AI models. Importantly, we design our systems to avoid collecting sensitive financial information about your personal holdings or trading activities.

Technical and Usage Information

Like most online services, we automatically collect certain technical information when you use our platform. This includes your IP address, from which we derive approximate geographic location at the country level, your browser type and version, and your operating system. We also record how you navigate through our platform—which features you use most frequently, how long you spend on different sections, and what types of analyses you request. This information proves invaluable for understanding user needs and improving platform performance.

Payment Processing

For users who subscribe to premium features, we process billing information through Stripe, our payment processor. We deliberately minimize our involvement with payment data. Stripe handles all sensitive payment information directly, and we only retain what's necessary for account management and tax compliance—typically your billing address and the last four digits of your payment method for reference purposes.

4. Our Purposes and Legal Grounds for Processing

Providing and Improving Our Service

The primary purpose for processing your data is straightforward: to provide you with access to our AI-powered investment analysis platform. This encompasses everything from maintaining your account and processing your queries to saving your preferences and generating the insights you request. Under European data protection law, this processing is necessary for the performance of our contract with you.

Beyond basic service provision, we analyze aggregated usage patterns to understand how our platform performs in real-world conditions. We identify bottlenecks, discover which features provide the most value, and determine where users encounter difficulties. This analysis, based on our legitimate interest in improving our Service, never involves examining individual users' specific queries unless necessary for technical support.

Ensuring Security and Compliance

Financial platforms face heightened security obligations, and we take these responsibilities seriously. We process data to detect and prevent fraudulent activity, to investigate potential security breaches, and to maintain the integrity of our systems. This includes monitoring for unusual access patterns, attempted system intrusions, and potential abuse of our AI systems.

We also process data as necessary to comply with legal obligations. German tax law requires us to maintain certain records for ten years. Anti-money laundering regulations may require us to verify user identities for premium services. Court orders or regulatory inquiries may compel disclosure of certain information. In each case, we limit processing to what the law specifically requires.

Communications

We distinguish between essential service communications and marketing messages. Essential communications—such as security alerts, significant changes to our terms, or responses to your support requests—are part of our service delivery. Marketing communications, including newsletters about market trends or announcements of new features, require your explicit consent, which you may withdraw at any time.

5. How AI Technology Processes Your Data

Understanding how artificial intelligence handles your information is crucial to informed platform use. When you submit a query, our system first preprocesses it to ensure it meets our usage guidelines and doesn't contain attempts to manipulate or abuse the AI. The query then passes to our AI models, which may be operated by third parties such as OpenAI or Anthropic under strict contractual agreements.

These AI providers receive only the text of your query and necessary context from your current session—never your identity, email address, or account information. The AI generates a response based on its training data and your query, which we then filter for quality and appropriateness before displaying it to you.

We must emphasize that AI systems have inherent limitations. They can generate plausible-sounding but incorrect information. They may reflect biases present in their training data. They cannot access real-time market data unless specifically connected to such feeds. They lack the context of your personal financial situation and goals. Therefore, AI output should serve as one input among many in your investment research process, never as the sole basis for financial decisions.

6. Data Sharing and International Transfers

Service Providers and Partners

Operating a modern financial technology platform requires collaboration with specialized service providers. Amazon Web Services hosts our infrastructure, primarily in Frankfurt data centers for European users. Cloudflare provides content delivery and protection against distributed denial-of-service attacks. Stripe processes payments. Each provider operates under contractual agreements that restrict their use of your data to providing services to us.

When your data must travel outside the European Economic Area—for instance, when processed by AI models hosted in the United States—we ensure appropriate safeguards. We rely primarily on Standard Contractual Clauses approved by the European Commission, supplemented by additional technical and organizational measures. These might include encryption, pseudonymization, and contractual commitments to notify us of any government access requests.

Legal Disclosures

While we resist inappropriate requests for user data, we must comply with valid legal processes. If served with a court order, subpoena, or regulatory demand that meets applicable legal standards, we may be required to disclose certain information. Where legally permissible, we commit to notifying affected users of such requests and to challenging overbroad or inappropriate demands.

What We Never Do

We want to be absolutely clear about certain practices we reject. We do not sell personal data to third parties. We do not share individual user queries or research patterns with other users or external parties. We do not use your investment research to trade ahead of you or to advantage other users. We do not provide user data to advertisers for targeting purposes.

7. Data Security and Breach Response

Security in financial services demands multiple layers of protection. We encrypt data both in transit using TLS 1.3 protocols and at rest using AES-256 encryption. Access to production systems requires multi-factor authentication and is limited to essential personnel operating under strict confidentiality obligations. We maintain comprehensive audit logs of system access and data processing activities.

Our security program extends beyond technical measures. We conduct regular security assessments, including penetration testing and vulnerability scanning. We maintain an incident response plan that defines roles, responsibilities, and procedures for addressing potential security events. Our employees receive security awareness training, and we carefully vet our service providers' security practices.

Should a data breach occur despite these precautions, we have clear response procedures. We will immediately investigate to determine the scope and impact of the incident. If the breach poses a high risk to affected individuals' rights and freedoms, we will notify those individuals without undue delay, providing clear information about the incident and recommended protective actions. We will also notify relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by law.

8. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, plus any additional period required by law or to protect our legitimate interests. Active account data remains in our systems while you maintain your account with us. After account closure, we retain certain information for three years to address any legal claims that might arise from our relationship.

Financial records, including transaction histories and tax-relevant documentation, must be retained for ten years under German commercial and tax law. Security logs and access records are typically retained for ninety days unless needed for ongoing security investigations. Query histories are maintained for one year to support service improvements and model training, unless you request earlier deletion.

When retention periods expire, we permanently delete or anonymize the relevant data. Deletion includes removal from production systems, backup systems (at the next backup cycle), and any analytical databases. Where complete deletion isn't technically feasible—for instance, in immutable audit logs—we implement strong anonymization techniques to prevent any possibility of re-identification.

9. Your Rights and How to Exercise Them

Universal Rights

Regardless of your location, we provide certain fundamental privacy rights to all users. You may request access to the personal data we hold about you, receiving it in a commonly used, machine-readable format. You may correct any inaccurate information in your account. You may request deletion of your account and associated data, subject to legal retention requirements. You may object to certain types of processing, such as use of your data for service improvement.

Regional Enhancements

European Economic Area residents enjoy additional rights under the General Data Protection Regulation. These include the right to restrict processing while disputes are resolved, the right to data portability for information you've provided to us, and the right to withdraw consent where processing is consent-based. You may also lodge complaints with your national data protection authority if you believe we've violated your privacy rights.

California residents have specific rights under state privacy laws, including the right to know what categories of personal information we collect and how we use them, the right to request deletion of personal information, and the right to non-discrimination for exercising privacy rights. We note that we do not "sell" personal information as defined under California law.

Exercising Your Rights

To exercise any of these rights, contact us at hello (ät) rize.capital. Include sufficient information for us to verify your identity—typically your account email address and a description of your request. We will acknowledge your request within three business days and provide a substantive response within thirty days, or within any shorter period required by applicable law. We do not charge fees for reasonable requests, though we reserve the right to charge a reasonable fee for excessive or repetitive requests.

10. Cookies and Tracking Technologies

Our use of cookies remains deliberately minimal. We employ essential cookies for session management, keeping you logged in as you navigate between pages. Security cookies protect against cross-site request forgery attacks. Preference cookies remember your display settings and language choices.

We do not currently use analytics cookies or advertising cookies, though we may introduce optional analytics cookies in the future with appropriate consent mechanisms. Your browser settings allow you to control cookie behavior, though blocking essential cookies will prevent platform functionality.

11. Special Considerations for Financial Data

While we analyze financial markets and provide investment research tools, we deliberately avoid collecting sensitive personal financial information. We do not request access to your brokerage accounts, bank statements, or portfolio holdings. We do not track your actual trades or investment performance. Our AI systems analyze public market data and respond to your queries without needing to know your personal financial position.

This approach serves both privacy and regulatory purposes. By not collecting personal financial data, we avoid many regulatory obligations that would apply to investment advisors or portfolio managers. More importantly, it ensures that a security breach of our systems would not expose your financial accounts or trading strategies.

12. Marketing and Communications

We believe in permission-based marketing. If you wish to receive our newsletter featuring market insights and platform updates, you must explicitly opt in. Every marketing email includes an unsubscribe link that immediately removes you from the relevant mailing list. We track email opens and clicks solely to measure engagement rates in aggregate, not to build individual profiles.

Transactional emails—such as password resets, security notifications, or responses to support tickets—are necessary for service operation and cannot be opted out of while maintaining an account. However, we keep these communications to the essential minimum.

13. Updates to This Privacy Policy

Privacy laws evolve, our Service develops new features, and our understanding of best practices improves. Accordingly, we may need to update this Privacy Policy periodically. When we make material changes—those that significantly affect your rights or our practices—we will notify you via email and through a prominent notice on our platform at least thirty days before the changes take effect.

For minor changes, such as clarifications or contact information updates, we will simply post the revised policy with an updated effective date. We maintain a version history of our Privacy Policy, allowing you to review previous versions and understand what has changed over time.

14. Dispute Resolution and Applicable Law

We hope to resolve any privacy concerns through direct communication. If you have a complaint or question about our privacy practices, please contact us first at hello (ät) rize.capital. We commit to investigating your concern and responding substantively.

If direct resolution proves impossible, European residents may lodge complaints with their national data protection authority or with the Bremen Commissioner for Data Protection and Freedom of Information, our lead supervisory authority. Residents of other jurisdictions may have recourse to local privacy regulators or civil courts as provided by applicable law.

This Privacy Policy is governed by German law, though we acknowledge that mandatory consumer protection laws of your jurisdiction may also apply. We submit to the jurisdiction of German courts for any disputes arising from this policy, without prejudice to your right to bring proceedings in your local courts where provided by law.

15. Final Provisions

No Investment Advice

We must reiterate that Rize Capital does not provide investment advice, recommendations to buy or sell securities, or personalized financial planning. Our AI tools generate analytical content based on publicly available information and should not be construed as professional financial advice. Users bear full responsibility for their investment decisions.

AI Limitations and Liability

Artificial intelligence technology, while powerful, has inherent limitations. Our AI may generate incorrect information, miss crucial factors, reflect training data biases, or produce seemingly plausible but entirely fabricated content. We provide our Service "as is" without warranties about accuracy or completeness. To the maximum extent permitted by law, we disclaim liability for investment losses or decisions based on AI-generated content.

Regulatory Status

Rize Capital operates as a technology platform providing analytical tools. We are not regulated by BaFin, the SEC, or other financial supervisory authorities. We are not a registered investment advisor, broker-dealer, bank, or insurance company. Users requiring regulated financial advice should consult appropriately licensed professionals.

Acceptance

By accessing or using our Service after the effective date of this Privacy Policy, you acknowledge that you have read, understood, and agreed to our data practices as described herein. If you disagree with any aspect of this Privacy Policy, your sole recourse is to discontinue use of our Service.

For any questions about this Privacy Policy or our data practices, please contact:

Tammo Elsner
Rize Capital
Altenwall 1-3
28195 Bremen, Germany
Email: hello (ät) rize.capital
Phone: +49 151 58366525

This Privacy Policy was last reviewed on September 23, 2025, and will be reviewed again no later than March 23, 2026.