Privacy Policy

For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, the data controller responsible for your personal data is:

Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws and to handle all privacy-related inquiries. You can contact our DPO at:

The DPO is available for all privacy-related inquiries, requests to exercise your data protection rights, and any concerns regarding how your personal data is processed. We encourage you to contact the DPO for any questions about data protection before escalating to a supervisory authority.

Under GDPR, we are required to disclose the third-party data processors that process personal data on our behalf. The following entities act as data processors for PHARMA 8K's:

Each of these data processors is bound by data processing agreements (DPAs) that require them to process personal data only on our documented instructions and to implement appropriate technical and organizational measures to ensure the security of your data.

3.1 Account Data

When you create an account with PHARMA 8K's, we collect the following personal information:

• Full name (as provided during registration).
• Email address (used for account identification, communications, and password recovery).
• Password (stored as a cryptographically hashed value using industry-standard bcrypt hashing; we never store your password in plain text).
• Profile avatar or photo (if you choose to upload one).
• Account creation date and time.

3.2 Subscription Data

When you subscribe to a paid tier, we collect and maintain records of:

• Your current subscription tier (Free, PRO, or Enterprise).
• Subscription start date and renewal dates.
• Billing period (monthly or annual).
• Subscription status (active, cancelled, expired).
• Transaction identifiers from the Apple App Store or Google Play Store (we do not receive or store your payment card number, bank account details, or other financial payment information; all payment processing is handled by Apple or Google).

3.3 Usage Data

We automatically collect information about how you interact with the Service, including:

• SEC filings you have viewed, including filing identifiers, timestamps, and duration of viewing.
• Search queries you have entered within the App, including ticker symbols and keywords searched.
• Watchlist data, including the ticker symbols you have added to or removed from your watchlist.
• AI analysis features you have accessed, including which filings you have requested analysis for.
• Notification preferences and interactions with push notifications.
• Number of filings accessed per day (used to enforce Free tier limitations).
• Feature usage patterns, including which screens and features you access most frequently.
• Articles and educational content you have read.

3.4 Device Data

We collect information about the device you use to access the Service, including:

• Device type and model (e.g., iPhone 15, Samsung Galaxy S24).
• Operating system and version (e.g., iOS 19.0, Android 16).
• App version number.
• Device unique identifiers (such as IDFV for iOS or Android ID).
• Screen resolution and display metrics.
• Language and locale settings.
• Time zone.
• Network type (Wi-Fi, cellular) and carrier information.

3.5 Analytics Data

We use analytics tools to collect aggregated and anonymized data about Service usage, including:

• Session duration and frequency of app usage.
• Screen views and navigation patterns within the App.
• App performance data, including crash reports, error logs, and response times.
• Referral sources (how you discovered or were directed to the App).
• General geographic location based on IP address (city-level; we do not collect precise GPS location).

3.6 Information We Do Not Collect

PHARMA 8K's does not collect: precise GPS or geolocation data; contacts or address book data; photos, videos, or media from your device (except profile photos you voluntarily upload); health or biometric data; payment card numbers, bank account details, or other financial payment instruments; or Social Security numbers or government-issued identification numbers.

If you are located in the European Union, the European Economic Area, or the United Kingdom, we rely on the following legal bases for processing your personal data under the GDPR:

4.1 Performance of a Contract (Art. 6(1)(b))

We process your account data, subscription data, and certain usage data as necessary for the performance of the contract between you and PHARMA 8K's (i.e., our Terms of Service). This processing is necessary to provide you with the Service, manage your account, process your subscription, enforce usage limits based on your tier, deliver filings and analyses, and provide customer support.

4.2 Consent (Art. 6(1)(a))

We process certain data based on your consent, which you may withdraw at any time. This includes: registration and account creation, sending you marketing communications and promotional materials, delivering push notifications (you can manage notification preferences in the App settings or your device settings), and collecting analytics data through optional tracking (where consent is required under applicable law).

4.3 Legitimate Interests (Art. 6(1)(f))

We process certain data based on our legitimate interests, provided that such interests are not overridden by your data protection rights. Our legitimate interests include: security and fraud prevention, improving and optimizing the Service and user experience, detecting and preventing abuse and security threats, conducting internal analytics and research to develop new features, ensuring network and information security, and enforcing our Terms of Service.

4.4 Legal Obligation (Art. 6(1)(c))

We may process your data when necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

We use the information we collect for the following purposes:

• To create, maintain, and secure your account.
• To provide, operate, and maintain the Service, including delivering SEC filing data, AI analyses, and alerts.
• To process and manage your subscription, including enforcing tier-based access limitations.
• To personalize your experience, including displaying relevant filings based on your watchlist and preferences.
• To send you push notifications about new filings, alerts, and other Service-related updates (with your consent).
• To send you administrative communications, such as account verification emails, security alerts, and support messages.
• To respond to your inquiries, provide customer support, and resolve technical issues.
• To monitor and analyze usage patterns and trends to improve the Service, develop new features, and enhance user experience.
• To detect, investigate, and prevent fraudulent transactions, abuse, unauthorized access, and other illegal activities.
• To comply with legal obligations and respond to lawful requests from public and government authorities.
• To enforce our Terms of Service and other policies.
• To protect the rights, property, and safety of PHARMA 8K's, our users, and the public.

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:

6.1 Payment Processors

Subscription payments are processed through the Apple App Store (Apple Inc.) for iOS users and Google Play Store (Google LLC) for Android users. When you make a purchase, your payment information is collected and processed directly by Apple or Google according to their respective privacy policies. We receive transaction confirmation data, including transaction identifiers and subscription status, but we do not receive or store your payment card number or financial payment details.

6.2 Analytics Providers

We use third-party analytics services to help us understand how users interact with the Service. These providers may collect information sent by your device, including usage data and device data described in Section 3. Analytics data is processed in aggregated or pseudonymized form and is used solely for the purpose of improving the Service. Our analytics providers are contractually bound to protect the confidentiality and security of any data they process on our behalf.

6.3 Cloud Infrastructure Providers

We use third-party cloud infrastructure services to host the Service and store data. These providers are contractually bound by data processing agreements that require them to protect the confidentiality, integrity, and availability of your data in accordance with applicable data protection laws. These providers process data on our behalf and under our instructions and are prohibited from using your data for their own purposes.

6.4 Law Enforcement and Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid legal processes, including subpoenas, court orders, or government requests. We may also disclose your information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, or legal process; (b) enforce our Terms of Service or other agreements; (c) protect and defend the rights, property, or safety of PHARMA 8K's, our users, or the public; (d) detect, prevent, or address fraud, security issues, or technical problems; or (e) respond to an emergency involving danger of death or serious physical injury.

6.5 Business Transfers

If PHARMA 8K's is involved in a merger, acquisition, asset sale, bankruptcy, reorganization, or similar corporate transaction, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice within the App before your personal information is transferred and becomes subject to a different privacy policy.

6.6 With Your Consent

We may share your personal information with third parties when you have given us your explicit consent to do so.

PHARMA 8K's is based in the United States. Your personal data may be transferred to, stored, and processed in the United States and other countries where our servers and data processors are located. These countries may have data protection laws that are different from the laws of your country of residence.

If you are located in the European Union, the European Economic Area, or the United Kingdom, we ensure that transfers of personal data to countries outside the EU/EEA/UK are protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable to our data processor agreements.
• The EU-US Data Privacy Framework (DPF): Google and RevenueCat maintain EU-US Data Privacy Framework certifications, ensuring an adequate level of protection for data transferred to the United States.
• Adequacy decisions issued by the European Commission for countries deemed to provide an adequate level of data protection.
• Other legally recognized transfer mechanisms under applicable data protection laws.

Cloudflare processes data on a global CDN and has implemented appropriate safeguards including Standard Contractual Clauses and is certified under the EU-US Data Privacy Framework.

By using the Service, you acknowledge and consent to the transfer of your information to the United States and other jurisdictions as described in this section, subject to the safeguards outlined above.

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, and as required or permitted by applicable law. Our specific retention periods are as follows:

When your personal data is no longer needed for the purposes described above, we will securely delete or irreversibly anonymize it. You may request deletion of your personal data at any time by contacting us at privacy@pharma8ks.com, subject to any legal obligations that may require us to retain certain information.

9.1 GDPR Rights (EU/EEA/UK Users)

If you are located in the European Union, the European Economic Area, or the United Kingdom, you have the following rights under the GDPR:

• Right to Access (Art. 15): You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days of your request.
• Right to Rectification (Art. 16): You have the right to request that we correct any inaccurate personal data we hold about you, and to have incomplete personal data completed.
• Right to Erasure (Art. 17): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw your consent, when you object to processing and there are no overriding legitimate grounds, when the data has been unlawfully processed, or when the data must be deleted to comply with a legal obligation.
• Right to Restrict Processing (Art. 18): You have the right to request that we restrict the processing of your personal data when the accuracy of the data is contested, when the processing is unlawful but you oppose deletion, when we no longer need the data but you need it for legal claims, or when you have objected to processing pending verification of our legitimate grounds.
• Right to Data Portability (Art. 20): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller without hindrance.
• Right to Object (Art. 21): You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.
• Right Related to Automated Decision-Making (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Our AI-generated analyses of SEC filings do not constitute automated decision-making that produces legal effects on users; they are informational tools provided for your reference.

9.2 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request the deletion of the personal information we have collected about you, subject to certain exceptions provided by law.
• Right to Opt-Out of Sale: PHARMA 8K's does not sell your personal information to third parties as defined under the CCPA/CPRA.
• Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your CCPA/CPRA rights.
• Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of your sensitive personal information, if applicable.

9.3 How to Exercise Your Rights

To exercise any of the rights described above, you may contact us at privacy@pharma8ks.com with the subject line "Data Rights Request." In your request, please specify which right you wish to exercise and provide sufficient information for us to verify your identity. You may also contact our Data Protection Officer directly at dpo@pharma8ks.com.

We will respond to your request within 30 days (for GDPR requests) or 45 days (for CCPA/CPRA requests) of receiving it. If we need additional time to process your request, we will notify you of the extension and the reasons for it.

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have collected personal data from a child under 13, we will take immediate steps to delete that information from our servers.

In compliance with the Children's Online Privacy Protection Act (COPPA) and similar international regulations, we require all users to be at least 13 years of age. If you are a parent or guardian and you are aware that your child has provided us with personal data without your consent, please contact us at support@pharma8ks.com so that we can take appropriate action.

For users between the ages of 13 and 16 who are located in the EU/EEA, we require parental or guardian consent for the processing of personal data, in accordance with Article 8 of the GDPR and applicable member state implementations.

This section applies to the web version of the Service accessible at https://pharma8ks.com. The native mobile application does not use cookies.

11.1 Types of Cookies We Use

• Essential Cookies: These cookies are strictly necessary for the operation of the website. They enable core functionality such as security, authentication, and session management. You cannot opt out of essential cookies as the website cannot function properly without them.
• Analytics Cookies: These cookies help us understand how visitors interact with the website by collecting and reporting information anonymously. They allow us to measure and improve the performance of the website.
• Functional Cookies: These cookies enable the website to remember choices you have made (such as your preferred language or display settings) and provide enhanced, personalized features.

11.2 Managing Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. However, if you block essential cookies, certain features of the website may not function properly. For detailed information on how to manage cookies in your browser, visit your browser's help or support pages.

If you are a PRO or Enterprise tier subscriber, the Service offers push notifications to alert you about new SEC filings, significant events, and other Service-related updates. Push notifications are an opt-in feature; we will only send you push notifications if you have granted permission through your device settings and configured your notification preferences within the App.

You can manage your push notification preferences at any time through: (a) the Notifications settings screen within the App, where you can customize which types of notifications you receive; (b) your device's system settings (iOS: Settings > Notifications > PHARMA 8K's; Android: Settings > Apps > PHARMA 8K's > Notifications), where you can disable push notifications entirely.

To deliver push notifications, we use Apple Push Notification Service (APNs) for iOS devices and Firebase Cloud Messaging (FCM) for Android devices. These services require us to store a device push token, which is a unique identifier for your device that allows us to send notifications. This token is not linked to your personal identity and is refreshed periodically by your device operating system.

We implement a variety of technical and organizational security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data transmitted between the App and our servers is encrypted using Transport Layer Security (TLS) 1.2 or higher. Sensitive data at rest is encrypted using AES-256 encryption.
• Password Security: User passwords are hashed using the bcrypt algorithm with appropriate work factors before storage. We never store passwords in plain text.
• Authentication: We use secure session tokens with expiration times for session management. Authentication tokens are stored securely on your device using platform-provided secure storage mechanisms.
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. All access is logged and monitored.
• Infrastructure Security: Our cloud infrastructure is hosted in facilities with physical security controls, and we use firewalls, intrusion detection systems, and regular security audits to protect our systems.
• Rate Limiting: We implement rate limiting on our API endpoints to prevent abuse and protect against brute-force attacks.
• Security Headers: We implement security headers including Content Security Policy, X-Frame-Options, and other headers to protect against common web vulnerabilities.
• Regular Updates: We regularly update our software dependencies and apply security patches to address known vulnerabilities.

While we use commercially reasonable efforts to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data. If you become aware of any unauthorized access to your account, please contact us immediately at support@pharma8ks.com.

The Service may contain links to third-party websites, services, and applications, including but not limited to the SEC EDGAR database, financial news outlets, and company websites. This Privacy Policy does not apply to third-party websites and services. We are not responsible for the privacy practices, content, or security of any third-party websites or services.

We encourage you to review the privacy policies of any third-party websites or services you access through links in the Service before providing any personal information to them.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes to this Privacy Policy, we will notify you by: (a) updating the "Last Updated" date at the top of this Privacy Policy; (b) sending you an email notification to the address associated with your account; and (c) displaying a prominent notice within the App.

For material changes, we will provide at least 30 days' notice before the changes take effect. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the revised terms. If you do not agree to the revised Privacy Policy, you must stop using the Service and delete your account.

Under the CCPA/CPRA, California residents are entitled to the following additional disclosures:

16.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA: (a) Identifiers (name, email address, unique personal identifiers, device identifiers, IP address); (b) Commercial information (subscription records, purchasing history); (c) Internet or other electronic network activity information (browsing history within the App, search history, interaction with the Service); (d) Geolocation data (general location derived from IP address, city-level only).

16.2 Categories of Sources

We collect personal information from the following categories of sources: (a) directly from you (when you create an account, set preferences, or contact support); (b) automatically from your device (device data, usage data, analytics data); (c) from third-party payment platforms (Apple App Store, Google Play Store) in the form of transaction confirmations.

16.3 Business or Commercial Purpose

We collect personal information for the business purposes described in Section 5 of this Privacy Policy, including providing and improving the Service, processing subscriptions, personalizing user experience, and ensuring security.

16.4 Sale and Sharing of Personal Information

PHARMA 8K's does not sell your personal information to third parties as defined under the CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising purposes. We have not sold or shared personal information in the preceding 12 months.

16.5 Sensitive Personal Information

PHARMA 8K's does not collect or process sensitive personal information as defined by the CCPA/CPRA, such as Social Security numbers, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, or genetic or biometric data.

16.6 Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that lets you tell websites you visit that you do not want to have your online activity tracked. We currently do not respond to DNT signals, as there is no industry-standard technology for recognizing or honoring DNT signals. If a standard for responding to DNT signals is established, we will revisit this policy.

16.7 Financial Incentives

We do not offer financial incentives or price or service differences in exchange for the retention or sale of personal information.

If you are located in the European Union or the European Economic Area, you have the right to lodge a complaint with a data protection supervisory authority in the EU Member State in which you reside, work, or in which the alleged infringement occurred, if you believe that the processing of your personal data infringes the GDPR.

A list of EU data protection supervisory authorities and their contact details can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

We encourage you to contact our Data Protection Officer first at dpo@pharma8ks.com so that we can try to resolve any concerns directly before you contact a supervisory authority.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For exercising your data protection rights (access, rectification, erasure, portability, etc.), please contact us at privacy@pharma8ks.com with the subject line "Data Rights Request."

For GDPR-related inquiries, please contact our Data Protection Officer directly at dpo@pharma8ks.com.

For CCPA/CPRA-related requests, please contact us at privacy@pharma8ks.com with the subject line "California Privacy Request."

We aim to respond to all legitimate inquiries within 30 days. If your inquiry is particularly complex, we may require an additional period of time and will notify you accordingly.