Trust Center

Haruspex is an AI-powered investment intelligence platform. This page explains how we handle security, privacy, AI transparency, and compliance — and links to every policy that governs your use of the service.

These link to our published policies. They are commitments, not certifications — Haruspex has not obtained SOC 2, ISO 27001, or other third-party attestations. See Compliance & Certifications.

Overview

Haruspex produces AI-generated analysis of publicly traded securities. It provides informational and analytical services only. Haruspex is not a broker, a securities exchange, a registered investment adviser, a financial planner, a fiduciary, a bank, or a custodian, and it does not execute real securities trades — trading features are simulated using virtual capital.

We would rather tell you what we have not done than imply otherwise. Haruspex holds no third-party security certification, does not yet offer self-service data export, and does not currently operate a cookie consent manager. Where a control is not in place, our policies say so, and the list below reflects the current state of the product.

Security

Authentication is handled by Firebase Authentication. API keys are stored only as SHA-256 hashes, never in plaintext. Webhook and integration payloads are signed with HMAC-SHA256, and data is encrypted at rest and in transit by our cloud provider. We publish a vulnerability disclosure process for security researchers.

Privacy

We collect the data needed to run your account — email, authentication identifiers, IP address, device information, and the content you create such as watchlists and alerts. We do not sell personal information. Our Privacy Policy sets out every category we collect and why, and the Subprocessor List names each third party that may process it.

AI Transparency

Haruspex analysis is generated by AI models. Output is probabilistic: it can vary between requests, can be inaccurate, and can become outdated. It is informational only — Haruspex is not a broker, investment adviser, or fiduciary, and does not provide financial advice. We document which models we use and their known limitations.

Compliance

Haruspex has not obtained SOC 2, ISO 27001, PCI DSS, or any other third-party security certification, and we will not claim one until the applicable independent assessment is complete. Our Compliance Statement describes the controls that are actually in place today, and what we may pursue as we grow.

Accessibility

We aim to make Haruspex usable with assistive technology, including keyboard navigation and screen readers. Our Accessibility Statement documents our approach and the gaps we are still working on.

Contact

Privacy
Data protection and privacy requests
privacy@haruspex.guru
Security
Vulnerability reports
legal@haruspex.guru
Legal
Legal and compliance enquiries
legal@haruspex.guru