Trust Center
Haruspex is an AI-powered investment intelligence platform. This page explains how we handle security, privacy, AI transparency, and compliance — and links to every policy that governs your use of the service.
These link to our published policies. They are commitments, not certifications — Haruspex has not obtained SOC 2, ISO 27001, or other third-party attestations. See Compliance & Certifications.
Overview
Haruspex produces AI-generated analysis of publicly traded securities. It provides informational and analytical services only. Haruspex is not a broker, a securities exchange, a registered investment adviser, a financial planner, a fiduciary, a bank, or a custodian, and it does not execute real securities trades — trading features are simulated using virtual capital.
We would rather tell you what we have not done than imply otherwise. Haruspex holds no third-party security certification, does not yet offer self-service data export, and does not currently operate a cookie consent manager. Where a control is not in place, our policies say so, and the list below reflects the current state of the product.
Security
Authentication is handled by Firebase Authentication. API keys are stored only as SHA-256 hashes, never in plaintext. Webhook and integration payloads are signed with HMAC-SHA256, and data is encrypted at rest and in transit by our cloud provider. We publish a vulnerability disclosure process for security researchers.
Privacy
We collect the data needed to run your account — email, authentication identifiers, IP address, device information, and the content you create such as watchlists and alerts. We do not sell personal information. Our Privacy Policy sets out every category we collect and why, and the Subprocessor List names each third party that may process it.
AI Transparency
Haruspex analysis is generated by AI models. Output is probabilistic: it can vary between requests, can be inaccurate, and can become outdated. It is informational only — Haruspex is not a broker, investment adviser, or fiduciary, and does not provide financial advice. We document which models we use and their known limitations.
Compliance
Haruspex has not obtained SOC 2, ISO 27001, PCI DSS, or any other third-party security certification, and we will not claim one until the applicable independent assessment is complete. Our Compliance Statement describes the controls that are actually in place today, and what we may pursue as we grow.
Accessibility
We aim to make Haruspex usable with assistive technology, including keyboard navigation and screen readers. Our Accessibility Statement documents our approach and the gaps we are still working on.
Legal Documents
All 20 policies are published in the Legal Center, with full-text search.
Browse the Legal Center →Contact
- Privacy
- Data protection and privacy requests
privacy@haruspex.guru - Security
- Vulnerability reports
legal@haruspex.guru - Legal
- Legal and compliance enquiries
legal@haruspex.guru