Privacy Policy
Last updated: March 20, 2026
1. Data Controller
Borgeon is a service operated by Borge Capital. We are the data controller for personal data processed through borgeon.com.
- Company: Borge Capital
- Website: borgeon.com
- Email: contact@borgeon.com
2. Personal Data We Collect
| Category | Examples |
|---|---|
| Account data | Email, password (hashed) |
| Financial data | Portfolio holdings (ticker, quantity, entry price) |
| Usage data | Chat conversations, analysis requests, prediction history |
| Payment data | Stripe customer ID (card details handled by Stripe) |
3. Purpose and Legal Basis
We process personal data in accordance with the Norwegian Personal Data Act and GDPR Article 6.
| Purpose | Legal basis |
|---|---|
| Account management and authentication | Contract (Art. 6(1)(b)) |
| Portfolio analysis, AI analysis, and chat | Contract (Art. 6(1)(b)) |
| Payment processing | Contract + Legal obligation (Art. 6(1)(b) and (c)) |
| Security and bug fixing | Legitimate interest (Art. 6(1)(f)) |
4. Data Processors and Third Parties
We use the following third-party providers to deliver the service:
| Provider | Country | Purpose |
|---|---|---|
| Stripe | USA (EU-US DPF) | Payment processing |
| Scaleway | France (EU) | Hosting and database |
| OpenAI | USA (EU-US DPF) | Text embeddings |
| DeepSeek | China | AI language model for analysis |
| Grok (xAI) | USA | AI language model for debate and analysis |
| Twelve Data | USA | Market data (no personal data) |
Transfers to the USA are covered by the EU-US Data Privacy Framework. Transfers to China are covered by EU Standard Contractual Clauses (SCCs).
5. Retention Periods
| Data category | Retention period |
|---|---|
| Account and portfolio data | Duration of subscription + 30 days |
| Chat and analysis history | Duration of subscription + 30 days |
| Payment records | 5 years after transaction (Norwegian Accounting Act) |
| Security logs | 90 days |
When an account is deleted, all personal data is removed immediately. Anonymized patterns (not linked to any user) may be retained to improve the service.
6. Your Rights
Under GDPR, you have the following rights:
- Right of access — request a copy of your personal data
- Right to rectification — correct inaccurate data
- Right to erasure — delete your account via Settings
- Right to restriction — restrict the processing of your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interest
To exercise your rights, contact us at contact@borgeon.com. You can also delete your account directly in Settings.
7. AI and Automated Processing
Borgeon uses AI models (machine learning and large language models) to generate portfolio analyses, predictions, and chat responses. These are informational tools and do not constitute automated decisions with legal effect under GDPR Article 22. All AI-generated outputs are advisory and should not replace professional financial advice.
8. Security
We protect your data with encrypted connections (HTTPS/TLS), hashed passwords, access controls, rate limiting on API endpoints, and regular security reviews.
9. Right to Complain
If you believe we are processing your personal data in violation of applicable regulations, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet):
- Datatilsynet
- Postboks 458 Sentrum, 0105 Oslo
- postkasse@datatilsynet.no
- datatilsynet.no
10. Changes to This Policy
We may update this privacy policy. For material changes, we will notify you via email or upon login. The date of the last update is shown at the top of this page.