Analyst Intelligence is a private, single-user tool. It is not a public service and does not collect data from the general public. This policy describes how the application handles information for its operator.
1. Overview
Analyst Intelligence ("the app", "the service") is a personal market intelligence platform operated by Tom Cipolla. This privacy policy explains what data is stored, how it is used, and who has access to it. Because this is a private tool rather than a public service, the scope of data collection is narrow and entirely within the operator's own infrastructure.
2. Data collected
Authentication credentials
The app uses a single static API key for authentication. This key is stored in hashed form in the application's environment configuration on Railway. The web dashboard stores the key in your browser's local storage; the iOS app stores it in the iOS Keychain. Neither location is accessible by third parties.
Vendor and market content
The app scrapes publicly available RSS feeds and web pages from tracked vendors. The raw content, processed summaries, relevance scores, and AI-generated analysis are stored in a private PostgreSQL database hosted on Railway. This data is sourced entirely from public vendor publications.
Feedback signals
When you rate an item as relevant or not relevant (thumbs up / thumbs down), the rating and the associated item ID and market ID are recorded in the database. This data is used solely to improve the relevance scoring model. No personally identifying information is attached to feedback records beyond what is implicit in operating a single-user system.
Device tokens (iOS push notifications)
When you enable push notifications in the iOS app, Apple assigns your device a unique APNs device token. This token is transmitted to the app's backend and stored in the database. It is used only to deliver push notifications through Apple's Push Notification service (APNs). Tokens are deleted automatically when Apple reports them as expired or invalid. You can revoke access at any time by disabling notifications for the app in iOS Settings.
Email addresses
Email addresses configured for digest delivery are stored in the database. These are used exclusively to send the daily digest emails via Resend. They are not shared with any other service or used for any other purpose.
Server logs
Railway, the hosting platform, may retain standard HTTP access logs including IP addresses, request paths, and timestamps as part of normal infrastructure operations. These logs are subject to Railway's privacy policy.
3. Third-party services
The app integrates with the following third-party services, each of which processes data as described:
Processed item content (headlines, summaries, source text) is sent to Anthropic's API for AI classification, enrichment, and search summarisation. Anthropic's data handling is governed by the Anthropic Privacy Policy.
Item content is sent to OpenAI's Embeddings API to generate semantic vectors for search. OpenAI's data handling is governed by the OpenAI Privacy Policy.
Digest email content and configured recipient addresses are transmitted to Resend for email delivery. Resend's data handling is governed by the Resend Privacy Policy.
Push notification payloads (item counts and market names) are transmitted through Apple's APNs infrastructure. Notification content is governed by Apple's Privacy Policy.
The application backend and database are hosted on Railway. Infrastructure-level data (logs, metrics) is subject to Railway's Privacy Policy.
4. Data sharing
No data collected by this application is sold, rented, or shared with third parties for commercial purposes. Data is transmitted to the third-party services listed in Section 3 solely to enable the functionality of the app.
5. Data retention
Processed items and digest records are retained indefinitely to support historical search and browsing. Feedback records are retained to support relevance model improvement. Device tokens are retained until expired or manually deleted. Email delivery logs are retained by Resend subject to their own retention policies.
6. Security
All data in transit is encrypted via TLS. The database is hosted on Railway's private network and is not publicly accessible. API key authentication is required for all data endpoints. The iOS app stores credentials exclusively in the iOS Keychain, which is hardware-backed on supported devices.
7. Contact
Questions about this privacy policy or the data practices of this application can be directed to [email protected].