Skip to Content
BlitzPulse docs are live. Looking for Blitz Global? Visit https://blitzglobalcapital.com.
LegalPrivacy Policy

BlitzPulse is operated by Blitz Global Capital LLC (“BlitzPulse”, “Company”, “we”, “us”, or “our”). This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you use our website, application, APIs, support channels, broker integrations, billing flows, and related services.

We do not sell personal information. We do not use personal information for cross-context behavioral advertising at launch.

1. Information We Collect

We collect:

  • account data, including email, username, password hash, authentication events, MFA settings, device trust tokens, roles, plan, tenant, and preferences;
  • billing data processed through Stripe, including customer IDs, subscription status, invoices, refund records, tax metadata, and limited card metadata; we do not store full card numbers;
  • broker-connection data, including broker account identifiers, OAuth tokens or API credentials where you choose to connect a broker, positions, balances, orders, transactions, activities, cost-basis fields, tax lots, and account status;
  • trading, research, and product data, including watchlists, alerts, strategies, settings, notes, scans, backtests, recommendations, Investment Committee runs, AI prompts/outputs, prediction-market watchlists, and generated analytics;
  • tax-support data you provide or connect, including realized trades, estimated-tax fields, tax settings, receipts, mileage, and documents;
  • usage, security, and device data, including IP address, user agent, request IDs, cookies, logs, error traces, feature usage, rate-limit events, and audit records;
  • support and communications data, including emails, tickets, sub-processor notification requests, and consent records.

2. How We Use Information

We use information to:

  1. provide, secure, monitor, troubleshoot, and improve BlitzPulse;
  2. authenticate users and enforce account, role, plan, and tenant access;
  3. process subscriptions, invoices, credits, refunds, and tax-related payment records;
  4. connect to brokers and retrieve data at your direction;
  5. generate dashboards, analytics, alerts, recommendations, AI outputs, backtests, and tax-support views;
  6. send transactional emails, security notices, billing notices, support replies, legal notices, and optional marketing where permitted;
  7. prevent fraud, abuse, unauthorized access, market-data misuse, and policy violations;
  8. comply with legal, tax, accounting, sanctions, security, and audit obligations;
  9. defend our rights and enforce our Terms.

Where GDPR or similar law applies, our legal bases include contract performance, legitimate interests, consent, legal obligation, and, where necessary, establishment or defense of legal claims.

4. Sharing and Sub-Processors

We share information only as needed with service providers and sub-processors such as payment processors, email providers, hosting providers, observability providers, AI/model providers, broker APIs, market-data providers, security tools, and professional advisers. We may also disclose information to comply with law, enforce our Terms, investigate abuse, protect users, complete a business transaction, or with your direction or consent.

Brokerages, market-data providers, exchanges, AI providers, and payment processors may act under their own terms and privacy policies. Review those third-party policies before connecting accounts or using related features.

5. Cookies and Similar Technologies

We use essential cookies and local storage for login, security, preferences, and consent. Optional functional or analytics technologies are governed by the Cookie Policy. You can manage cookie preferences where the product provides controls, but essential cookies are required for authenticated features.

6. Data Retention

We retain information for as long as needed to provide the Service, comply with law, resolve disputes, enforce agreements, preserve audit trails, and protect security. Typical periods include:

  • account data: life of account plus a reasonable closure period;
  • security, access, and audit logs: up to 2 years unless longer retention is needed for investigation or legal defense;
  • billing, tax, refund, and accounting records: 7 years or longer where law requires;
  • broker, trade, tax-support, and portfolio records: as needed for product functionality, audit, tax, and user export/delete flows;
  • legal document versions and acceptances: retained indefinitely as legal records;
  • backups: retained on rolling schedules and overwritten in the ordinary course.

Deletion requests are subject to legal, audit, billing, tax, anti-fraud, security, backup, and dispute-resolution exceptions.

7. Your Choices and Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain processing. You may exercise rights through account settings where available or by emailing privacy@blitzglobalcapital.com.

We may verify your identity before responding. We generally respond within 30 days unless law allows more time. We do not discriminate for exercising privacy rights, but deleting or restricting required data may make the Service unavailable.

California residents may have rights under the CCPA/CPRA. We do not sell personal information and do not knowingly share it for cross-context behavioral advertising at launch.

8. Security

We use technical and organizational measures such as TLS, encryption for sensitive secrets, password hashing, MFA support, access controls, audit logs, least-privilege operations, and monitoring. No system is perfectly secure. We cannot guarantee absolute security, uninterrupted availability, or that unauthorized access will never occur.

9. International Transfers

BlitzPulse is operated primarily from the United States. If you access the Service from outside the United States, your information may be processed in the United States and other jurisdictions that may have different privacy laws. Where required, we rely on appropriate safeguards such as contractual commitments.

10. Children

BlitzPulse is not directed to children under 18. We do not knowingly collect personal information from children. Contact us if you believe a child provided information.

11. AI Support Concierge

The AI Support Concierge is a bounded, support-only assistant available inside the authenticated product. It answers operational and account questions (billing, plan, broker connectivity, knowledge-base lookups, ticket creation) using a small allowlist of locked intents and tools. It is not an investment, tax, legal, or financial-planning adviser; it will refuse to provide trade ideas, recommendations, or advice and will direct you to the appropriate non-AI surface.

11.1 What we send to AI model providers

When you send a message to the AI Support Concierge, the message text, a system prompt, and any retrieved knowledge-base snippets needed to answer it are routed to a large-language-model (“LLM”) provider for the duration of that response. At launch, the default provider is a self-hosted local model or MiniMax, configured in the admin integrations panel; no commercial U.S. third-party provider is used by default. The active provider for any given response is the one configured in SUPPORT_AI_PROVIDER at the time of the response and is observable in the admin integrations panel and in the audit row written for that turn. Additional providers may be added to the allowlist (currently local, minimax, anthropic, openai, groq, together); each commercial provider is gated on a signed zero-retention contract per 11.3 before traffic is routed to it. The current set of sub-processors is documented at https://blitzglobalcapital.com/legal/sub-processors . We do not send your password, MFA secrets, full payment-card numbers, full Stripe customer or subscription IDs, or your broker access tokens to LLM providers.

11.2 Personal-information redaction

Before any message is persisted or forwarded to a provider, the system attempts to redact common personal-information patterns it detects in your text, including email addresses, phone numbers, U.S. social security numbers, payment-card numbers, API keys, and Stripe customer or subscription identifiers. Redaction is best-effort: please do not paste secrets, MFA codes, full account numbers, or other sensitive credentials into the assistant.

11.3 Provider data-handling commitments

We require LLM providers used for AI Support Concierge traffic to operate under a “zero-retention” or equivalent commitment, meaning the provider does not retain message text after the response is generated, does not use it to train base models, and does not log it for non-essential purposes. Where a provider does not yet support this configuration, we will not route AI Support Concierge traffic to that provider.

11.4 Retention of conversations and feedback

Conversation transcripts (including assistant turns and your feedback) are retained on our infrastructure to provide context across turns, support escalation to a human ticket, audit guardrail behavior, and improve the Service. You can review your conversation history and delete individual conversations at any time from /settings/support-ai. Deletion cascades to messages, classifications, tool-call audit rows, feedback, and improvement-loop training candidates derived from the conversation. Deletion does not remove information already shared with a third-party provider during a streaming response, where that provider’s retention rules apply.

11.5 Audit and improvement loop

We log message classifications, tool calls, refusals, and quality feedback in tenant-scoped tables to operate the Service, evaluate guardrail performance, and prioritize improvements. Negative feedback or guardrail trips may flag a redacted record for human review by an authorized administrator before any change is made to the assistant’s behavior. Records used by the improvement loop are subject to the same redaction described in 11.2.

11.6 First-message acceptance and global kill switch

Before your first message in a session, the assistant displays an in-product disclosure that you must accept. Acceptance is recorded against the published version of this section. We may also disable the assistant tenant-wide via an administrative kill switch with immediate effect; in that case the widget displays an unavailable panel and directs you to the standard support channel.

11.7 Your choices

You can use the BlitzPulse product without using the AI Support Concierge. Disclosure non-acceptance, an active kill-switch state, an unavailable LLM provider, or a non-Pro plan tier all result in the assistant being unavailable to you with no impact on the rest of the Service. You may also delete your conversations at any time as described in 11.4 or contact privacy@blitzglobalcapital.com to exercise the broader rights described in section 7.

12. Model Context Protocol connectors

If you connect BlitzPulse to an external Model Context Protocol (“MCP”) client, such as Claude, ChatGPT, Gemini, Cursor, or another compatible client, your prompts to that client and the client’s responses are processed by the client provider under that provider’s own terms and privacy policy. BlitzPulse does not control how those external clients perform model inference, retain prompts, or display responses.

When an MCP client calls BlitzPulse, we receive and process the OAuth identity, client identifier, requested tool name, tool arguments, response metadata, rate-limit records, and audit records needed to provide and secure the read-only MCP service. The MCP client may receive read-only BlitzPulse data returned by approved tools, such as symbols, market research, portfolio summaries, watchlist data, or AI brief text, depending on your account permissions and the tool you authorized.

Do not enter passwords, MFA codes, broker tokens, full account numbers, payment-card numbers, or other sensitive credentials into an external MCP client. MCP tool-call logs are retained as security and compliance audit records under section 6. Deleting data inside an external client does not delete BlitzPulse audit records, and deleting BlitzPulse data does not control copies already processed by Anthropic, OpenAI, Google, Cursor, or another client provider.

13. Changes

We may update this Privacy Policy. Material changes will be posted in-app, by email, or on the website where practical. Continued use after the effective date means the updated policy applies.

14. Contact

Privacy requests: privacy@blitzglobalcapital.com

Support: support@blitzglobalcapital.com

DMCA Copyright PolicyRefund Policy