Privacy Policy

How Corra LLC collects, uses, and protects your information when you use EarningsNxt.

Last Updated: April 2026

This Privacy Policy explains how Corra LLC (“we,” “our,” or “us”) collects, uses, discloses, and protects personal information when you visit or use EarningsNxt(the “Site”). By using the Site, you agree to the practices described in this policy.

1. Information We Collect

We collect the following categories of personal information:

Account Information

Email address and password (hashed) when you register with email and password, or OAuth tokens when you sign in with Google.

Usage Data

IP address, browser type, operating system, referring URLs, pages visited, and API endpoint usage. This data is collected automatically for rate limiting, abuse detection, and analytics.

Preferences & Settings

Alert preferences (e.g., day-before earnings alerts, weekly digest), watchlist contents, and subscription status.

Billing Information (via Stripe)

Corra LLC does not collect, process, or store any payment card information. All billing is handled by Stripe, Inc. We may receive from Stripe: your name, email address, Stripe customer ID, subscription status, subscription period dates, and billing history — but never card numbers, CVVs, or bank account details.

Communications

Any information you voluntarily provide when contacting us through our contact form.

2. AI Processing Disclosure (OpenAI)

EarningsNxt uses OpenAI’s API to generate earnings briefings and analysis. When the AI content generation system runs, structured financial data (earnings results, analyst estimates, guidance, and options data) is transmitted to OpenAI’s servers to produce AI-assisted text.

Personal information is not intentionally included in prompts sent to OpenAI. AI briefs are generated at the company level (e.g., “generate a preview for AAPL’s earnings”), not personalised to individual users.

OpenAI’s use of data submitted via API is governed by OpenAI’s Privacy Policy. OpenAI does not use API data to train its models by default under its API terms.

3. How We Use Your Information

To create and manage your account and authenticate you.
To provide and improve the Site and its features.
To send earnings alerts and digest emails based on your preferences (via Resend).
To process and manage your subscription via Stripe.
To enforce rate limits, detect abuse, and maintain site security.
To analyse site usage and improve the user experience (via Google Analytics, when configured).
To comply with legal obligations.

4. Third Parties We Share Data With

SupabaseDatabase hosting and authentication. Stores your account, preferences, and usage data on servers in the United States.

StripePayment processing. Receives billing information when you subscribe. Governed by Stripe’s Privacy Policy.

OpenAIReceives structured financial data (not personal data) to generate AI briefings. See Section 2 above.

Google AnalyticsReceives anonymised pageview and session data when configured. You may opt out via your browser settings or a cookie consent preference.

ResendEmail delivery service. Receives your email address to send alerts and digest emails.

Google (OAuth)Receives authentication data if you choose to sign in with Google.

We do not sell your personal information to third parties.

5. Payment Data Disclosure (Stripe-Specific)

Corra LLC does not collect, process, or store any payment card information.
All payment processing occurs on Stripe’s platform and is governed by Stripe’s Privacy Policy.
Stripe is a PCI DSS Level 1 certified payment processor. Payment security is handled entirely by Stripe.
We may receive from Stripe: your name, email address, subscription status, and billing history — but never card numbers or bank details.

6. Cookies

We use the following categories of cookies:

Essential: Authentication cookies set by Supabase to keep you signed in. Required for the Site to function and cannot be disabled.
Analytics: Google Analytics cookies to understand how visitors use the Site. These are only set when Google Analytics is enabled and you have provided consent.
Advertising: Cookies from advertising networks, if enabled. Only set after consent is provided.

7. Data Retention & Security

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Account data is retained while your account is active and for up to 90 days after account deletion, except where longer retention is required by law.

We implement industry-standard security measures including SSL/TLS encryption in transit, access controls, and secure hosting via Supabase. Payment data security is handled by Stripe (PCI DSS Level 1).

No security system is completely secure. We cannot guarantee the absolute security of your information.

8. International Data Transfers

Information we collect may be transferred to and processed in the United States and other countries where our service providers (Supabase, Stripe, OpenAI, Google, Resend) operate. Data protection laws in those countries may differ from those in your home country. By using the Site, you consent to such transfers.

9. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to know what personal information we collect and how we use it.
Right to delete your personal information.
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of your personal information.
Right to limit the use of sensitive personal information.
Right to non-discrimination for exercising your privacy rights.

We also honour the Global Privacy Control (GPC) browser signal as a valid opt-out of data sharing. To exercise your rights, visit our Privacy Rights page or contact us at earningsnxt@corralimited.com.

10. GDPR Rights (EEA/UK Visitors)

If you are located in the European Economic Area or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR) or UK GDPR, including the right of access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and the right to object to processing.

To exercise these rights, contact us at earningsnxt@corralimited.com. We will respond within 30 days.

11. Children’s Privacy

The Site is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided personal information, we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top indicates when it was last revised. Continued use of the Site after changes are posted constitutes your acceptance of the revised policy.

13. Contact

For privacy inquiries or to exercise your rights, contact Corra Limited at /contact or email earningsnxt@corralimited.com.

Last updated: April 2026 — Operated by Corra LLC (California, USA)