Privacy Policy

Depository 360 is operated by Infinidatum LLC (“we,” “us”), a Connecticut limited liability company responsible for the personal information described here. This policy applies to the Depository 360 website and related services. For privacy questions or requests, contact admin@infinidatum.com.

• No AI training on your data. Your information and uploads are never used to train our or anyone else's AI models.
• No selling or sharing for others' purposes. We do not sell your personal information and do not share it with third parties for their own marketing or model-training.
• Data minimization. We collect only what we need to operate the Service.

• Account information — your name and email address when you register; a securely hashed password (we never store plaintext passwords).
• Profile and uploads — any institution profile or documents you choose to add for analysis.
• Usage activity — pages and tools you use, queries you run, and credit transactions, to operate the Service, prevent abuse, and keep an audit trail.
• Payment information — handled by our payment processor (Stripe). We receive confirmation of a completed purchase but do not receive or store your full card number.
• Device and log data — IP address, browser/user-agent, and timestamps, used for security, rate limiting, and diagnostics.
• Analytics — aggregate usage via Google Analytics and Vercel Analytics. See our Cookie Notice.

• provide, maintain, and improve the Service and its features;
• authenticate you, operate your account, and process credit purchases;
• run the analyses you request (which may involve third-party providers — see below);
• secure the Service, prevent fraud and abuse, and enforce our terms;
• respond to your requests and send service-related communications; and
• comply with legal obligations.

Where required, our legal bases are performance of a contract, our legitimate interests in operating and securing the Service, your consent (e.g., certain analytics), and compliance with law.

We use vetted providers to run the Service. They process data only to provide their service to us and are not permitted to use it for their own purposes or to train models on it. Key providers include:

• Hosting & database — Vercel (application hosting) and Neon (managed Postgres).
• Payments — Stripe (PCI-compliant card processing).
• AI & data research — third-party AI/LLM and market-data providers used to perform live analyses you request. We send only what is needed for the specific request.
• Email & analytics — transactional email and aggregate web analytics providers.

We disclose personal information only:

• to the service providers above, under contract;
• to comply with law, legal process, or lawful government requests;
• to protect the rights, safety, and security of users, the public, or Infinidatum LLC; and
• in connection with a merger, acquisition, or asset sale, subject to this policy.

We do not sell personal information.

We retain account and usage data for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion as described below; some records (e.g., transaction logs) may be retained where required.

We protect data with encryption in transit (HTTPS/TLS), hashed passwords, access controls, rate limiting, and other safeguards described on our Security page. No system is perfectly secure; we cannot guarantee absolute security.

If a personal-data breach affecting you occurs, we will notify affected users and applicable regulators where required by applicable U.S. law and without undue delay.

Depending on your U.S. state of residence, you may have rights to access, correct, delete, or port your personal information, to opt out of certain processing, and to withdraw consent. You can update your profile in-app or contact us at admin@infinidatum.com to exercise these rights. You may use an authorized agent to submit a request; we may need to verify your identity before acting. We do not discriminate against you for exercising your rights.

We respond within the time required by applicable U.S. law — generally within 45 days under the CCPA/CPRA (extendable by 45 days with notice), after acknowledging the request. If we decline a request, we will explain why. You may also have the right to appeal or to contact your state attorney general.

If you are a California resident, you have the right to know the categories and specific pieces of personal information we collect, to delete it, to correct it, to opt out of any “sale” or “sharing,” and to limit the use of sensitive personal information — and to be free from discrimination for exercising these rights.

We do not sell or share your personal information (as those terms are defined under the CCPA/CPRA), and we do not use sensitive personal information for purposes that require a right-to-limit. Over the preceding 12 months we have collected the categories described in “Information we collect” above — identifiers (name, email, IP), commercial information (credit transactions), internet/usage activity, and any content you upload — from you and your device, used for the business purposes described in this policy and disclosed only to the service providers listed above. To exercise your rights, email admin@infinidatum.com.

Credit-union, CUSO, rate, regulatory, and market data on Depository 360 is curated from public sources and provided for information only — it is not your personal information and is covered by our Disclaimer.

The Service is not directed to children under 18 and we do not knowingly collect their personal information. If you believe a child has provided us information, contact us and we will delete it.

Depository 360 covers U.S. credit unions and depository institutions and is intended for users in the United States; your information is processed in the U.S. The Service is not directed to, or intended for, individuals in the European Economic Area or the United Kingdom, and we do not offer it to them. If you choose to access the Service from outside the United States, you do so on your own initiative and are responsible for compliance with your local laws.

We may update this policy; material changes are reflected by the “Last updated” date above. For privacy questions, data-access, or deletion requests, contact admin@infinidatum.com.