Privacy Policy

Effective Date: March 15, 2026

  1. Introduction

Stellarius Capital OÜ, a limited liability company incorporated under the laws of the Republic of Estonia with registry code 16448375 and registered address at Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 5, 10117, Estonia ("we," "us," or "our"), operates the website located at stellarius.com (the "Website" or "Service"). As the data controller of your personal data, we are committed to protecting your privacy and ensuring compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 ("GDPR") as implemented in Estonian law, and relevant United States privacy laws such as the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"), and analogous state laws (collectively, "US Privacy Laws").

This Privacy Policy ("Policy") describes the types of personal data we collect, the purposes for which it is processed, the legal bases for such processing, and your rights regarding your personal data. By accessing or using the Service, which provides subscription-based informational grain marketing signals primarily targeted at US farmers, you acknowledge that you have read, understood, and agree to the practices described herein. If you do not agree, please refrain from using the Service.

We may update this Policy from time to time to reflect changes in our practices or legal requirements. Any material changes will be posted on this page with an updated effective date. We encourage you to review this Policy periodically.

  1. Personal Data We Collect

We collect personal data that you voluntarily provide to us and information automatically collected through your use of the Service. The categories of personal data include:

a. Information You Provide Directly:

  • Contact and Account Information: Such as your name, email address, and any other details you submit when creating an account, subscribing to our grain marketing signals, or contacting us.

  • Payment Information: Billing details, including payment card information or other financial data, processed through secure third-party payment gateways. We do not store full payment card details on our servers.

  • Communication Data: Information contained in inquiries, feedback, or other communications you send to us.

b. Automatically Collected Information:

  • Device and Usage Data: Including IP address, browser type, operating system, device identifiers, time zone, referral sources, pages viewed, interaction details (e.g., clicks, scrolls), and timestamps.

  • Cookies and Similar Technologies: Data from essential cookies for site functionality, and, with your consent, analytics cookies for performance monitoring. For details, please refer to our separate Cookie Policy.

We do not collect sensitive personal data (e.g., racial or ethnic origin, health data) unless strictly necessary and with your explicit consent. Our Service is not directed at children under the age of 16, and we do not knowingly collect personal data from them.

  1. Purposes for Processing Your Personal Data

We process your personal data for the following purposes:

  • To provide, maintain, and improve the Service, including delivering weekly grain marketing signals via email and managing subscriptions.

  • To process transactions, handle payments, and fulfill contractual obligations.

  • To communicate with you regarding your account, updates, or customer support.

  • To analyze usage patterns, detect and prevent fraud or abuse, and enhance security.

  • To comply with legal obligations, such as tax reporting or responding to lawful requests from authorities.

  • For marketing purposes, such as sending newsletters, only with your explicit consent.

  • To pursue our legitimate business interests, including internal analytics and Service optimization.

We process only the minimum personal data necessary to achieve these purposes.

  1. Legal Bases for Processing (Under GDPR)

Our processing activities are grounded in the following legal bases under GDPR:

  • Performance of a Contract (Art. 6(1)(b)): To deliver the Service and fulfill subscriptions.

  • Consent (Art. 6(1)(a)): For non-essential processing, such as marketing communications or non-essential cookies.

  • Legitimate Interests (Art. 6(1)(f)): For analytics, security, and fraud prevention, where such interests are not overridden by your rights.

  • Legal Obligation (Art. 6(1)(c)): For compliance with laws, including tax and accounting requirements.

  1. Sharing of Personal Data

We do not sell your personal data. We may share your personal data with:

  • Service Providers: Third parties that assist us in operating the Service, such as payment processors, email delivery services, and analytics providers. These providers are contractually obligated to process data only on our behalf and in compliance with applicable laws.

  • Legal and Regulatory Authorities: As required by law, such as in response to subpoenas, court orders, or to protect our rights, safety, or property.

  • Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.

All sharing is limited to what is necessary and protected by appropriate safeguards.

  1. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, including for the duration of your subscription and any applicable legal retention periods. For example:

  • Account and subscription data: Retained for the life of your account plus up to 7 years for tax and accounting purposes.

  • Usage data: Anonymized or deleted after 26 months.

  • Payment data: Retained as required by financial regulations, typically 7 years.

Upon expiration, data is securely deleted or anonymized.

  1. Your Rights

a. Rights Under GDPR (for EU/EEA Residents): You have the right to:

  • Be informed about your personal data processing.

  • Access your personal data.

  • Rectify inaccurate or incomplete data.

  • Erase data ("right to be forgotten") under certain conditions.

  • Restrict processing.

  • Data portability.

  • Object to processing based on legitimate interests or for direct marketing.

  • Withdraw consent at any time, without affecting prior processing.

  • Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee) or your local supervisory authority.

b. Rights Under US Privacy Laws (for US Residents): Depending on your state of residence (e.g., California under CCPA/CPRA), you may have the right to:

  • Know the categories of personal data collected, sources, purposes, and third parties with whom it is shared.

  • Delete your personal data.

  • Opt-out of the sale or sharing of personal data (note: we do not sell or share personal data for targeted advertising).

  • Limit use of sensitive personal data (we do not process sensitive data).

  • Non-discrimination for exercising your rights.

We will respond to verifiable consumer requests within the timelines required by law (e.g., 45 days under CCPA/CPRA, with possible extension). To exercise rights, we may require identity verification.

To exercise any rights, please contact us at info [at] stellarius.com. We will acknowledge receipt and process your request promptly.

  1. International Data Transfers

As an Estonian company, your data is primarily processed within the EU/EEA. However, we may transfer data to third countries (e.g., the United States for service providers). Such transfers are protected by adequacy decisions, Standard Contractual Clauses approved by the European Commission, or other approved mechanisms to ensure an adequate level of protection under GDPR. For US transfers, we also comply with applicable US Privacy Laws.

  1. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption, access controls, secure servers, and regular security assessments. However, no method of transmission over the internet or electronic storage is entirely secure, and we cannot guarantee absolute security.

In the event of a data breach, we will notify affected individuals and authorities as required by law (e.g., within 72 hours under GDPR).

  1. Children's Privacy

Our Service is not intended for individuals under 16 years of age. If we become aware that we have collected personal data from a child under 16 without verifiable parental consent, we will take steps to delete such data promptly.

  1. Links to Third-Party Websites

The Service may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We recommend reviewing their privacy policies.

  1. Changes to This Policy

We reserve the right to amend this Policy at any time. Changes will be effective upon posting the revised Policy on the Website, with the updated effective date. Your continued use of the Service constitutes acceptance of the changes. For significant changes, we may provide additional notice (e.g., via email).

  1. Contact Us

For questions about this Policy, to exercise your rights, or for any privacy-related inquiries, please contact our Data Protection Officer at:

Email: info [at] stellarius.com

We will respond to your inquiry in accordance with applicable laws.

This Policy is governed by the laws of the Republic of Estonia, without regard to conflict of law principles. For EU residents, disputes may be resolved through the EU Online Dispute Resolution platform.

Contact

Questions? Reach out to Stellarius Research anytime.

Email

research@stellarius.com

© 2026 Stellarius Capital. All rights reserved.

Legal Notice

Privacy Notice

Terms of Service