Internal briefing document for retained counsel — not legal advice and not drafted legal text. Hand this to US and Israeli counsel to start informed drafting.
A two-sided marketplace where independent financial analysts publish research, lock a price
target (ticker, direction, target price, horizon date) at the moment of publication, and get
paid via subscription or per-report purchase. Every locked call is enforced immutable at the
database level — it cannot be edited or deleted after publication, including by Stoa itself.
Locked calls are graded automatically (Hit/Miss) against real market prices on their horizon
date, feeding a public "MOAT score" per analyst. An AI system fact-checks factual claims in each
report before publication is allowed (classifying claims as fact/unproven/opinion/contradicted)
but never writes or edits the analyst's thesis or price target — that's always the human
analyst's own view. The platform takes a 10% fee on analyst earnings via PayPal.
The entire product was architected around qualifying for the "publisher's exclusion" from the
definition of "investment adviser" under the Advisers Act — meaning Stoa (the platform) and its
analysts are not required to register as investment advisers, provided the content stays
impersonal, bona fide, and of general and regular circulation. Specific things already built
into the product to support this positioning — confirm with counsel whether they're sufficient,
and what else is needed:
an analyst and a subscriber exists anywhere in the spec. The only conversational surface is a
"debate thread" scoped to a single claim on a published report, publicly visible to all readers
of that report — not a private advice channel.
subscribers/purchasers simultaneously; there's no mechanism for an analyst to tailor content to
an individual investor's circumstances.
requiring the analyst to disclose: whether they hold a position in the security, whether any
compensation is tied to the call, and a certification that the views are their own.
legal language not yet written — see Section 6).
existing claims; it does not produce new analysis, targets, or opinions.
Open question for counsel: whether the per-report/subscription monetization model itself
(charging directly for individual pieces of research, as opposed to a flat-fee general
newsletter model) affects publisher's-exclusion eligibility, and whether the platform's 10% cut
of that revenue creates any additional characterization risk (e.g., as a broker-dealer-adjacent
activity) that needs separate analysis.
Stoa's founder is Israel-based; the product is global/English-first. Below is real, specific
research to start from — not a substitute for counsel's own analysis.
Management Law, 1995, enforced by the Israel Securities Authority (ISA). Providing investment
advice, marketing, or portfolio management without an ISA license is a criminal offense under
Israeli law — the enforcement posture here is explicitly stricter in tone than the US civil
framework, which is itself a reason not to assume the US analysis transfers.
entities (the ruling concerned TASE members and institutional entities) may present financial
analyses on their platforms that are prepared by external, licensed consultants, and that
doing so is not investment advice on behalf of the platform itself — provided the platform
"conducts itself transparently, prudentially, and with fiduciary responsibility by taking no
personal interest in or interfering with the content of the analyses." Ask counsel directly:
does this precedent extend to a platform whose contributing analysts are not separately
ISA-licensed (Stoa's whole model is that the track record, not a license, is the credential),
and does Stoa's 10% revenue share constitute the kind of "personal interest" the ruling warns
against?
chatbots presenting financial analysis must (a) present information "solely as general
information," (b) never filter, reframe, or emphasize content in a way that could read as
personalized advice, and (c) always give users access to the full underlying analysis, not just
an AI-generated answer. This maps directly onto Stoa's AI ask-panel and fact-checker features —
worth a specific compliance review of those two features against this ruling before they ship
in any form that lets an investor query an AI about report content.
placement exemption concerns fundraising for investment vehicles (funds), which is a different
activity from Stoa's publishing/marketplace model — flag to counsel that this shouldn't apply,
but have them confirm rather than assume.
handle Israeli users differently from the rest of its global user base, given the ISA's
historically protective posture toward foreign platforms operating in Israel without local
licensing?
This is the one unresolved architectural question in the whole build, and it needs a real answer
before any EU user's data is processed.
The tension: Article 17 GDPR gives EU individuals a right to erasure. Stoa's core product
promise is that locked calls (which include the analyst's identity, since track record
accountability is the entire point) are permanently immutable and cannot be deleted, including by
Stoa.
Proposed engineering approach, pending legal sign-off — do not treat this as settled: on a
verified deletion request, pseudonymize the requester's personally identifying fields (name,
avatar, bio, email) in the profiles table, while leaving the locked reports/claims/
moat_score_snapshots rows intact under the now-anonymized handle. The public ledger entry
survives; the link to the real-world identity does not.
Specific questions for counsel:
compliance with a legal obligation, for public interest archiving, or for establishing/
defending legal claims), given that the immutable record exists specifically to make analysts'
claims independently verifiable by the public?
need to go further (e.g., full removal after a defined retention period, with the platform
accepting that resolved-call statistics become anonymized/aggregate only)?
product) versus an EU-based investor (a subscriber with no public-facing content)? These are
likely different answers.
analyst onboarding (PayPal performs KYC during seller onboarding — there is no separate
identity product like Stripe Identity)?
seller onboarding; PayPal's own verification satisfies the "real accountable person"
trust requirement. Platform fee splits use PayPal's marketplace fee mechanisms where
approved.
equivalent reporting obligations for analyst payouts, VAT/sales tax treatment of subscription
revenue across jurisdictions, and whether the Israel-based operating entity creates any
permanent-establishment exposure in jurisdictions where paying subscribers are concentrated.
the corresponding analyst payout get clawed back, and how should that be reflected in the
earnings ledger and communicated to the analyst? Needs both a legal answer (what Stoa is
obligated to do) and a product answer (what's fair to analysts).
terms given the payment/marketplace relationship, the disclosure certifications analysts make,
and the licensing of their content to the platform)
retention, PayPal/Supabase/DeepSeek/OpenAI/market-data-provider as subprocessors, cookie usage,
cross-border data transfer given Israel + global users, the erasure-request mechanism from
Section 4)
provider — required disclosure under GDPR Article 28 if processing EU personal data)
distinct from the disclosure/fact-check mechanics, this is a moderation/ToS enforcement question)
Point counsel to these existing specs rather than re-explaining verbally — faster and more
accurate than a founder summarizing months of product decisions from memory:
docs/BACKEND.md — full schema, the immutability triggers (§3), the disclosure fields on the reports table
docs/FRONTEND.md §2.3 — the <DisclosureBlock> component (fixed layout, non-customizable)Stoa_Backend_Deep_Dive_CHANGES.md §6 — the GDPR pseudonymization proposal in fullproduct" — this is enforced as a standing build rule, not just a policy statement