Privacy Policy

1.1 Information You Provide

• Email address — collected via our authentication provider when you create your account.
• Alpaca API credentials — your Alpaca API key and secret, provided by you to connect your existing Alpaca brokerage account.
• Payment information — collected and processed by our payment processor when you subscribe. We never see, receive, or store your full credit card numbers, CVV, or bank account numbers.
• Support communications — any information you provide when contacting us for support.

1.2 Information Collected Automatically

When you use the Service, we may automatically collect technical information including browser type and version, IP address, device and operating system information, pages and features accessed within the Service, actions taken (such as orders placed and positions viewed), and session and usage data. This data is used to maintain and improve the Service and is not sold to third parties.

We use the information we collect to:

• Create, manage, and authenticate your account;
• Connect to your Alpaca brokerage account to enable stock trading functionality, and where applicable cryptocurrency trading;
• Process your subscription payments and manage billing;
• Communicate with you about your account, billing, security notices, and changes to the Service;
• Provide customer support and respond to your inquiries;
• Monitor, maintain, debug, and improve the performance and security of the Service;
• Detect, investigate, and prevent fraudulent, abusive, or unlawful activity;
• Comply with applicable legal and regulatory obligations.

We do not use your information for advertising purposes. We do not sell your personal data to anyone.

3.1 Storage

Your data is stored using our cloud database provider. Access to the database is restricted to authorized personnel and secured with industry-standard authentication and access controls.

3.2 Encryption of Alpaca API Credentials

Your Alpaca API key and secret are encrypted using industry-standard encryption before being stored in our database. Credentials are decrypted in memory only when needed to process your trading requests, and are never logged in plaintext or transmitted to any party other than Alpaca Markets.

3.3 Payment Data

We do not store your credit card numbers, CVV codes, or full payment details. All payment processing is handled directly by our third-party payment processor.

3.4 Security Measures

We implement commercially reasonable security measures including encryption in transit (HTTPS/TLS), encryption at rest for sensitive credentials, restricted database access, and secure authentication. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

We share limited data with the following categories of third-party service providers solely to operate the Service. Each provider is bound by its own privacy policy and contractual obligations to us:

• Authentication provider — handles user account creation and login.
• Cloud database provider — stores your account data and encrypted credentials.
• Payment processor — handles subscription billing; we never see or store your card details.
• Brokerage API provider — executes trades and retrieves market data on your behalf.

We do not share, sell, rent, or trade your personal data with any other third parties, except as required by law (such as in response to a subpoena, court order, or other valid legal process), or to protect our rights, property, or safety, or that of our users or the public.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you;
• Correction — request correction of inaccurate or incomplete data;
• Deletion — request deletion of your personal data, subject to legal retention requirements.

To exercise any of these rights, contact us at [SUPPORT EMAIL]. You may also delete your account at any time through your account settings.

• Account data — retained for as long as your account is active and deleted upon account deletion.
• Alpaca API credentials — deleted within 30 days of account deletion or upon explicit user request.
• Billing records — retained for up to 7 years, as required for financial recordkeeping and tax purposes.
• Usage and log data — typically retained for 90 days, after which it is deleted or aggregated.

The Service is not intended for, marketed to, or directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have inadvertently collected data from a person under 18, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at [SUPPORT EMAIL].

The Service is operated from and intended for users in the United States. We do not specifically target or market to users outside the United States. If you access the Service from outside the United States, you do so at your own discretion and are responsible for compliance with your local laws. Your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. For material changes, we will notify you by email or via a notice within the Service prior to the changes taking effect. Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at [SUPPORT EMAIL].