Privacy Policy
Summary: We collect only what's needed to run the platform: your email, hashed password, and basic usage data. We don't sell your data. We don't track your trades. We use cookies only for authentication.
1. Information We Collect
1.1 Information You Provide
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account creation, login, service communications | Until account deletion |
| Password | Authentication (stored as bcrypt hash only) | Until account deletion |
| Subscription tier | Access control and billing | Until account deletion |
1.2 Information Collected Automatically
| Data | Purpose | Retention |
|---|---|---|
| IP address | Security, rate limiting, abuse prevention | Server logs rotated regularly |
| Browser type / OS | Compatibility and debugging | Server logs rotated regularly |
| Pages visited | Service improvement | Aggregated, not individually tracked |
| API usage | Rate limiting, tier enforcement | Rolling window |
1.3 Information We Do NOT Collect
- Your brokerage account details or credentials
- Your actual trades, positions, or portfolio holdings
- Financial account numbers or balances
- Social Security numbers or government IDs
- Precise geolocation data
2. How We Use Your Information
We use your information solely to:
- Provide and maintain the Service (authentication, tier-based access control)
- Process subscription payments through our payment processor
- Send essential service communications (account security, billing, major service changes)
- Prevent abuse and enforce our Terms of Service
- Improve the Service based on aggregate usage patterns
We do not use your information for advertising, profiling, or selling to third parties.
3. Cookies and Authentication
Alpha Suite uses a minimal set of cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| Session token (JWT) | Authentication — keeps you logged in | 24 hours |
We do not use third-party tracking cookies, advertising pixels, or analytics services that track individual users. No data is shared with ad networks.
4. Data Sharing
We share your data only in these limited circumstances:
- Payment processor: Your email is shared with our payment processor to handle subscription billing. We do not store credit card numbers.
- Legal requirements: We may disclose information if required by law, court order, or governmental authority.
- Service protection: We may share information to investigate fraud, abuse, or violations of our Terms.
We do not sell, rent, or trade your personal information to any third party.
5. Data Security
We implement reasonable security measures to protect your data:
- Passwords are hashed using bcrypt (never stored in plaintext)
- Authentication uses signed JWT tokens transmitted over HTTPS
- The Service is served exclusively over HTTPS with TLS encryption
- Database access is restricted to the application layer
No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).
Aggregated, anonymized usage data may be retained indefinitely for service improvement.
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Delete your account and associated personal data
- Export your data in a portable format
- Object to processing of your data for specific purposes
To exercise any of these rights, contact us at [email protected].
8. International Users
The Service is hosted in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US. By using the Service, you consent to this transfer.
For users in the European Economic Area (EEA), we process personal data on the legal basis of contract performance (providing the Service you signed up for) and legitimate interest (security, fraud prevention).
9. Children
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email. The "Last updated" date at the top reflects the most recent revision.
11. Contact
For privacy-related questions or requests, contact us at [email protected].