Privacy Policy

1. Data We Collect

We collect your email address, display name, portfolio holdings data, and trade history that you voluntarily provide. We also store API keys you provide (encrypted) to run the analysis service.

2. How We Protect Your Data

API keys are encrypted using Fernet symmetric encryption before storage. Passwords are hashed using bcrypt. All communication uses HTTPS. Database access is restricted.

3. Third-Party Services

Your API keys are used to access third-party services (OpenAI, Finnhub, CoinGecko) on your behalf. Your portfolio data is sent to OpenAI's API for analysis. We use Mailgun for email delivery and Stripe for payment processing.

4. Data Retention

Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time.

5. Cookies

We use a single httpOnly session cookie for authentication. We do not use tracking cookies or third-party analytics.