Skip to main content
← Back to home

Privacy Policy

Last updated: 2025-02-07

1. What Data We Collect

  • Account data: email address and (hashed) passwords when registering via email, or profile information from your OAuth provider (Google, GitHub).
  • Project data: strategy names, descriptions, and builder configurations that you create.
  • Payment data: processed by Stripe. We do not store credit card numbers. We only retain your Stripe customer ID and subscription status.
  • Usage data: audit logs of actions (login, export, project changes) with anonymized IP addresses for security purposes.

2. How We Use Your Data

  • To create and manage your account
  • To save and export your strategy projects
  • To process payments and subscriptions via Stripe
  • To send password reset emails via Resend
  • To monitor the security and stability of the platform
  • To detect and resolve errors (via Sentry)

3. Sharing Data with Third Parties

We only share your data with the following processors:

  • Stripe - payment processing
  • Resend - transactional emails
  • Sentry - error reporting (no personal data)
  • Neon/PostgreSQL - database hosting
  • Vercel - application hosting

We never sell your data to third parties.

4. Data Security

We take appropriate technical and organizational measures to protect your data:

  • Passwords are hashed with bcrypt
  • All connections are encrypted via HTTPS/TLS
  • Password reset tokens are stored hashed (SHA-256)
  • Rate limiting on all API endpoints
  • CSRF protection on all state-changing requests

5. Data Retention

  • Account data is retained as long as your account is active
  • Deleted projects are permanently removed after 30 days
  • Expired password reset tokens are automatically cleaned up
  • Webhook events are deleted after 90 days

6. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Download a copy of your data (data export)
  • Correct inaccurate data
  • Delete your account and all associated data
  • Object to the processing of your data

You can export your data and delete your account through your account settings, or by contacting us.

7. Cookies

We use the following cookies:

  • Session cookie (essential) - for authentication
  • CSRF token (essential) - for protection against cross-site request forgery
  • Cookie preference (essential) - to remember your cookie choice

We do not use tracking or advertising cookies.

8. Contact

For questions about your privacy or to exercise your rights, contact us via the email address in your account settings.

9. Changes

We may update this privacy policy from time to time. Changes will be published on this page with an updated date.

Terms of Service