Privacy Policy

1. Information We Collect

We collect the following types of information:

• Account information: Email address and password (hashed) when you create an account.
• Usage data: Theses you submit, strategies generated, backtests run, screener queries, saved workflows, and feature usage patterns.
• Intent classification data: When you submit a message, our AI intent classification system (powered by Google Gemini Flash) processes your input to determine the appropriate response type (screener, strategy, ticker card, or text response). The classification result is used to route your query and is not stored separately from your usage data.
• Saved workflows: If you save screener queries or other workflows, the query parameters, configuration, and metadata are stored in our database (Supabase) and associated with your account.
• Trading data: If you connect a brokerage, we access trade history and portfolio data through their APIs. We do not store your brokerage credentials directly — authentication is handled via OAuth or API keys stored encrypted.
• Technical data: IP address, browser type, device information, and access timestamps for security and rate limiting.
• Payment data: Billing is processed by Stripe. We do not store credit card numbers. Stripe provides us with subscription status, plan type, and payment history.

2. How We Use Your Information

• To provide and improve the Service (strategy generation, backtesting, trading, screening, AI text responses).
• To classify user intent and route queries to the appropriate response handler.
• To authenticate your identity and manage your account.
• To enforce rate limits and prevent abuse.
• To process payments and manage subscriptions.
• To send transactional emails (account confirmation, password reset, billing).
• To analyze aggregate usage patterns and improve AI model quality.

We do not sell your personal information. We do not use your trading data to trade against you or share it with third parties for their trading purposes.

3. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) with row-level security policies ensuring you can only access your own data. All data is transmitted over HTTPS. Passwords are hashed using industry-standard algorithms. API keys for brokerage integrations are encrypted at rest. If you provide your own AI API key (BYOK), it is stored in our database and used only to make API calls on your behalf. We do not log, share, or use your key for any other purpose. You can remove your key at any time from your dashboard settings.

4. Third-Party Services

We use the following third-party services that may process your data:

• Supabase — Database and authentication.
• Stripe — Payment processing.
• Fly.io — Application hosting.
• Vercel — Frontend hosting.
• Alpaca, Coinbase, Kraken — Brokerage integrations and market data (only if you connect them, or for screener/ticker data).
• Financial Modeling Prep (FMP) — Market data, fundamentals, and financial information for screener and ticker cards.
• Finnhub — Market data and financial information.
• Google Gemini / Anthropic Claude — AI model providers for strategy generation.

Each third-party service has its own privacy policy. We share only the minimum data necessary for each service to function.

5. AI Model Usage

When you submit a message, it is first processed by our AI intent classification system (Google Gemini Flash) to determine the appropriate response type. Depending on the classification, your input may then be sent to AI model providers (Google Gemini or Anthropic Claude) to generate trading strategies, text responses, or other outputs. These providers may process your input according to their own data policies. We do not send your personal information, account details, or trading history to AI providers — only the query text and relevant market context.

6. Data Retention

• Account data is retained while your account is active.
• Trading history and strategy data is retained for the lifetime of your account.
• Upon account deletion, your data is removed within 30 days.
• Anonymized, aggregate usage data may be retained indefinitely for analytics.

7. Your Rights

You have the right to:

• Access your personal data.
• Correct inaccurate information.
• Delete your account and associated data.
• Export your trading data and strategies.
• Opt out of non-essential communications.

To exercise these rights, contact us at privacy@algothesis.ai.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. No cookie consent banner is required as we only use strictly necessary cookies.

9. Children

The Service is not intended for users under 18. We do not knowingly collect information from minors.

10. Changes

We may update this policy. Material changes will be communicated via email or in-app notice. Continued use constitutes acceptance.

11. Contact

Questions? Contact us at privacy@algothesis.ai.