Privacy Policy

Last updated: March 18, 2026

1. Information We Collect

We collect the following types of information:

  • Account information: Email address and password (hashed) when you create an account.
  • Usage data: Theses you submit, strategies generated, backtests run, and feature usage patterns.
  • Trading data: If you connect a brokerage, we access trade history and portfolio data through their APIs. We do not store your brokerage credentials directly — authentication is handled via OAuth or API keys stored encrypted.
  • Technical data: IP address, browser type, device information, and access timestamps for security and rate limiting.
  • Payment data: Billing is processed by Stripe. We do not store credit card numbers. Stripe provides us with subscription status, plan type, and payment history.

2. How We Use Your Information

  • To provide and improve the Service (strategy generation, backtesting, trading).
  • To authenticate your identity and manage your account.
  • To enforce rate limits and prevent abuse.
  • To process payments and manage subscriptions.
  • To send transactional emails (account confirmation, password reset, billing).
  • To analyze aggregate usage patterns and improve AI model quality.

We do not sell your personal information. We do not use your trading data to trade against you or share it with third parties for their trading purposes.

3. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) with row-level security policies ensuring you can only access your own data. All data is transmitted over HTTPS. Passwords are hashed using industry-standard algorithms. API keys for brokerage integrations are encrypted at rest.

4. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase — Database and authentication.
  • Stripe — Payment processing.
  • Fly.io — Application hosting.
  • Vercel — Frontend hosting.
  • Alpaca, Coinbase, Kraken — Brokerage integrations (only if you connect them).
  • Finnhub — Market data and financial information.
  • Google Gemini / Anthropic Claude — AI model providers for strategy generation.

Each third-party service has its own privacy policy. We share only the minimum data necessary for each service to function.

5. AI Model Usage

When you submit a thesis, it is sent to AI model providers (Google Gemini or Anthropic Claude) to generate trading strategies. These providers may process your input according to their own data policies. We do not send your personal information, account details, or trading history to AI providers — only the thesis text and relevant market data.

6. Data Retention

  • Account data is retained while your account is active.
  • Trading history and strategy data is retained for the lifetime of your account.
  • Upon account deletion, your data is removed within 30 days.
  • Anonymized, aggregate usage data may be retained indefinitely for analytics.

7. Your Rights

You have the right to:

  • Access your personal data.
  • Correct inaccurate information.
  • Delete your account and associated data.
  • Export your trading data and strategies.
  • Opt out of non-essential communications.

To exercise these rights, contact us at privacy@algothesis.com.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. No cookie consent banner is required as we only use strictly necessary cookies.

9. Children

The Service is not intended for users under 18. We do not knowingly collect information from minors.

10. Changes

We may update this policy. Material changes will be communicated via email or in-app notice. Continued use constitutes acceptance.

11. Contact

Questions? Contact us at privacy@algothesis.com.