← Back

Privacy Policy

1. What we collect

• Account data: email, name, bcrypt password hash, plan tier.
• Trading data: watchlists, portfolio CSVs you upload, tracked positions, alert history. This data stays in your account and is never shared with other users or sold.
• Anthropic API key: if you provide one, it's stored AES-128 encrypted with a master key not stored in the database.
• Usage counters: daily AI-call counts for plan-quota enforcement.
• Session data: user-agent and IP, used only to show active sessions and detect suspicious logins.
• Stripe billing: Stripe handles your card data — we only store the customer ID and subscription status they return.

2. How we use it

To run the service. We don't sell your data, don't run ads, and don't use your portfolio or watchlist to train AI models. AI requests sent to Anthropic use the API key you provided (or your trial allocation) and are subject to Anthropic's privacy policy.

3. Third parties

• Stripe (payment processing) — policy
• Anthropic (AI API) — policy
• Resend (transactional email) — policy
• Yahoo Finance, Stooq (public market data) — read-only, no personal data sent

4. Your rights (GDPR, CCPA)

You can:

• Export all your data anytime — Account Settings → "Export my data" returns a JSON dump.
• Delete your account anytime — Account Settings → "Delete account". Removes all rows owned by your user_id and cancels any active Stripe subscription. Deletion is immediate; backups purge within 30 days.
• Request changes to your data via support@genztrade.ai.

5. Security

Bcrypt cost-12 password hashes. JWT auth with 7-day expiry and per-session revocation. AES-128 (Fernet) encryption for API keys. HTTPS everywhere in production. We rate-limit auth endpoints to defeat brute force.

6. Cookies & local storage

We use browser localStorage (not cookies) to keep your JWT and UI preferences. No analytics or advertising trackers.

7. Children

GenZTrade is not for users under 18.

8. Contact

support@genztrade.ai