Privacy Policy

We collect the following categories of information:

Information you provide directly:

• Email address (for account registration and email subscriptions)
• Account credentials (username, encrypted password)
• Trade entries, notes, and journal data you input
• Payment information (processed by third-party payment processor; we do not store full card numbers)
• Communications you send to us (support requests, feedback)

Information from broker integration:

• If you connect a brokerage account via SnapTrade, we receive read-only access to position data, account balances, and transaction history
• We do not receive your broker login credentials
• We do not have the ability to execute trades, place orders, or move funds

Information collected automatically:

• Usage data (pages visited, features used, time spent, click patterns)
• Device information (browser type, operating system, IP address)
• Cookies and similar tracking technologies (see Section 5)

We use your information to:

• Provide, operate, and maintain the Service
• Process subscriptions and payments
• Send email briefings, newsletters, alerts, and transactional communications you've subscribed to
• Generate personalized AI analysis based on your trade history
• Improve the Service and develop new features
• Respond to support requests
• Detect, prevent, and address fraud, security issues, and technical problems
• Comply with legal obligations

When you use AI-powered features (such as the /chat interface or /api/analyze endpoint), your inputs and relevant portfolio data are sent to a third-party large language model provider (currently Anthropic). The AI provider processes the data to generate responses but does not use your data to train their models per their API terms.

We retain a record of AI prompts and responses for service quality and debugging purposes for up to 90 days.

We do not sell your personal information. We may share information with:

• Service providers who help operate the Service (e.g., Supabase for database hosting, Vercel for application hosting, Resend for email delivery, SnapTrade for broker integration, Anthropic for AI processing, Stripe or similar for payment processing). These providers are contractually limited to using your data only to provide their services.
• Legal authorities when required by law, court order, or to protect rights, safety, or property.
• In connection with a business transfer such as a merger, acquisition, or sale of assets, with notice to you.

We use cookies and similar technologies to:

• Maintain your authenticated session
• Remember your preferences (e.g., dark mode, sidebar state)
• Analyze usage patterns to improve the Service

You can disable cookies in your browser settings, but some Service features may not function properly without them.

We implement reasonable technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/HTTPS)
• Encrypted password storage
• Row-level security on database tables
• Access controls limiting employee and contractor data access
• Regular security review of vendors and infrastructure

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

We retain your information for as long as needed to provide the Service and comply with legal obligations. Specifically:

• Account data: until you delete your account (then retained 30 days for recovery)
• Trade history: as long as your account is active
• Email subscription data: until you unsubscribe
• AI conversation logs: 90 days
• Payment records: as required by tax and accounting law (typically 7 years)

Depending on your jurisdiction, you may have rights to:

• Access the personal information we hold about you
• Correct inaccurate information
• Delete your account and associated data
• Export your data in a portable format
• Opt out of marketing emails (every email has an unsubscribe link)
• Restrict certain processing of your data

To exercise these rights, contact: hello@retirewheel.com

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) including the right to know what personal information we collect, the right to delete personal information, the right to opt out of the sale of personal information (we do not sell), and the right to non-discrimination for exercising these rights.

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) including rights to access, rectification, erasure, restriction, portability, and objection. The lawful bases for our processing are typically consent, contract performance, and legitimate interests.

Note: The Service is operated from the United States. By using the Service, you consent to transfer of your data to the United States, which may have data protection laws different from those of your jurisdiction.

The Service is not directed to children under 18. We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on the Service. The "Last updated" date at the top reflects the most recent revision.

Privacy questions: hello@retirewheel.com