Privacy Policy

1.1 Personal Information

When you use our Service, we collect the following types of personal information:

1.2 User-Defined Trading Parameters

• Strategy preferences (Cash-Secured Puts, Covered Calls, Wheel Strategy)
• User-defined target parameters (delta ranges, days to expiration, IV thresholds)
• User-configured profit targets and stop-loss settings
• Watchlist symbols
• User-defined settings from setup wizards and preference commands

1.3 Usage Data

• Bot commands and interactions
• Website page visits and feature usage
• API endpoint usage patterns
• Error logs and system diagnostics
• Session data and authentication timestamps

1.4 Market Data Processing

• Options chain analysis and calculations
• Implied volatility metrics and rankings
• Historical volatility calculations
• Impersonal trade opportunity scoring and data analysis

1.5 Waitlist Data

• Contact information (email)
• Application information you choose to provide (short questionnaire)
• UTM parameters (source, medium, campaign) when provided
• Device and log data used for security and rate limiting (IP address in packed form, user agent)
• Captcha responses (Cloudflare Turnstile) to prevent automated abuse
• Verification/invite tokens stored only as one‑way hashes with expiration timestamps

2.1 Core Service Functionality

• Account Management: Authenticate users and manage account access
• Trading Analysis: Provide options strategy analysis and data
• Market Data: Deliver real-time quotes, option chains, and market information
• Trade Execution: Process and monitor trading orders through integrated brokers at your explicit direction
• Portfolio Monitoring: Track positions, P&L, and trade lifecycle management

2.2 Data Filtering and User Experience

• Data Filtering: Filter and display market data based on user-defined parameters and criteria that you explicitly set.
• Opportunity Discovery: Screen for trading opportunities that match criteria you have explicitly configured in your settings.
• Performance Analytics: Calculate and display trading metrics and historical performance based on your activity.
• User Experience: Remember preferences and provide customized dashboard views.

2.3 System Operations

• Security: Protect against unauthorized access and fraudulent activity
• Performance: Cache frequently requested data for faster response times
• Reliability: Monitor system health and troubleshoot technical issues
• Compliance: Maintain audit trails and system logs as required
• Form Protection: CSRF protection on website forms (login, signup, settings)
• Rate Limiting: Redis-backed rate limits keyed by IP and/or email; generic responses to prevent email enumeration
• Logging Hygiene: Avoid logging PII or raw tokens; never log Telegram login payloads or hashes

2.4 Beta Waitlist Processing

• Send transactional emails to verify your email and deliver single‑use invites
• Evaluate waitlist entries and questionnaire responses for invite decisions
• Prevent abuse via rate limiting and captcha validation
• Invite acceptance is bound to the verified email and is single‑use/time‑limited
• Transactional emails include verification, invite, and welcome (after signup)

3.1 Third-Party Service Providers

We integrate with the following third-party services to provide our functionality:

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will provide notice of any such change in ownership or control.

3.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.1 Account Data

• Active Accounts: Data is retained while your account remains active
• Inactive Accounts: Accounts inactive for more than 2 years may be subject to data deletion
• Legal Requirements: Some data may be retained longer to comply with regulatory requirements
• Password Reset Tokens: Stored only as 32‑byte hashes; expire by default after 2 hours and are purged after use or expiry

5.2 Trading Data

• Transaction History: Maintained for regulatory compliance and tax reporting purposes
• Market Data Cache: Automatically expires based on market conditions (1-30 minutes)
• System Logs: Retained for 90 days for troubleshooting and security purposes

5.3 Data Deletion

You may request deletion of your account and associated data at any time. Upon deletion:

• Personal information and preferences are permanently removed
• Schwab tokens and account associations are cleared
• Trading history may be retained in anonymized form for regulatory compliance

5.4 Waitlist Retention

• Verification/invite tokens retained until expiration, then purged
• Waitlist records retained while the beta program is active or as required by law
• You may request deletion of your waitlist data at any time

6.1 Access and Control

• Data Access: Request a copy of your personal data
• Data Correction: Update or correct inaccurate information
• Data Deletion: Request deletion of your account and data
• Data Portability: Request your data in a machine-readable format

6.2 Communication Preferences

• Bot Notifications: Control notification frequency and types through bot settings
• Strategy Preferences: Modify or disable trading strategies at any time
• Watchlist Management: Add or remove symbols from your watchlist

6.3 Account Management

• Account Disconnection: Disconnect Schwab account integration at any time
• Service Termination: Close your account and request data deletion
• Preference Updates: Modify trading preferences and risk parameters