← Back to Premise

Privacy Policy

Effective date: 2026-05-08. Last updated: 2026-05-08.

1. What we collect

• Account: username, email, hashed password, optional 2FA secret.
• Billing: handled by Stripe — we never store full card details. We retain a Stripe customer ID and subscription status.
• Usage: server logs (IP, route, timestamp) for security and debugging. Logs auto-rotate after 30 days.
• Telegram: if you connect Telegram alerts, we store your chat ID only.

2. What we don't collect

• No third-party analytics (no Google Analytics, no Meta Pixel).
• No advertising trackers.
• No selling or sharing of personal data with third parties for marketing.

3. Cookies

We use a single server-session cookie to keep you signed in. No third-party cookies.

4. Data retention & deletion

You can request account deletion any time at [email protected]. We delete your account, journal, and portfolio rows within 7 days. Stripe retains billing records as required by tax law.

5. Security

Passwords are hashed (PBKDF2). 2FA via TOTP is available. HTTPS is enforced. Report security issues to [email protected].

6. Contact

[email protected]