Privacy Policy

Summary (the short version)

• We collect: your email, password (salted and hashed — we never see your real password), trade journal entries, watchlists, AI preferences, and usage telemetry
• We do not collect: brokerage credentials, brokerage account balances, real trade executions, or any data from your broker
• We do not sell personal data to anyone, ever
• Payment data is handled exclusively by Stripe — we never see your full card number
• You can request deletion of your account and all associated personal data at any time

1. Data we collect

Account data

• Email address (required for login + transactional emails)
• Password — salted and hashed before storage. We cannot recover your password; we can only reset it.
• Full name (optional, for personalization)
• Subscription plan + billing status (synced from Stripe)

Usage data

• Watchlists you create, AI ideas you generate, plays you save, journal entries you write
• AI preferences (allowed strategies, DTE range, account size, risk tolerance)
• Last-login timestamps, action logs for auditing
• Browser type, IP address, request paths (for security + performance monitoring)

Payment data

Stripe processes all payments. We receive only: customer ID, subscription status, last 4 digits of your card (for display purposes), and billing email. We never see or store your full card number, CVV, or bank account credentials.

2. Data we do NOT collect

• Brokerage account credentials — we have no integration that requires them
• Real-money trade executions — your trades happen at your broker; we never see them
• Real brokerage balances or positions — what you log in your OptionsDeck journal is what we see, nothing more
• Bank account or routing numbers
• Government ID, SSN, or any KYC documents (we're not a broker; no requirement)

3. How we use your data

• Run the Service: authenticate logins, serve your watchlists, persist your ideas, deliver email notifications
• Improve the Service: aggregated, anonymized usage stats help us identify popular features and broken flows
• Bill you: via Stripe; we share only what's needed for subscription management
• Send transactional email: via Resend (password resets, billing receipts, trial-end reminders). You can unsubscribe from non-essential email.
• Comply with law: if we receive a valid legal request (subpoena, court order), we may disclose required information

4. Third-party processors

We use a small number of third-party services. Each has its own privacy policy:

• Stripe — payment processing
• Resend — transactional email delivery
• OptionsDeck Direct Feed — our market-data provider (does not receive your personal info)
• OptionsDeck Core — AI reasoning. Your AI prompts are processed by the third-party model provider behind OptionsDeck Core. Their policy is that customer prompts are not used to train models and are not accessible to staff outside abuse review. We do not send your email, name, or any direct identifier in the prompt — only the structured market context for the ticker you queried.
• Error monitoring — technical errors only; we strip PII from error reports

A complete, current list of our sub-processors — including the underlying providers behind OptionsDeck Direct Feed and OptionsDeck Core — is maintained on our Sub-processors page.

5. Data storage and security

Your data is stored on secure, managed cloud infrastructure with encrypted backups. Passwords are salted and hashed. Connections to the Service are HTTPS-only with HSTS, and session tokens are cryptographically signed. We follow industry-standard security practices but we are not yet SOC 2 certified. See our Security page for full details.

6. Data retention and deletion

We retain your data for as long as your account is active. You can request deletion of your account at any time by emailing support@optionsdeck.ai or via /account. We will delete your personal data within 30 days of the deletion request, subject to legal retention requirements (e.g., we may retain billing records for tax-law-required periods).

7. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion ("right to be forgotten")
• Export your data in a portable format
• Opt out of non-essential communications
• Withdraw consent at any time

To exercise any of these rights, email support@optionsdeck.ai. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication (JWT session token). We do not use third-party advertising cookies or cross-site tracking. We use minimal first-party analytics for product improvement.

9. International users

OptionsDeck is operated from the United States. By using the Service from outside the US, you consent to the transfer of your data to the US, which may have different privacy protections than your home jurisdiction. We comply with GDPR for EU residents and CCPA for California residents on a best-effort basis.

10. Children

OptionsDeck is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have, contact us and we will delete it immediately.

11. Changes to this policy

We may update this Privacy Policy. Material changes will be announced by email and the "Last updated" date will change. Continued use after notice constitutes acceptance.

Privacy questions, data requests, or complaints: support@optionsdeck.ai.