Signal2Alpha← Back to app

Privacy Policy

Last updated: April 17, 2026

1. Overview

Signal2Alpha ("we", "us", "our") is a personal trading journal and execution tool. This Privacy Policy explains what information we collect, how we use it, and how we protect it. By using Signal2Alpha, you agree to the practices described in this policy.

2. Information We Collect

Account Information

We collect your email address when you sign up via Supabase Auth. We do not collect your name, phone number, or payment information.

Broker OAuth Tokens

When you connect a brokerage account (Schwab, Webull), we store OAuth access and refresh tokens. These tokens are encrypted at rest using AES-256 (Fernet) and are never exposed to the frontend or any third party. They are used solely to execute actions on your behalf within the app.

Trade and Journal Data

We store trade signals, journal entries, orders, and positions that you create within the app. This data is stored in a PostgreSQL database hosted by Supabase and is associated with your user account.

Usage Data

We do not use third-party analytics. Server logs may capture IP addresses and request metadata for debugging purposes. These are not shared externally.

3. How We Use Your Information

  • To authenticate you and maintain your session
  • To connect to your brokerage accounts and execute actions you initiate
  • To store and display your trade journal entries and order history
  • To generate AI trade critiques using your trade data (processed server-side)
  • To maintain the security and reliability of the service

We do not sell, rent, or share your personal data or trade data with any third party for marketing or advertising purposes.

4. Third-Party Services

We use the following third-party services to operate Signal2Alpha:

  • Supabase — authentication and database hosting (supabase.com)
  • Render — backend API hosting (render.com)
  • Vercel — frontend hosting (vercel.com)
  • Anthropic — AI trade critique (anthropic.com), trade data is sent to Anthropic for analysis when you request a critique
  • Charles Schwab API — brokerage integration (schwab.com)
  • Webull API — brokerage integration (webull.com)

Each of these services has its own privacy policy governing how they handle data.

5. Data Security

  • All data in transit is encrypted via HTTPS/TLS
  • Broker OAuth tokens are encrypted at rest with AES-256 before database storage
  • Access to the database is restricted to authenticated backend services only
  • No broker tokens or sensitive credentials are ever sent to the frontend

6. Data Retention

Your data is retained for as long as your account is active. If you disconnect a broker account, its OAuth tokens are deleted immediately. If you request account deletion, all associated data including trades, orders, positions, and journal entries will be permanently deleted within 30 days.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Disconnect your brokerage accounts at any time via the app

To exercise these rights, contact us at the email address below.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the app or email. Continued use of Signal2Alpha after changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions or data deletion requests, contact us at: privacy@signal2alpha.dev