Privacy Policy

1. Information We Collect

AlphaDesk collects information necessary to provide our trading terminal service. This includes:

• Account Information: Username, email address, and hashed password credentials.
• API Credentials: Brokerage API keys (e.g., Alpaca) that you provide for trade execution. These are stored encrypted at rest.
• Usage Data: Trading activity, strategy configurations, and platform interaction logs.
• Technical Data: IP address, browser type, and device information collected automatically via server logs.

2. How We Use Your Information

• To authenticate and authorize access to the platform.
• To execute trades and manage positions on your behalf through connected brokerage accounts.
• To provide AI-powered analysis using Anthropic's Claude API. Market data and strategy parameters may be sent to Anthropic for analysis. No personally identifiable information is included in these requests.
• To improve platform performance and reliability.
• To communicate important service updates.

3. Data Storage and Security

Your data is stored on secure servers. We use industry-standard encryption for data in transit (TLS) and at rest. API keys are encrypted using AES-256 before storage. Access to production systems is restricted and audited.

4. Cookies

AlphaDesk uses essential cookies for authentication (session tokens). We do not use third-party tracking cookies or advertising cookies. Authentication cookies are HttpOnly and Secure.

5. Third-Party Services

We integrate with the following third-party services:

• Alpaca Markets: Brokerage services for trade execution. Subject to Alpaca's privacy policy.
• Anthropic (Claude): AI analysis services. Market data sent for analysis is subject to Anthropic's privacy policy.

6. Your Rights

You have the right to:

• Request access to the personal data we hold about you.
• Request correction or deletion of your personal data.
• Revoke API key access at any time through your brokerage provider.
• Request export of your trading data.

7. Data Retention

We retain account data for as long as your account is active. Trading history and analytics data are retained for regulatory compliance purposes. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.

8. Children's Privacy

AlphaDesk is not intended for users under 18. We do not knowingly collect data from minors.

9. GDPR Compliance

If you are in the EU/EEA, you have rights under GDPR including access, rectification, erasure, and portability. Contact legal@tradingalpha.net to exercise these rights.

10. CCPA Compliance

California residents have additional rights under CCPA. Contact us for data access or deletion requests.

11. Data Breach Notification

In the event of a data breach, we will notify affected users within 72 hours as required by applicable law.

12. International Data Transfers

Data may be processed in the United States. By using AlphaDesk, you consent to data transfer to the US.

13. Contact

For privacy-related inquiries, contact us at legal@tradingalpha.net.