Privacy Policy

Last updated: April 19, 2026

What we collect

Email and display name at signup
Alpaca API key + secret you paste at onboarding — stored AES-256-GCM encrypted at rest, decrypted in-memory only to submit orders
Trade events and outcomes from Alpaca, via broker API
App usage telemetry (pages viewed, features used)

What we don't do

We don't sell your data. Ever.
We don't store your Alpaca credentials in plaintext.
We don't custody funds — money lives in your Alpaca account.

Third parties

Alpaca Markets — brokerage + market data
AI providers — frontier reasoning models for trade decisions and news classification
Stripe — billing
Resend — transactional email
Microsoft Azure — hosting, database, secrets

Your rights

Email privacy@thesistrade.app to export, correct, or delete your data. Account deletion removes your credentials, trade history, and subscription records within 30 days.