Data We Collect
Account info, trading activity, broker API data, usage analytics, and cookies.
How We Use It
To operate the platform, execute trades, improve our service, and communicate with you.
Data Sharing
We don't sell your data. We share only with service providers and as required by law.
Your Rights
Access, correct, delete, or export your data. CCPA and GDPR rights honored.
Table of Contents
1. Overview
WealthSignal ("we," "us," or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the WealthSignal platform and related services.
By using WealthSignal, you consent to the practices described in this Policy. If you do not agree with this Policy, please do not use our services.
2. Data We Collect
2.1 Information You Provide
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Email address, password (hashed), name | Authentication, account management |
| Profile Data | Risk tolerance, trading preferences, notifications settings | Personalization, strategy configuration |
| Billing Data | Payment method details (processed by Stripe), subscription history | Payment processing |
| Communications | Support tickets, feedback messages, emails | Customer support, service improvement |
2.2 Automatically Collected Data
- Usage Data: Pages visited, features used, session duration, click patterns
- Device Data: IP address, browser type and version, operating system, device identifiers
- Log Data: Server logs including access times, error logs, API calls
- Performance Data: Platform performance metrics, error reports
2.3 Third-Party Sources
We may receive data from Alpaca Markets and other integrated brokers regarding your account status and trading activity, consistent with your authorization and the broker's privacy policies.
3. Broker API Data
When you connect a brokerage account (currently Alpaca Markets) to WealthSignal, we access and process the following data via the broker's API:
- Account balance and buying power
- Portfolio positions and holdings
- Order history and trade executions
- Account status and trading permissions
You may revoke API access at any time by disconnecting your broker account in Platform Settings or by revoking API access directly with your broker. Upon revocation, we will delete your stored credentials within 30 days.
4. How We Use Your Data
We use your information for the following purposes:
- Platform Operations: Account authentication, executing automated trading strategies, displaying portfolio data
- Service Improvement: Analyzing usage patterns, identifying bugs, improving features and performance
- Communications: Sending transaction confirmations, security alerts, product updates, and marketing communications (where permitted)
- Compliance & Safety: Fraud detection, abuse prevention, compliance with legal obligations
- Analytics: Understanding how users interact with the Platform to improve our products
- Billing: Processing payments, managing subscriptions, resolving billing issues
We do not use your personal data to train general-purpose AI or machine learning models. We do not sell your personal data to third parties.
7. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit: All data transmitted between your browser and our servers uses TLS 1.2+
- Encryption at rest: Sensitive data (including API credentials) is encrypted using AES-256-GCM
- Access controls: Strict role-based access controls limit who can access user data internally
- Security audits: Regular security reviews and vulnerability assessments
- Password hashing: Passwords are never stored in plain text
Despite these measures, no security system is perfect. In the event of a data breach affecting your rights and freedoms, we will notify you as required by applicable law.
8. Data Retention
We retain your data for as long as necessary to provide our services and comply with legal obligations:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 3 years after closure |
| Trading history | 7 years (regulatory requirement) |
| Billing records | 7 years (tax/accounting requirement) |
| Broker API credentials | Deleted within 30 days of disconnection |
| Server logs | 90 days |
| Analytics data | 2 years (anonymized after 12 months) |
| Support communications | 3 years after case closure |
You may request earlier deletion of your personal data (see Your Rights below), subject to legal retention requirements.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to certain uses of your data (e.g., marketing)
- Restriction: Request that we restrict processing of your data in certain circumstances
- Withdrawal of Consent: Withdraw consent where processing is based on consent
To exercise your rights, contact us at support@wealthsignal.com. We will respond within 30 days (45 days for complex requests). We may need to verify your identity before processing requests.
10. CCPA — California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you additional rights:
- Know: Right to know what personal information we collect, use, disclose, and sell
- Delete: Right to request deletion of your personal information
- Opt-Out of Sale: Right to opt out of the sale or sharing of your personal information (we do not sell personal information)
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
- Correct: Right to correct inaccurate personal information
- Limit Use of Sensitive PI: Right to limit use of sensitive personal information
To submit a CCPA request, email support@wealthsignal.com with "CCPA Request" in the subject line. We will respond within 45 days.
In the past 12 months, we have not sold or shared personal information as defined under the CCPA.
11. GDPR — EU/UK Residents
If you are located in the European Union, European Economic Area, or United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR applies to your data.
11.1 Legal Basis for Processing
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance |
| Executing automated trades | Contract performance |
| Billing and payments | Contract performance; legal obligation |
| Fraud prevention and security | Legitimate interests |
| Marketing communications | Consent |
| Analytics and improvement | Legitimate interests |
| Regulatory compliance | Legal obligation |
11.2 International Transfers
Your data may be transferred to and processed in countries outside the EU/EEA/UK, including the United States. We ensure such transfers comply with GDPR through appropriate safeguards such as Standard Contractual Clauses (SCCs).
11.3 Data Protection Officer
For GDPR-related inquiries, contact us at support@wealthsignal.com. You also have the right to lodge a complaint with your local supervisory authority.
12. Children's Privacy
WealthSignal is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 18, we will promptly delete that information and close the associated account. If you believe we have collected data from a minor, please contact us immediately at support@wealthsignal.com.
13. Contact Us
For questions, concerns, or requests regarding this Privacy Policy, contact us at:
WealthSignal
Email: support@wealthsignal.com
Subject line: "Privacy Request"
We will acknowledge your request within 5 business days and respond fully within 30 days.