Privacy Policy

Last updated: April 17, 2026

1. Information We Collect

When you create an account, we collect:

  • Username: used for authentication
  • Email address: used for account verification, email change confirmations, and account deletion confirmations
  • Password: stored securely using industry-standard hashing (never in plain text)

You may also save optional calculator defaults (bankroll, risk percentage, side preference, input mode) to your profile. Additional user preferences we store include your timezone (IANA timezone string) and an optional login reminder message you author, which is displayed to you upon login.

When you use the trade journal, we store:

  • Trade data: ticker symbol, shares, entry/exit prices, fees, dates, and win/loss outcome
  • Trade notes: text notes you attach to trades (up to 2000 characters each)
  • Trade images: screenshots or charts you upload (JPEG, PNG, WebP, max 5MB each)
  • Daily assessments: daily ratings, notes, P&L target tracking, and any AI-generated analysis text associated with your trades

You can export your trade data at any time as CSV or JSON from the Trades page.

2. How We Use Your Information

We use your personal information to:

  • Authenticate your account and maintain your session
  • Send transactional emails: account verification, email change verification, and account deletion confirmation
  • Save and restore your calculator defaults and layout preferences
  • Improve our service through analytics and usage patterns

3. Email Handling

We use a third-party email service (Resend) to deliver transactional emails. Emails are sent only when you:

  • Register a new account (verification link)
  • Request a password reset
  • Request an email address change (confirmation link)
  • Request account deletion (confirmation link)
  • Request a new verification email

We may also send you occasional emails about new features, updates, or other information related to RiskPicks. You can opt out of these marketing emails at any time from your profile settings. We will never sell, rent, or share your email address with third parties for their marketing purposes. Our emails may contain a small tracking pixel that records whether the email was opened. This helps us understand engagement and improve our communications. You can disable image loading in your email client to prevent this tracking.

4. Cookies, Sessions & Analytics

We use essential cookies (session and CSRF token) required for the application to function.

We also use Google Analytics to understand how our service is used. Analytics cookies are only loaded after you accept cookies via the consent banner. Google Analytics collects anonymous usage data such as pages visited, session duration, and general location. This data is not linked to your account. You can opt out by declining cookies or using a browser extension like Google Analytics Opt-out.

For free (non-subscribed) users, we display ads served by Google AdSense. Google and its advertising partners may use cookies to serve ads based on your prior visits to this site or other websites. You can opt out of personalized advertising by visiting Google Ads Settings. Paid subscribers do not see any ads.

We use localStorage to save your recent ticker searches and cookie consent preference on your device. This data stays in your browser and is never sent to our servers.

5. Data Sharing

We will never sell, rent, or share your personal information (email address, username, brokerage credentials) with third parties for their marketing purposes.

We may use, share, or sell anonymous, aggregated data that cannot be used to identify you. This includes aggregated trading statistics, usage patterns, and market research derived from our user base. This data contains no personal identifiers and cannot be traced back to any individual user.

6. Brokerage Integration

If you choose to connect a brokerage account, we use SnapTrade as a secure intermediary. SnapTrade provides read-only access to your trade history. We cannot place orders, move funds, or modify your brokerage account in any way. You can disconnect your brokerage at any time from your Settings page, which permanently removes all stored connection credentials.

What we store: Only basic trade execution data (ticker symbol, shares, prices, fees, and dates) imported from your brokerage. We do not store your brokerage account numbers, login credentials, holdings, balances, or any personal information from your brokerage. Your brokerage connection credentials are encrypted at rest.

7. Data Retention & Deletion

Your account data is retained as long as your account is active. You can permanently delete your account at any time from your Settings page. Upon deletion, all associated data (account details, saved defaults, layout preferences, trade journal, brokerage connections) is permanently removed from our systems.

8. Security

We take extensive measures to protect your information, including:

  • Passwords hashed with industry-standard algorithms (never stored in plain text)
  • HTTPS encryption for all data in transit
  • Encryption at rest for sensitive data (brokerage credentials, two-factor secrets)
  • Optional two-factor authentication (TOTP)
  • CSRF protection on all form submissions
  • Brute-force login protection with automatic account lockout
  • Web Application Firewall (WAF)
  • File upload validation to prevent malicious content
  • Security monitoring and logging

9. Third-Party Services

We use the following third-party services:

  • Stripe: payment processing and subscription billing (handles payment card data directly)
  • Resend: transactional email delivery
  • SnapTrade: secure, read-only brokerage data access (optional)
  • Google Analytics: anonymous usage analytics (loaded only with your consent)
  • Google AdSense: advertising for non-subscribed users (Google may use cookies for ad personalization)
  • Microsoft Clarity: anonymous session analytics and heatmaps to improve the user experience
  • Market data providers: stock quote and market data (no personal data is shared)
  • AI providers (Anthropic, OpenAI, Google, xAI, Perplexity): AI-powered trade analysis, sentiment research, and coaching features (see below)

10. AI Features

When you use AI features (AI Sentiment, AI Coach, Market Pulse), anonymous data is sent to our AI providers for analysis. We use multiple AI providers for reliability and may route requests to any of them.

Data sent to AI providers includes:

  • Trade symbols, entry/exit prices, and position sizes
  • Profit and loss figures and timestamps
  • Self-ratings, discipline tags, and trade notes
  • Publicly available market data (prices, volume, technicals)

Data NOT sent to AI providers:

  • Username, email address, or account ID
  • Password or brokerage credentials
  • Any other personal identifiers

Each AI provider's handling of data is governed by their own privacy policy. AI analysis results are stored in your account and are permanently deleted when you delete your account.

11. Your Privacy Rights (CCPA / California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

  • Right to Know: You may request that we disclose what personal information we collect, use, and share about you.
  • Right to Delete: You may request deletion of your personal information. You can delete your account from the Settings page, which permanently removes all your data.
  • Right to Opt-Out of Sale: We do not sell your personal information. We have never sold personal information and have no plans to do so.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
  • Right to Data Portability: You may export your data at any time from the Settings page.

To exercise any of these rights, use the self-service options in your account Settings or contact us via our Contact page. We will respond to verifiable requests within 45 days.

12. Other State Privacy Laws

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or another state with consumer data privacy legislation, you may have rights similar to those described under CCPA above, including the right to access, delete, and opt out of the sale of your personal information. We do not sell personal information and do not engage in targeted advertising based on personal data. To exercise any state privacy rights, use the self-service options in your account Settings or contact us via our Contact page.

13. Changes to This Policy

We may update this policy from time to time. Changes will be reflected by the "Last updated" date at the top of this page.

14. Contact

If you have questions about this privacy policy, please reach out via our Contact page.