Account data: email address and a bcrypt hash of your password. Plan data: your current plan tier and Stripe customer ID. Usage data: watchlists, portfolios, alerts, journal entries, and alert history you create. We do not collect browser fingerprints, keystroke data, or any data beyond what you explicitly enter.
To operate the platform: authenticate you, run alerts, generate your morning brief, and process payments. To improve the product: aggregate, anonymized usage patterns (e.g., which features are used most). We do not sell your data to third parties. We do not use your data for advertising.
Stripe: processes payments. Receives your email and billing details. OpenAI: receives ticker symbols for AI research queries. No personal data is sent to OpenAI. Vercel: application hosting. MongoDB Atlas: database hosting. All processors are under data processing agreements.
Your data is retained while your account is active. Alert history is retained per your plan tier (7 days Free / 90 days Pro / 1 year Advanced / 3 years Master). If you delete your account, data is purged within 30 days. Backups are retained for 90 days.
You may: request a copy of all data we hold on you; request deletion of your account and associated data; correct inaccurate data by editing it in account settings. For export or deletion requests, email adelsherif8@gmail.com. We respond within 30 days.
We use one session cookie (tf-session) to authenticate your requests. It is HTTP-only, Secure, and SameSite=Lax. We do not use tracking cookies, analytics cookies, or third-party ad cookies.
See /security for full details. Summary: TLS in transit, AES-256 at rest, bcrypt passwords, HTTP-only cookies.
Thastock is not directed at users under 18. We do not knowingly collect data from minors.
We will notify you by email before material changes to this policy take effect.
Questions? adelsherif8@gmail.com