This Privacy Policy explains what personal information Gamma Trade collects, how we use it, who we share it with, and the choices you have. It applies to https://gextrade.fyi and all related sub-domains, web apps, emails, and push notifications operated by Gamma Trade ("we", "us", "Gamma Trade").
If you have any questions, email support@gextrade.fyi.
1. Information We Collect
Information you provide
- Account data — email address, password hash (bcrypt), display name, and any optional profile fields you fill in.
- Billing data — when you subscribe to a paid plan, our payment processor (Stripe) collects payment-card details directly; we never see or store full card numbers. We retain the Stripe customer ID and the last 4 digits + brand of the card on file.
- Saved analyses, watchlists, alerts, and collar plans — content you create inside the app.
- Push subscription endpoints — if you opt-in to web push notifications.
- Optional financial-link consent — if you choose to link external accounts via Plaid (or another aggregator), Plaid collects bank-login credentials directly; we receive only the access token and metadata (account names, masked numbers, balances, transactions) you authorize.
Information we collect automatically
- Usage telemetry — pages viewed, features used, request IDs, error stack traces.
- Device data — IP address, user-agent, approximate geolocation derived from IP.
- Cookies & local storage — session tokens, UI preferences, anti-CSRF tokens. We do not use third-party advertising cookies.
Information from third parties
- Market data providers — Finnhub, yfinance, USASpending.gov. None of these providers receive your personal information.
- Identity / KYC — if we add identity-verification (e.g., for higher-tier accounts), the verifier receives only the data needed for the check.
2. How We Use Your Information
- Provide, secure, and improve the service.
- Send transactional emails (account, billing, alerts) via Resend.
- Compute personalized analytics (saved analyses, alerts, collar plans).
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations.
We do not sell your personal information. We do not use your data to train third-party machine-learning models.
3. Sub-processors
We share the minimum data needed with each sub-processor:
4. Data Sharing
- Service providers listed above, bound by data-processing agreements.
- Legal compliance — when required by subpoena, court order, or applicable law.
- Business transfers — if Gamma Trade is acquired or merges with another entity, your data may transfer subject to the same protections.
5. Data Retention
See our Data Retention & Deletion Policy for the full schedule. Summary: active-account data is retained for the life of the account + 90 days for backups; you can request deletion at any time.
6. Security
We follow the practices documented in our Information Security Policy including bcrypt-hashed passwords, TLS 1.2+ in transit, AES-256 at rest, least-privilege access, and continuous monitoring. No system can be 100% secure — please report vulnerabilities responsibly per our Vulnerability Disclosure Policy.
7. Your Rights & Choices
- Access — request a copy of your account data.
- Correction — update inaccuracies in your profile.
- Deletion — request erasure (subject to legal retention obligations).
- Portability — export your saved data as JSON.
- Withdraw consent — disconnect Plaid, unsubscribe from emails or push, or close your account anytime.
- California residents (CCPA) — you may also request the categories of data we collect/share and opt-out of any "sale" (we do not sell).
- EEA / UK residents (GDPR) — you may lodge a complaint with your local data-protection authority.
To exercise any of these rights, email support@gextrade.fyi. We respond within 30 days.
8. Children
Gamma Trade is not directed to children under 13. We do not knowingly collect data from anyone under 13.
9. International Transfers
Our systems are hosted in the United States. By using Gamma Trade you consent to data transfer to and processing in the US.
10. Changes to this Policy
We will update the "Last updated" date above and, for material changes, notify you by email or in-app banner at least 14 days before the change takes effect.