Legal

Privacy Policy

Last updated: 12 June 2026

This policy explains what data StrategyNodes collects, why, who we share it with, and the choices you have. We aim to collect as little as we need to run the Service — and because strategy compute runs in your browser, a lot of your work never leaves your device.

What we collect
How we use it
Service providers we share with
On-device storage
AI features
Retention
Your rights
Security
International transfers
Children
Changes
Contact

1. What we collect

Account data — your email address and name/profile, handled through our authentication provider (Clerk) when you sign up or sign in.
Strategies & usage — the strategies you save to your account, plus product usage (features used, backtests/scores run) to operate and improve the Service. Guests who don’t sign in have their work stored only in their own browser (see §4).
Payment data — if you subscribe, billing is handled by Stripe. We receive your subscription status and limited details (e.g. plan, last 4 digits) but do not store your full card number.
Error & diagnostic telemetry — when something breaks in the app, we collect the error message, a stack trace, the page/route, your browser type (user-agent), and a short trail of recent in-app actions, so we can fix it. We don’t use this to track you across the web.
Logs & technical data — standard server logs including IP address and request metadata, used for security, rate limiting, and debugging.

2. How we use it

To provide the Service — authenticate you, save and run your strategies, process subscriptions.
To operate, secure, and improve the Service (debugging, performance, abuse prevention).
To communicate with you about your account or important changes to the Service.
To comply with legal obligations.

We do not sell your personal data.

3. Service providers we share with

We share data only with the providers needed to run the Service, each acting under their own terms:

Clerk — authentication and account management (email, profile, session).
Stripe — payment processing for subscriptions.
AI provider — when you use AI features, the relevant strategy details are sent to our AI provider to generate the analysis (see §5).
Market-data providers — we fetch market data from third-party feeds (e.g. for forex, stocks, crypto). This is us retrieving data for you; we don’t send them your personal data.
Hosting — our servers are hosted on a European cloud provider.

We may also disclose data if required by law or to protect the rights, safety, and security of our users and the Service.

4. On-device storage

The app stores your current strategy, preferences, and similar working state in your browser’s local storage so your work persists between visits and (for guests) without an account. This data lives on your device; clearing your browser storage removes it. We use the cookies/local storage strictly necessary to run the app and keep you signed in — we don’t use third-party advertising trackers.

5. AI features

AI features (strategy review, generation, natural-language editing, explanations) send the relevant parts of your strategy and results to our AI provider to produce a response. Don’t put confidential information you wouldn’t want processed by a third party into AI prompts. AI output is informational only and is not financial advice. You can avoid AI processing by not using the AI features (and the app provides an AI opt-out setting).

6. Retention

We keep account data and strategies for as long as your account is active. Diagnostic logs and error telemetry are kept for a limited period for debugging and security, then rotated. When you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must retain it to meet legal or accounting obligations.

7. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can manage your profile in the app, and you can request deletion of your account and data by contacting us. We’ll respond within the timeframe required by applicable law.

8. Security

We use technical and organisational measures to protect your data — encrypted transport (HTTPS), access controls, and reputable processors for sensitive functions (auth, payments). No system is perfectly secure, but we work to protect your information and to respond promptly to any incident.

9. International transfers

Our providers may process data in countries other than yours. Where required, we rely on appropriate safeguards for such transfers.

10. Children

The Service is not directed to anyone under 18, and we do not knowingly collect data from children.

11. Changes

We may update this policy. Material changes will be reflected in the “Last updated” date and, where appropriate, notified to you. Continued use after changes take effect means you accept the updated policy.

12. Contact

For privacy questions or requests, contact [email protected].