Privacy Policy
Last updated: April 2026
1. Information We Collect
We collect the following information when you use Tradewink: your Discord user ID and username; watchlist tickers and trading preferences you configure; encrypted brokerage API credentials (if you choose to connect a broker); trade history and portfolio data retrieved from your connected broker; usage data such as commands used and features accessed.
2. How We Use Your Information
Your information is used to: provide AI-powered market analysis and trade signals; execute trades on your behalf when autonomous trading is enabled; personalize your experience (watchlists, strategies, preferences); improve our AI models and service quality; send alerts and notifications via Discord. We do not use your individual trading data or portfolio information to train AI models. Aggregate, anonymized performance metrics may be used to improve system-wide strategy calibration.
3. Data Storage & Security
Brokerage API keys are encrypted at rest using Fernet symmetric encryption with PBKDF2-derived keys. Keys are never stored in plaintext and are decrypted only at the moment of broker API communication. Your data is stored in our database infrastructure with encrypted connections (TLS 1.2+). We maintain administrative, technical, and physical safeguards for customer records consistent with FINRA customer information protection standards (FINRA Notice 00-66). These include structured logging with API key sanitization, role-based access controls, and automated security monitoring.
4. Third-Party Services
We use the following third-party services to operate Tradewink: Anthropic (Claude AI) for market analysis — no personally identifiable financial data is shared with LLM providers; market data providers (Polygon.io, Finnhub, FRED, SEC EDGAR) for real-time and historical data; brokerage APIs to execute trades on your behalf; Discord for bot communication; Sentry for error tracking; PostHog for product analytics (page views, feature usage, performance metrics — no trading data or financial information is shared with PostHog); Clerk for authentication and user management.
5. Data Sharing
We do not sell, rent, or share your personal data with third parties for marketing purposes. Data is only shared with third-party services as described above, strictly for the purpose of operating the service. We do not share your data with non-affiliated third parties for their own purposes. If this ever changes, we will provide you with advance notice and the ability to opt out before any such sharing occurs, consistent with SEC Regulation S-P.
6. Trading Data Logging
When autonomous trading is enabled, Tradewink logs the following data for each trade: order submissions (ticker, side, quantity, price, order type); execution results (fill price, fill quantity, latency, slippage); position lifecycle events (entry, exit, stop adjustments); daily P&L, win/loss records, and strategy performance metrics; audit trail entries with timestamps. This data is used for performance tracking, risk monitoring, regulatory recordkeeping, and service improvement.
7. Data Retention
Your data is retained for as long as your account is active. Trade history and analytics data are retained to provide performance tracking and learning features. Certain regulatory records (trade execution logs, trade journal entries) are retained even after account deletion to comply with SEC Rule 17a-4 and FINRA Rule 4370 recordkeeping requirements. You may request deletion of non-regulatory data at any time by contacting us.
8. Data Breach Notification
In the event of a security incident that compromises your personal data or brokerage credentials, we will: (1) investigate and contain the breach within 24 hours of discovery; (2) notify affected users via email and Discord within 72 hours with details of what data was affected; (3) immediately invalidate and rotate any compromised encryption keys; (4) advise affected users to rotate their broker API keys as a precaution; (5) report the incident to relevant authorities as required by applicable law, including state breach notification statutes. We maintain security monitoring and logging to detect unauthorized access to encrypted credential stores.
9. Your Rights
You have the right to: access the data we hold about you; request correction of inaccurate data; request deletion of your data; revoke broker API access at any time by removing your keys; export your trade history and settings.
10. California Privacy Rights (CCPA)
If you are a California resident, you have the right under the California Consumer Privacy Act (CCPA) to: know what personal information we collect about you; request deletion of your personal information; opt out of the sale of your personal information (we do not sell personal data); not be discriminated against for exercising your privacy rights. To exercise these rights, contact us at [email protected] or via our Discord server.
11. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) including: the right to access, rectify, or erase your personal data; the right to restrict or object to processing; the right to data portability; the right to withdraw consent at any time. Our legal basis for processing your data is your consent (provided during onboarding) and legitimate interest in operating the service. To exercise these rights, contact [email protected].
12. Cookies & Tracking
The Tradewink web dashboard uses essential cookies for authentication and session management. We do not use third-party advertising trackers. Analytics are used solely for service improvement.
13. Children
Tradewink is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors.
14. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via Discord. Continued use of Tradewink after changes constitutes acceptance of the updated policy.
15. Contact
If you have questions about this privacy policy or your data, reach out via our Discord server or email [email protected].