Legal

Privacy Policy

Last updated 2026-04-28

What we collect

• Account info — email address you sign up with. Optionally name and avatar from Google OAuth.
• Saved scenarios — the portfolios you build and save. Public scenarios are visible to anyone with the share link.
• Usage data — basic logs (IP, user agent, page paths) used for security, rate limiting, and aggregated analytics.

What we don't collect

• Real brokerage account credentials
• Payment card details (when payments launch, they are handled by Stripe)
• Cross-site tracking pixels or third-party advertising identifiers
• Device fingerprints beyond standard browser headers

How we use it

• To operate and improve the Service
• To send transactional emails (account confirmation, password reset)
• To prevent abuse and enforce our Terms

Third parties

We use the following third-party processors:

• Supabase — database, authentication, file storage
• Vercel — hosting, analytics
• Google — OAuth sign-in (only if you choose it)
• Resend — transactional email
• Stripe — payments (when paid plans launch)

Cookies

We use only essential cookies to keep you signed in. We do not use third-party tracking cookies.

Your rights

Depending on where you live, you may have rights under GDPR, CCPA, or similar laws including:

• Access — request a copy of your data
• Deletion — request we delete your data
• Correction — fix inaccurate data
• Portability — export your data

Email hello@diamondhands.space to exercise any of these.

Data retention

We retain account data while your account is active. Deleted accounts are purged within 30 days, except where law requires longer retention.

Security

We use industry-standard encryption (HTTPS) and managed services with security best practices. No system is perfectly secure; you use the Service at your own risk.

Changes

We may update this policy. Material changes will be announced via email or a banner on the site.

Contact

Questions? Email hello@diamondhands.space.