AlphaHunterSign In

Privacy Policy

Effective date: May 1, 2025

1. Overview

AlphaHunter ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to that data when you use the AlphaHunter platform ("the Platform").

2. Information We Collect

2.1 Account Information

When you register, we collect your email address and an optional display name. If you register via Google OAuth, we receive your email address and display name from Google. We do not receive or store your Google password.

2.2 Portfolio Data

All portfolio positions, trades, cash deposits, and strategy settings that you enter into the Platform are stored in our database. This data is associated with your account and is not shared with any third party.

2.3 Configuration & Preferences

We store your application settings (theme preference, scanner parameters, notification preferences) to provide a consistent experience across sessions.

2.4 API Keys (Admin Accounts)

If you are an admin user, you may optionally provide third-party API keys (e.g., Gemini, Pushover). These are stored AES-encrypted in our database and are never transmitted to third parties except for the specific API calls they authorise.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate and manage your account
  • Store and display your portfolio positions, trades, and settings
  • Deliver trading signals and AI audit results relevant to your watchlist
  • Send optional push notifications about new signals (only if you enable this)
  • Improve the Platform and diagnose technical issues

We do not use your data for advertising, and we do not sell or rent your personal information to any third party.

4. Data Storage and Security

All data is stored in a Supabase (PostgreSQL) database hosted on secure cloud infrastructure. Access to the database is protected by:

  • Row-Level Security (RLS) policies — each user can only access their own data
  • Encrypted connections (TLS/HTTPS) for all data in transit
  • AES encryption for sensitive credentials stored at rest
  • Service-role keys with restricted access scoped to server-side operations only

While we take reasonable precautions to protect your data, no system is completely immune to security breaches. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorised access to your account.

5. Third-Party Services

The Platform integrates with the following third-party services:

Yahoo Finance

Used to fetch historical and live market price data. No personal data is sent to Yahoo Finance.

Google Gemini

Used to generate AI signal audit scores. We send signal data (ticker, indicator values, recent headlines) to the Gemini API. No personally identifiable information is included in these requests.

Pushover

Used to send push notifications. If you enable notifications, your Pushover User Key is stored encrypted and used solely to deliver alerts you have subscribed to.

Railway

Used to host the web application and background scanner. Processing occurs in Railway's infrastructure. See Railway's privacy policy for details on their data handling.

6. Cookies and Local Storage

The Platform uses browser local storage to persist your theme preference (alpha-theme). Supabase authentication uses a session cookie to keep you logged in across browser sessions. We do not use advertising cookies or third-party tracking pixels.

7. Data Retention

Your account data and portfolio records are retained for as long as your account is active. If you request account deletion, we will remove your personal information and portfolio data within a reasonable timeframe, subject to any legal retention obligations.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your account and associated data
  • Portability — request your data in a machine-readable format
  • Objection — object to certain processing of your data

To exercise any of these rights, please contact us through the settings page while signed in.

9. Children's Privacy

The Platform is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us and we will take steps to delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

11. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please reach out through the account settings page while signed in.