Privacy Policy
1. Who We Are
ClaudeTrading ("we", "us", "our") operates the copy-trading service available at this domain. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to it.
2. Data We Collect
| Data | Why we collect it | Retention |
|---|---|---|
| Email address | Account identification, transactional emails (subscription, password reset) | Until account deletion |
| Password (hashed) | Account authentication — stored as a bcrypt hash, never in plaintext | Until account deletion |
| Broker API credentials (Alpaca, Tradier, IBKR, or Robinhood) |
To place copy trades in your brokerage account — stored encrypted at rest (Fernet AES-128-CBC). We store only what is necessary for trade execution; no withdrawal or transfer permissions are required or used. | Until you remove them or delete your account |
| Subscription status & dates | Billing management and access control | Until account deletion |
| Stripe customer ID | Linking your account to your Stripe billing profile | Until account deletion |
| Copied trade records | Displaying your trade history in the account dashboard | Until account deletion |
We do not collect IP addresses for tracking purposes, and we do not use cookies beyond those strictly necessary for session authentication.
3. How We Use Your Data
- To authenticate you and manage your account
- To execute copy trades via your chosen broker's API (Alpaca, Tradier, IBKR, or Robinhood) on your behalf
- To process subscription payments via Stripe
- To send transactional emails (password reset, subscription receipts)
- To display your trade history and account status in the dashboard
We do not use your data for advertising, profiling, or sale to third parties.
4. Third-Party Services
We share limited data with the following processors to operate the Service:
- Stripe — payment processing. Your billing information is stored and processed by Stripe. See stripe.com/privacy.
- Alpaca Markets — trade execution (if you connect an Alpaca account). Your API keys are transmitted to Alpaca's API to place orders. See alpaca.markets/privacy.
- Tradier — trade execution (if you connect a Tradier account). Your access token is used to place orders via Tradier's API. See tradier.com/privacy.
- Interactive Brokers (IBKR) — trade execution (if you connect an IBKR account). Your account ID and API token are used to submit orders. See IBKR Privacy Policy.
- Robinhood — trade execution (if you connect a Robinhood account). Your credentials are used with Robinhood's unofficial API. Note: Robinhood does not offer an official third-party API; use is at your own risk.
- Anthropic — AI-assisted trade analysis. Market data only (no personal data) is sent to Claude's API for signal scoring.
5. Data Security
We take reasonable technical measures to protect your data:
- Passwords are hashed with bcrypt (never stored in plaintext)
- Broker API credentials (Alpaca, Tradier, IBKR, Robinhood) are encrypted at rest using Fernet (AES-128-CBC)
- All traffic is served over HTTPS
- The admin dashboard is protected by HTTP Basic Auth and is not publicly accessible
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
6. Your Rights (GDPR)
If you are located in the European Economic Area, you have the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your account and all associated data
- Portability — request your data in a machine-readable format
- Objection — object to processing based on legitimate interests
To exercise any of these rights, contact us via the account portal or at the email address associated with your account. We will respond within 30 days.
7. Data Retention
We retain your data for as long as your account is active. If you cancel your subscription and request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance reasons (e.g., billing records required by tax law).
8. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us and we will delete the account promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice in your account dashboard. The "Last updated" date at the top of this page reflects the most recent revision.
10. Contact
For privacy-related questions, data requests, or to request account deletion, please contact us via the account dashboard or at the email address associated with your account.