Legal
Privacy Policy
Last updated: May 3, 2026
1. What we collect
We collect three categories of data:
- Account data — email, hashed password, optional display name. Stripe customer ID for billing. Required for the service.
- Usage data — which tools you run, your inputs, our outputs. Stored against your account so you can see your history. Logged-in sessions only; anonymous Screener queries are not tied to any identity.
- Performance data (opt-in only) — if you turn on the AI Performance Analysis add-on and grant consent, we store your declared trades: ticker, market, setup, P&L, win/loss, dates, optional notes. Used to power your personal AI Analysis dashboard.
2. Consent — explicit, revocable
Performance data collection requires your explicit opt-in during onboarding. Default is OFF.If you don't opt in:
- The My Performance and AI Analysis tabs are disabled.
- No performance data is stored, processed, or shared.
- You can still use all the AI tools (Screener, Signals, Risk, Backtest, Custom).
You can revoke consent anytime in your account settings — all stored performance data is permanently deleted within 24 hours of revocation.
3. How AI processes your inputs
When you run a tool, your input is sent to our LLM provider (Anthropic) with a system prompt to generate the response. Anthropic processes the request under their zero-data-retention API terms — they do not train models on your inputs.
We store the input and output in your account history (visible in My Tools) so you can revisit past analyses. Free tier history is capped at 7 days.
4. Aggregated insights
For consenting users, we may compute aggregate, anonymized statistics across the community — e.g. average win rate of users who use a specific setup. These aggregates are never traceable back to individuals and contain no personally identifying information.
5. Third parties
- Stripe — payment processing only.
- Anthropic (Claude API) — LLM inference.
- Resend — transactional emails.
- Vercel — hosting & edge network.
- Neon (Postgres) — database.
We do not sell, rent, or share your data with advertisers, brokers, or any third party not listed above.
6. Data retention & deletion
Account data is kept until you delete your account. After deletion, all personal data — including analysis history and performance entries — is purged within 30 days. Aggregated, anonymized statistics may be retained.
To delete your account: email hello@getassistly.co.
7. Your rights
You can: request a copy of your data, correct inaccuracies, revoke consent, or request deletion. We respond to all requests within 30 days. EU/UK residents: you have GDPR rights. California residents: you have CCPA rights.
8. Security
Passwords are bcrypt-hashed. All traffic is HTTPS-encrypted. Database is access-controlled and encrypted at rest. We never log API keys or tokens.
9. Contact
Privacy questions or requests: hello@getassistly.co