Privacy Policy

Last updated: March 23, 2026

1. Overview

AlgoSurf ("we," "us," or "our") respects your privacy. This policy explains what data we collect, how we use it, and how we protect it when you use our algorithmic trading platform.

2. Information We Collect

Account Connection Data: When you connect your Alpaca brokerage account via OAuth, we receive and store:

  • OAuth access token (encrypted at rest)
  • Alpaca account identifier
  • Account type (live or paper)

Trading Data: During operation, we access in real-time but do not permanently store:

  • Account equity, cash, and buying power
  • Current positions and order history
  • Trade execution details for dashboard display

Usage Data: We may collect basic usage analytics such as page views and feature usage to improve the Service.

What We Do NOT Collect:

  • Your Alpaca username or password (OAuth tokens only)
  • Bank account or payment card information
  • Social Security numbers or government IDs
  • Personal financial information beyond what is displayed on the dashboard

3. How We Use Your Data

  • Trading Execution: OAuth tokens are used solely to execute trading strategy signals on your connected brokerage account
  • Dashboard Display: Account data is fetched in real-time to display your positions, equity, and performance on the dashboard
  • Service Operation: Account identifiers are used to manage your connection and trading session state

We do not sell, share, or transfer your data to third parties for marketing or any other purpose.

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest: OAuth tokens are encrypted using Fernet symmetric encryption before storage
  • Encryption in transit: All communications use HTTPS/TLS encryption
  • Minimal data retention: We store only the data necessary to operate the Service
  • Access control: Server infrastructure is secured with restricted access

5. Data Retention

OAuth tokens are stored for as long as your account is connected. When you disconnect your account:

  • Your OAuth token is immediately deleted from our database
  • No further access to your brokerage account is possible
  • Historical trading performance data may be retained in anonymized form

6. Third-Party Services

AlgoSurf integrates with:

  • Alpaca Markets: Brokerage services and market data. Your interaction with Alpaca is governed by Alpaca's privacy policy
  • Railway: Cloud hosting infrastructure

7. Your Rights

You have the right to:

  • Disconnect: Revoke access to your brokerage account at any time
  • Data deletion: Request deletion of all your data by disconnecting your account
  • Information: Request details about what data we store about you
  • Portability: Request a copy of your trading performance data

8. Cookies

We use minimal session cookies for authentication purposes only. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

AlgoSurf is not intended for use by individuals under 18 years of age. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the Service constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or data requests, contact us at privacy@algosurf.ai.