Privacy Policy

1. Information We Collect

When you use QuantFlow, we may collect the following types of information:

• Account Information: Your name, email address, and password (stored as a secure hash).
• Authentication Data: Google OAuth identifiers if you sign in with Google, and two-factor authentication preferences.
• API Keys & Credentials: Brokerage API keys and secrets that you provide to connect your trading accounts. These are encrypted at rest using Fernet symmetric encryption with per-user salts.
• Trading Data: Records of trades, positions, and portfolio activity conducted through the Platform.
• Usage Data: Session information, IP addresses, browser user-agent strings, and login timestamps for security purposes.
• Preferences: Your risk tolerance setting and other configuration preferences.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Platform and its features.
• Authenticate your identity and secure your account.
• Connect to third-party brokerage APIs on your behalf using your provided credentials.
• Display your trading data, positions, and portfolio performance.
• Enforce our Terms of Service and protect against unauthorized access.

3. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Passwords are hashed using industry-standard algorithms (Werkzeug/PBKDF2).
• API keys and sensitive credentials are encrypted at rest using Fernet encryption with unique per-configuration salts.
• Sessions are managed with secure, randomly generated tokens.
• Two-factor authentication (TOTP and SMS) is available for additional account security.
• HTTPS encryption is used for all data in transit.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

4. Third-Party Services

QuantFlow integrates with third-party brokerage and data services including, but not limited to:

• Alpaca Markets (stock trading)
• Coinbase (cryptocurrency trading)
• Webull (stock trading)
• Interactive Brokers (multi-asset trading)
• Polygon.io (market data)
• Google (OAuth authentication)

When you connect your brokerage accounts, your API credentials are transmitted to these services to execute your requests. Each third-party service has its own privacy policy and terms of service. We encourage you to review their policies.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account information is retained until you request account deletion.
• Trading history is retained for the lifetime of your account for record-keeping purposes.
• Session data is automatically purged upon expiration.
• API keys can be removed at any time through your account settings.

6. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your account and associated data.
• API Key Removal: Remove or update your brokerage API keys at any time through the settings page.
• Data Export: Request an export of your trading history and account data.

7. Cookies and Local Storage

The Platform uses session cookies to maintain your authenticated session. We do not use third-party tracking cookies or analytics services. Local storage may be used to save non-sensitive user preferences.

8. Children's Privacy

QuantFlow is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are under 18, do not use the Platform or provide any personal information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting to the Platform. Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact the Platform administrator.

← Back to Registration