Privacy Policy — hedged
hedged ("the App", "we", "us") is an observational market structure data tool. This Privacy Policy explains what data we collect, why, how it is processed, and the rights you have over it.
1. Who we are
hedged — bundle identifier com.circuitbreaker.app. Contact: support@hedged.app.
2. Data we collect
| Category | Data | Purpose | Legal basis (GDPR) |
|---|---|---|---|
| Account | Email address, hashed auth credentials, OAuth identifiers (Google) | Authentication, sync across devices | Contract |
| Push | Expo push token, device platform | Deliver alert notifications (Pro) | Consent |
| Trading journal | Trades you import via CSV, derived analytics | Provide journaling/analytics features you request | Contract |
| Risk plan input | Free-text trading-plan notes you submit | Parse into structured daily risk rules | Consent |
| Subscription | RevenueCat app user ID, entitlement tier, expiry | Manage Free/Pro access | Contract |
| Diagnostics | Crash/error metadata (no user content) | Stability | Legitimate interest |
We do not collect or store brokerage credentials for the purpose of executing trades, and the App does not connect to or place orders with any broker.
3. How data is processed
- Authentication & storage: Supabase (Postgres + Auth). All rows are protected by Row-Level Security so a user can only read their own data.
- LLM processing: Trading-plan text and AI-interpreter requests are sent to our AI provider (OpenAI) solely to generate the requested structured output or educational interpretation. This content is transmitted over TLS. Plan text is treated as untrusted data and is never written to application logs, crash reporters, or analytics tools.
- Encryption in transit: All network traffic uses HTTPS/TLS.
4. Data sharing
We share data only with the sub-processors required to run the service: Supabase (hosting/auth/database), OpenAI (LLM processing), RevenueCat (subscription state), and Expo (push delivery). We do not sell personal data.
5. Your rights (GDPR / CCPA)
- Access / portability: request a copy of your data.
- Deletion: delete your account and all associated data at any time, in-app via Settings → Account → Delete account, or on the web at https://hedgedvol.com/account. This permanently erases your rows across all tables and removes your authentication record (irreversible).
- Do Not Sell / Share (CCPA): we do not sell or share personal information.
- Withdraw consent: disable push or stop submitting plan text at any time.
6. Children (COPPA)
hedged is not directed to children. The App is intended for users 18 years or older and is not intended for anyone under 13.
7. Data retention
Account and journal data is retained until you delete your account. Diagnostic metadata is retained on a rolling short-term basis.
8. Changes
We will update the "Last updated" date and, where required, notify users in-app.