Privacy policy

Profiles are public unless you toggle them private in settings. Portfolios you mark as public are viewable by anyone, including via embed widgets, RSS feeds, and Open Graph cards. Profile visibility and per-portfolio visibility are independent toggles.

To run the service: authenticating you, rendering your portfolios, processing payments, sending you notifications you opted into, and improving the product. We do not sell your personal data. We do not rent it. We do not show ads.

We use third parties to run the service. The full list:

• Supabase — database + authentication
• Vercel — application hosting + cron + logs
• Polygon.io — market data lookups (we don't send them personal information)
• Stripe — payment processing for paid follows
• Cloudflare R2 — encrypted backups of the database
• SEC EDGAR — public 13F filing data (no personal data sent)

You can edit or delete your profile, portfolios, and trades from your account. You can request a full data export or full account deletion by emailing privacy@tradeandtell.com. We'll honor it within 30 days. EU / California / similar jurisdictions: you have the rights granted by your local law (access, rectification, erasure, portability, restriction, objection); the same email reaches us.

We use cookies to keep you logged in (an auth cookie set by Supabase) and to maintain your preferences. We don't set marketing or cross-site tracking cookies. If we ever do, we'll ask first.

The service isn't intended for users under 18. We don't knowingly collect data from children. If you believe we have, email us and we'll delete it.

Data is encrypted in transit (TLS) and at rest. Backups are encrypted off-site. We follow industry-standard practices but no system is perfectly secure. If you suspect a vulnerability, email security@tradeandtell.com.

We'll post the new version with a revised "Last updated" date. Material changes get an email or in-app notice.