← Trading Hub

Privacy Policy

What we collect, why, how long we keep it, and how to delete it.

Effective: 2026-04-26 · Version: 1.0
TL;DR: Trading Hub is a static-JS app. Your scores, watchlists, journal entries, and settings are stored in your browser (IndexedDB), not on our servers. There are no user accounts, no analytics tracking, no advertising tracking, no third-party trackers. The only network traffic is to public data feeds (you can see them in DevTools) and — when you explicitly invoke an AI feature — to Anthropic's Claude API via our serverless proxy.

1. What we collect

1a. In your browser (never sent to us)

DataWhereWhyRetention
Scores, factors, regime dataIndexedDB thv2-storeCaching for offline use + fast hot pathUntil you clear browser data
Watchlist, journal, settingslocalStoragePersist your preferences across sessionsUntil you clear browser data
Service-worker cacheCache StorageOffline shell + asset cachingReplaced on each cache-version bump

1b. Server-side (only when you make a request)

DataWhenWhyRetention
Request logs (IP, path, status, timing)Every requestVercel platform logs for debugging + abuse prevention30 days
AI prompts (input only)When you use /ask, /counter-thesis, /decision-replay, /daily-newsletterCost metering + abuse detection30 days, then aggregated
Usage meteringPer AI callStay under Anthropic budget; circuit-break per Bible §15.390 days for ledger; rolling 24h for circuit breaker

We do not store: your name, email, address, payment info, broker credentials, holdings details (unless you opt-in to journal them locally), or any data tied to a personal identifier. There are no cookies set by Trading Hub itself.

2. Third parties we contact

Visible in DevTools → Network panel. All public, all read-only:

3. What we do NOT do

4. Your rights (GDPR / CCPA / NY SHIELD)

Because there are no user accounts and no server-side personal data tied to you, most rights are exercisable directly:

5. Children

Not directed at children under 13. Per COPPA, we do not knowingly collect data from children. The Service has no signup flow, so no PII is collected from anyone — including children.

6. Security

See /.well-known/security.txt for the responsible-disclosure policy. Strict CSP, HSTS, X-Frame-Options DENY, X-Content-Type-Options nosniff, Referrer-Policy strict-origin-when-cross-origin enforced on every response.

7. Changes to this policy

Material changes announced 30 days in advance via /changelog. Versioned with effective date.

8. Contact

kadeem.yearwood@gmail.com

Last reviewed: 2026-04-26 · Per Bible §15.5 + §15.136 · Effective version: 1.0