Privacy Policy

Last updated: April 13, 2026

1. Information We Collect

FinManager AI ("Atlas", "we", "us") collects the following categories of information:

• Account Information: Email address, display name, and authentication credentials when you create an account via OAuth (Google, Discord, or email).
• Subscription Data: Payment information processed securely through Stripe. We do not store credit card numbers.
• Strategy Content: Investment strategies, journal entries, and uploaded files that you create within the platform.
• Usage Data: Request counts, feature usage metrics, and timestamps for rate limiting and service improvement.
• Discord Integration: Discord username and numeric ID when you link your Discord account, used solely to identify you within the Atlas Discord bot.
• Brokerage Connection: Read-only brokerage account data accessed through SnapTrade. We do not store brokerage credentials, account numbers, or financial data on our servers.
• Personal Access Key: A randomly generated UUID tied to your account that authenticates requests to the Atlas REST / CLI API and the MCP endpoint. You can view and rotate this key at any time from the dashboard; rotation immediately invalidates the previous key.
• Trading Activity: Preview orders you create through the tools (symbol, side, quantity, order type, and trigger rule) and a record of orders you explicitly place or cancel. We retain this as an audit trail of activity you initiated on the platform.

2. Information We Do NOT Collect

• We do not collect or store brokerage login credentials.
• We do not collect browsing history or track users across websites.
• We do not sell, rent, or trade personal information to third parties.
• We do not store AI conversation logs permanently. Conversations are ephemeral and not retained after the session ends.

3. How We Use Your Information

• Service Delivery: To authenticate you, manage your strategies, process requests, and deliver market data and analysis.
• Rate Limiting: To enforce subscription-based usage limits and prevent abuse.
• Communication: To send account-related notifications (password resets, subscription changes).
• Improvement: Anonymized, aggregated usage data to improve service quality.

4. Data Returned via AI Tools (MCP / REST API)

Atlas exposes the same tool surface through two authenticated transports: the MCP endpoint (used by Claude, ChatGPT, and other MCP-compatible clients) and the REST / CLI API at /api/v1/tools. Both require your Personal Access Key and follow the same privacy rules. Tool responses contain only the data necessary to fulfill your specific request. The following data types may be returned:

• Market data: Stock quotes, options chains, price history, chart images, financial metrics, analyst ratings, earnings data
• Strategy content: Your own strategy documents, journal entries, and file metadata (only yours, only upon request)
• Portfolio data: Read-only brokerage holdings, balances, and transaction history (only when you explicitly request it via a connected brokerage)
• Trading activity: Preview orders and placed-order summaries that you created on your own account. These reflect actions you initiated and are returned only when you list, preview, or act on them.
• Subscription status: Your current tier and remaining request count
• Marketplace strategies: Publicly shared strategy titles, content previews, and revision info (no author personal data)

Tool responses do not include: internal user IDs, email addresses, authentication tokens, IP addresses, server infrastructure details, internal URLs, error stack traces, session identifiers, telemetry data, or any third-party personal data. All error messages returned to AI tools are generic and do not expose system internals.

Our tool instructions do not instruct AI assistants to bypass their safety guidelines or usage policies. Atlas tools provide data retrieval, visualization, and — when you explicitly authorize them — the ability to preview or place trades against a brokerage you have connected. They do not instruct the AI to make financial decisions on your behalf or override platform safeguards.

5. Third-Party Services

• Stripe: Payment processing. Subject to Stripe's Privacy Policy.
• SnapTrade: Brokerage account connectivity (read-only). Subject to SnapTrade's Privacy Policy.
• Supabase: Database hosting with row-level security. Data is encrypted at rest and in transit.
• Azure: File storage for strategy assets. Encrypted at rest.
• Discord: Bot integration for market analysis. We only store your Discord ID and username.

6. Data Retention and Deletion

• Account data is retained while your account is active.
• You can delete your account at any time from the dashboard. This permanently removes all your data, strategies, journal entries, uploaded files, trading activity records, and your Personal Access Key.
• Preview orders can be removed individually at any time via the corresponding tool; placed-order records are retained as an audit trail until account deletion.
• Rotating your Personal Access Key immediately invalidates the previous key; any client using the old key will be rejected.
• Stripe customer data is deleted upon account deletion.
• Aggregated, anonymized analytics data may be retained indefinitely.

7. Data Security

We implement industry-standard security measures including:

• OAuth 2.0 for authentication with PKCE flow
• HTTPS encryption for all data in transit
• Row-level security in our database (users can only access their own data)
• Encrypted file storage for strategy assets
• No storage of brokerage credentials (delegated to SnapTrade)
• Personal Access Keys are user-rotatable, scoped to a single account, and transmitted only over HTTPS as a bearer token. You are responsible for keeping the key secret; if you suspect it has been exposed, rotate it from the dashboard.

8. Your Rights

You have the right to:

• Access your personal data through the dashboard
• Export your strategies and data
• Delete your account and all associated data
• Rotate your Personal Access Key at any time to revoke existing API, CLI, or MCP sessions
• Disconnect third-party integrations (Discord, brokerage) at any time

9. AI Platform Integration Compliance

Atlas integrates with third-party AI platforms (OpenAI/ChatGPT, Anthropic/Claude) via the Model Context Protocol (MCP). In these integrations:

• No personal identifiers, session data, or telemetry are included in tool responses beyond what is required to fulfill the user's explicit request.
• Tool instructions comply with each AI platform's usage policies and do not contain language that could bypass platform safeguards.
• Authentication is handled via OAuth 2.0 — access tokens are never exposed in tool response content.
• All tool responses use generic error messages and do not expose internal system logs, file paths, or infrastructure details.
• User-specific data (strategies, portfolios) is only returned when the authenticated user explicitly requests it.

10. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from minors.

11. Changes to This Policy

We may update this policy periodically. Material changes will be communicated through the platform. Continued use constitutes acceptance of the updated policy.

12. Contact

For privacy questions or data requests, contact us at support@finmanagerai.com.