Privacy Policy
Last updated: May 2, 2026
1. What we collect
When you create an account: your email address and password (password is hashed — we never see it).
When you use the permit form: the trade thesis text you type, ticker symbol, direction, setup type, and risk percentage. This is the core data the product runs on.
When you complete onboarding: your trading rules and preferences.
Automatically: page views and interaction events via PostHog analytics. This helps us understand which features are used. No personally identifiable information is included in analytics events.
2. How we use your data
Trade theses are sent to OpenAI's API to classify behavioral patterns (FOMO, revenge trading, overconfidence). OpenAI does not use API data to train its models under their current terms.
Your trade history is used to provide personalized AI coaching — the coach learns your patterns over time to give more specific feedback.
Your email is used only to send your account confirmation email and any critical security notices. We do not send marketing emails without explicit opt-in.
We do not sell your data to anyone. Ever.
3. Third parties
OpenAI (api.openai.com): receives your trade thesis text for AI classification. Governed by OpenAI's privacy policy and API data usage policy.
PostHog (posthog.com): receives anonymized behavioral analytics (page views, feature usage). No trade content or personally identifiable information is included.
Supabase (supabase.com): hosts our database and authentication. Your data is stored in their infrastructure. Governed by Supabase's privacy policy.
Vercel (vercel.com): hosts the application. Governed by Vercel's privacy policy.
No advertising networks. No data brokers. No other third parties.
4. Data storage and security
All data is stored in Supabase's PostgreSQL database with row-level security enforced — each user can only access their own data.
Trade thesis text is encrypted at rest using AES-256-GCM encryption before being stored in the database.
All traffic between you and QuantMaven is encrypted via HTTPS/TLS.
API keys and secrets are stored in environment variables and never committed to source code.
5. Your rights
You have the right to:
Download all your data: go to Settings → Download My Data. You will receive a JSON file with all your trades, rules, discipline scores, and account information.
Delete your account: go to Settings → Delete My Account. This permanently and immediately deletes all your data including trades, rules, discipline scores, and your account. This cannot be undone.
Correct your data: email us at privacy@quantmaven.ai and we will update any incorrect information.
Object to processing: email us at privacy@quantmaven.ai to request we stop processing your data.
If you are in the European Union, you have additional rights under GDPR including the right to lodge a complaint with your local data protection authority.
6. Data retention
We keep your data for as long as your account is active.
If you delete your account, all data is permanently deleted within 24 hours. There is no grace period — deletion is immediate.
Anonymized, aggregated analytics data (not linked to any individual) may be retained indefinitely for product improvement purposes.
7. Children
QuantMaven is not intended for users under the age of 18. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please email privacy@quantmaven.ai and we will delete it immediately.
8. Changes to this policy
We will notify you by email if we make material changes to this privacy policy. Continued use of the product after notification constitutes acceptance of the updated policy.
9. Contact
For any privacy questions or requests: privacy@quantmaven.ai
QuantMaven is operated by an individual founder. We take privacy seriously and will respond to all requests within 72 hours.