Privacy Policy
Swing Deck is a local-first trading dashboard. Your positions, P&L, broker API tokens, journal entries, and ticker lists are stored only on your machine — never on Swing Deck servers. AI surfaces are opt-in and use your own LLM provider key (BYOK); each AI call sends a small per-surface payload directly from your machine to your chosen provider, then is discarded. We do not proxy AI calls, we do not log prompts, and we do not store responses. See AI surfaces & data flow below for the exact payload per surface.
This policy explains what the cloud service does see and why, and what each AI surface sends to your chosen provider when you trigger it.
1. What we collect
The cloud API (api.swing-deck.com) receives only:
- Email address — used to send your license key, receipts, and subscription notices.
- License key — a random
SWING-XXXX-XXXX-XXXXstring. Used to look up your tier at startup. - Stripe customer ID — opaque token from Stripe. We cannot see your card details.
- Crash reports (optional) — if you enable auto-send, we receive: version string, operating system, and a scrubbed Python traceback. No filenames, no ticker symbols, no positions.
- Alert dispatch metadata — when the local app asks us to send you an email/push, we see: alert type (
stop_loss_breach,regime_change, etc.) and ticker symbol. We do not see share counts, prices, or account balances.
2. What we never collect
- Your portfolio holdings, share counts, or cost basis.
- Your broker API tokens (E*Trade, Tradier). These live in
.envon your machine only. - Real-time market quotes you pull. Polygon/Finnhub keys are yours.
- Your trading journal, notes, or P&L history.
- Browser fingerprints, tracking cookies, or analytics scripts on the dashboard itself.
3. AI surfaces & BYOK data flow
Swing Deck's per-ticker AI coaches (AI Thesis, Devil's Advocate, Pillar Coach, Exit Coach, Entry Coach, Position Audit, Catalyst Interpreter) are opt-in and use your own API key with Anthropic, OpenAI, or local Ollama. Swing Deck never sees your prompts, your responses, or any data you query through them. When you trigger an AI surface, the payload goes directly from your machine to your chosen provider's API. We don't proxy, we don't log, we don't store.
What each surface sends to your chosen provider:
| SURFACE | PAYLOAD |
|---|---|
| AI Thesis | ticker + score + state + active triggers + pillar violations + macro snapshot (VIX, oil, regime) + 30d primitive hit rate + your style preferences (length, focus weights, tone) |
| Devil's Advocate | same as AI Thesis (it argues the opposite of the framework's read using the same data) |
| Pillar Coach | ticker + score + state + active pillar violations + sleeve + recent triggers |
| Exit Coach | ticker + price + score + state + TP ladder + chandelier stop + which TP rung was hit (if any) |
| Entry Coach | ticker + score + state + entry-trigger setup type + check-pass count + earnings proximity + sleeve |
| Position Audit | ticker + score + state + your prior thesis history (this ticker only) + score timeline + your trade journal entries (this ticker only). Journal entries are POSTed to localhost only for prompt assembly — never persisted on any server. |
| Catalyst Interpreter | ticker + score + state + today's headline titles + publishers (already public information) |
What does NOT leave your machine, even when AI surfaces fire:
- Your full portfolio (only the queried ticker is sent)
- Account balance / total equity
- Broker API tokens (E*Trade, Tradier, etc.)
- Journal entries for tickers you're not currently asking about
- The local AI history log itself (
ai_thesis_log.jsonl) - Settings, preferences, license key
Local Ollama option: if you configure Ollama as your AI provider in Settings, every byte stays on your machine. No third party touches your data at all. Quality and speed trade-off for maximum privacy.
Your provider's policies apply. Each LLM provider has their own data-handling policies covering what they do with prompts you send them. Reference:
- Anthropic privacy policy — default AI Thesis provider
- OpenAI privacy policy
- Ollama — runs locally, no remote data flow
4. Third parties we share with
- Stripe — payment processing. Sees your card + billing address, never your trades. Their policy.
- Resend — transactional email (license delivery, receipts). Sees your email and the message body.
- ntfy.sh — push notifications. Topic is hashed from your email (
md5(email)[:10]) so the operator cannot trivially reverse-lookup you. - Supabase — our database host. Stores email + license rows. SOC 2 Type II certified.
- Railway — our API host. Sees request logs (IP, user-agent) for 7 days.
5. Data retention
License records are kept while your subscription is active and for 7 years after cancellation (tax-compliance requirement). Alert log entries are purged after 7 days. Crash reports are kept 30 days then auto-deleted.
6. Your rights
Email support@swing-deck.com to:
- Export your data (takes < 24h).
- Delete your account and all associated records. We'll confirm within 72 hours.
- Opt out of crash reports, marketing emails (transactional receipts always go out per Stripe's requirements).
7. Children
Swing Deck is for users 18+ only — you must be old enough to legally open a brokerage account.
8. Changes
We'll email you at least 30 days before any material change to this policy. If you disagree with a change, cancel any time for a prorated refund.
Contact
Privacy questions: privacy@swing-deck.com