Privacy Policy
Effective: April 1, 2026 · Last updated: June 18, 2026 (draft — pending counsel review)
This Privacy Policy describes how MarketIntell ("we," "us," or "our") collects, uses, and protects your information when you use our platform, API, and related services (the "Service"). We are committed to transparency about what we collect, including when you connect a broker or trading account.
Data Handling at a Glance
You send us three kinds of content: the queries you ask; if you use portfolio analysis, the portfolio data (holdings, sizes, entry prices) you submit; and, if you enable live trading, the broker connection data needed to place orders on your behalf. Here is exactly what happens to each — what we store, for how long, and who can see it.
| What you send | What we store | How long | Who sees it |
|---|---|---|---|
| Queries — the questions and prompts you ask | The query text, stored against your session | 90 days from last session activity, then deleted. Anonymized copies (no account link) may be kept to improve answer quality. | You, plus the AI providers (OpenAI / Anthropic) that process the query. Not sold, not used for ads, not shared with other users. |
| Portfolio data — holdings, position sizes, entry prices you submit for analysis | Stored only on the portfolio record you create, so analysis can re-run. This is separate from broker connections — it is data you type or paste, not pulled from a linked account. | Until you delete the portfolio or your account. Deleting a portfolio removes its holdings immediately. | You. Holdings are sent to the same AI providers only when you ask for analysis on them. Never sold or shared with other users. |
| Broker connections — credentials and wallet details you provide when linking a broker or exchange for live trading | Encrypted broker credentials (e.g. OAuth tokens, API keys), your configured withdrawal address for crypto-spot agent wallets, and the encrypted private key of the per-user agent wallet we generate at connect time. We use these only to place orders and manage funds within the connected account or agent wallet. | Until you revoke the connection or delete your account. | You and our infrastructure (decrypted only in memory to execute trades). Not sold, not used for ads, not shared with other users. Sent to the relevant broker or on-chain network when placing orders or withdrawals. |
The short version: your queries, portfolio data, and broker connection data are stored only to run the Service, are sent to our AI providers or connected brokers as needed for processing, and are never sold, never used for advertising, and never shared with other users. You can export or delete everything at any time (see Your Rights).
1. What We Collect
We collect the following information:
- Name — Required at signup. Used to identify your account.
- Email address — Optional. Used for account recovery only if provided.
- API key hash — A SHA-256 hash of your API key, used for authentication. We never store your plaintext API key.
- Query content — The questions and prompts you submit to the Service.
- Session data — Conversation sessions including queries and responses.
- Portfolio data — If you use portfolio analysis, the holdings, position sizes, and entry prices you submit. This is data you type in or paste; it is not pulled from a linked broker account.
- Broker connection credentials — If you connect a broker or exchange for live trading, we store the credentials required to act on your behalf: OAuth access and refresh tokens (e.g. Alpaca), API keys (e.g. Kraken, Coinbase), Hyperliquid master and agent wallet addresses with an encrypted agent private key, or for crypto-spot on Base, an encrypted agent-wallet private key plus your configured withdrawal address. Credentials are encrypted at rest; plaintext private keys are never returned after provisioning.
- Usage metrics — Query counts, timestamps, rate limit consumption, and general usage patterns.
2. Broker & Trading Connections
If you enable live trading, MarketIntell connects to your broker or exchange using credentials you authorize. Depending on the broker, this may include:
- OAuth tokens — For brokers that use OAuth (e.g. Alpaca), we store access and refresh tokens to place orders on your linked account.
- API keys — For brokers that use API-key auth (e.g. Kraken, Coinbase), we store the key pair you provide.
- Wallet addresses — For on-chain brokers we store addresses you provide or that we generate: your Hyperliquid master wallet address, the per-user agent wallet address, and for crypto-spot, your designated withdrawal address (where funds are sent when you withdraw from the agent wallet).
- Agent-wallet private keys — For Hyperliquid and crypto-spot, we generate a dedicated agent wallet at connect time. The private key is encrypted at rest on our servers and used only to sign trades within the scope you authorize. For crypto-spot, the agent wallet holds tokens you deposit; withdrawals go only to your configured withdrawal address.
Custodial boundary: For crypto-spot, tokens you deposit into the agent wallet are controlled by a private key we hold (encrypted at rest). This is distinct from your main wallet. You can withdraw to your configured address at any time via the Service. Counsel review is pending on the final regulatory characterization of this model.
3. How We Use Your Data
We use the information we collect to:
- Provide the Service — Process your queries, return results, and maintain your sessions.
- Improve quality — Analyze usage patterns and anonymized query data to improve AI response quality and platform reliability.
- Prevent abuse — Enforce rate limits, detect automated scraping, and prevent misuse of the Service.
We do not sell your personal data. We do not use your data for advertising.
4. Data Retention
- Sessions are retained for 90 days from last activity, then automatically deleted.
- Queries may be retained in anonymized form to improve AI response quality. Anonymized data has all personally identifiable information stripped.
- Account data (name, email hash, API key hash) is retained for the lifetime of your account.
- Broker connection data (encrypted credentials, withdrawal addresses, agent-wallet keys) is retained until you revoke the connection or delete your account.
- Usage metrics are retained in aggregate form indefinitely for service monitoring.
5. Third-Party Services
To provide the Service, we share data with the following third-party providers:
| Provider | Purpose |
|---|---|
| Fly.io | Infrastructure hosting and deployment |
| OpenAI / Anthropic | AI model processing. Your queries may be sent to these providers. |
| Market data providers | Price, volume, and order-book data |
| Derivatives data | Open interest, funding, options flow, liquidations |
| Fundamental data | Earnings, filings, insider activity |
| On-chain analytics | Wallet flows, holder cohorts, network usage |
| Connected brokers & exchanges | Order placement, account snapshots, and withdrawals when you use live trading (Alpaca, Hyperliquid, Kraken, Coinbase, crypto-spot on Base, etc.) |
Queries sent to AI providers: Your query content is sent to OpenAI and/or Anthropic for processing. These providers have their own data handling policies. We recommend reviewing their privacy policies for more details.
7. Your Rights
You have the right to:
- Request data export — Receive a copy of the data we hold about you.
- Request deletion — Ask us to delete your account and associated data.
- Revoke your API key — Immediately deactivate your API key, preventing further access.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
8. Security
We take the security of your data seriously. Our security measures include:
- API key hashing — Keys are stored as SHA-256 hashes. We never store plaintext keys.
- HTTPS only — All communication with the Service is encrypted in transit via TLS.
- Rate limiting — Protects the Service and your account from abuse and brute-force attacks.
- Credential encryption — Broker tokens, API keys, and agent-wallet private keys are encrypted at rest (AES-256-GCM). They are decrypted only in memory when needed to execute a trade or withdrawal.
- Minimal data collection — We collect only what is necessary to provide the Service.
No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
9. Children's Privacy
MarketIntell is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Your continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or your data, please contact us at:
See also: Terms of Service