Privacy Policy

Optimus Edge ("we," "us," or "our"), based in Israel, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Optimus Edge website, application, and related services (the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Service. This Privacy Policy should be read in conjunction with our Terms of Service.

1. Information We Collect

1.1 Account Information

When you create an account using Google Sign-In, we receive and store the following information from your Google account:

• Name
• Email address
• Google profile picture (if available)
• Google account identifier

1.2 Trading Data

When you use the Service, we may collect and process the following trading data that you provide:

• Trade records imported from Interactive Brokers (via XML upload or Flex Query API), including symbols, dates, quantities, prices, commissions, and realized P/L
• Trades entered manually through the Service
• Open positions and portfolio data
• Equity curve and cash transaction history
• Custom strategy tags and trade notes

1.3 IBKR Credentials

If you choose to use the IBKR API integration, we store:

• Your IBKR Flex Token
• Your IBKR Flex Query ID
• Your auto-sync preferences (frequency settings)

These credentials provide read-only access to your IBKR trade reports and are stored securely in our database with appropriate access controls.

1.4 AI Interaction Data

When you use AI-powered features, we collect:

• AI analysis requests and the trade data submitted for analysis
• Chart images uploaded for AI chart analysis
• AI-generated responses, feedback, and coaching results
• Usage counts for rate limiting (daily/weekly analysis limits)

1.5 Usage & Technical Data

We automatically collect certain technical information, including:

• Browser type and version
• Device type and operating system
• Pages visited and features used within the Service
• Timestamps of access and usage patterns
• IP address (for security and fraud prevention)
• Error logs and performance data

1.6 Profile & Preferences

We store your user-configured settings, including:

• Trading profile (timezone, trading style preferences)
• Display preferences and theme settings
• Chart and analytics preferences
• Notification and sync preferences

2. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, maintain, and operate the trading journal, analytics, cloud sync, and all related features
• AI Analysis: To process your trade data and chart images through AI models and deliver coaching, analysis, and insight features
• Account Management: To authenticate your identity, manage your subscription, and process billing
• Data Synchronization: To sync your trade data between devices via cloud storage (for paid subscribers)
• Service Improvement: To analyze usage patterns and improve the functionality, performance, and user experience of the Service
• Communication: To send you important service-related notifications, including subscription changes, security alerts, and Terms updates
• Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

We do not use your personal trade data for marketing purposes, sell it to advertisers, or share it with third parties for their own commercial use.

2.1 Legal Basis for Processing (EEA Users)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases as required by the General Data Protection Regulation (GDPR):

• Contract Performance (Article 6(1)(b)): Processing necessary to provide the Service you signed up for, including trade tracking, analytics, cloud sync, data export, and account management
• Legitimate Interest (Article 6(1)(f)): Processing for service improvement, security monitoring, fraud prevention, and technical troubleshooting, where our interests do not override your fundamental rights
• Consent (Article 6(1)(a)): Processing that requires your explicit opt-in, including AI-powered features (trade coaching, chart analysis, portfolio coaching) and marketing communications. You may withdraw consent at any time
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable tax, regulatory, or law enforcement requirements

3. Data Storage & Security

3.1 Where Data Is Stored

• Cloud Data (All tiers): Your trade data, account information, and AI analysis results are stored in secure cloud infrastructure provided by Supabase, which uses industry-standard encryption and access controls. This applies to all subscription tiers, including Basic (Free), to enable AI features and cross-device access

3.2 Security Measures

We implement appropriate technical and organizational security measures, including:

• Row Level Security (RLS):Database-level policies ensure that each user can only access their own data — no user can view, modify, or delete another user's records
• Encrypted Connections: All data transmitted between your browser and our servers is encrypted using TLS/SSL
• Secure Credential Handling: IBKR credentials are stored with restricted access — only server-side processes (Edge Functions) can access them, never client-side code
• Authentication Security:We use Google's secure identity services for authentication, with automatic session management and refresh
• Access Controls: Service role keys and administrative access are restricted to server-side functions only

While we implement strong security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

4. Third-Party Data Sharing

We share your information with third parties only in the following limited circumstances:

4.1 Service Providers

• Anthropic (Claude AI):When you use AI features, relevant trade data, portfolio data, or chart images are sent to Anthropic's API for processing. Anthropic processes this data according to their own privacy policy and data handling practices. We send only the minimum data necessary for each AI feature
• Google: For authentication purposes via Google Sign-In. Google receives standard authentication data per their privacy policy
• Supabase: Our cloud infrastructure provider that hosts and manages our database, authentication, and serverless functions
• Interactive Brokers: When you use the IBKR API integration, we communicate with IBKR servers using your provided credentials to retrieve your trade data

4.2 Other Disclosures

We may also share your information:

• When required by law, regulation, legal process, or governmental request
• To protect the rights, property, or safety of Optimus Edge, our users, or the public
• In connection with a merger, acquisition, reorganization, or sale of assets (in which case your data would remain subject to this Privacy Policy)
• With your explicit consent

5. Cookies & Local Storage

The Service uses the following browser storage mechanisms:

• Local Storage: We use browser localStorage to store your trade data, user preferences, theme settings, chart preferences, and session state. This data remains on your device and is not automatically transmitted to our servers (unless you have cloud sync enabled)
• Session Cookies: We use authentication cookies to maintain your login session. These are essential for the Service to function and cannot be disabled

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track you across other websites.

6. Data Retention

• Active Accounts: We retain your data for as long as your account is active and you continue to use the Service
• Cancelled Subscriptions: If you cancel a paid subscription but keep your account, your cloud-synced data is retained but not actively synced. Your account reverts to Basic (Free) tier functionality
• Account Deletion: Upon account deletion request, we will delete your personal data and trade data from our active systems within 30 days. Some data may be retained in backups for up to 90 days before being permanently purged
• Legal Retention: We may retain certain data for longer periods if required by applicable law, regulation, or to resolve disputes and enforce our Terms
• Aggregated Data: We may retain anonymized, aggregated data that cannot be linked back to any individual user for analytical and improvement purposes

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: You can request a copy of the personal data we hold about you
• Right to Correction: You can request correction of inaccurate or incomplete personal data
• Right to Deletion: You can request deletion of your personal data, subject to legal retention requirements
• Right to Data Portability:You can export your trade data using the Service's built-in export features at any time
• Right to Object: You can object to certain processing of your personal data
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time

Data Protection Contact

To exercise any of these rights or submit a data subject access request (DSAR), please contact our Data Protection Contact at: support@optimus-edge.com. Please include "Data Request" in the subject line. We will verify your identity and respond to valid requests within 30 days. If we need additional time, we will notify you of the extension and the reasons for the delay.

7.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

7.2 European Economic Area Residents (GDPR)

If you are located in the European Economic Area (EEA), your personal data is processed in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing are detailed in Section 2.1 above. In addition to the rights listed above, you have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.

8. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe that a child under 18 has provided us with personal information, please contact us at support@optimus-edge.com.

9. International Data Transfers

Your data may be processed and stored in countries outside your country of residence, including Israel and the United States, where our infrastructure providers operate. These countries may have different data protection laws than your jurisdiction.

When we transfer data internationally, we implement appropriate safeguards to ensure your data receives an adequate level of protection, including contractual protections with our service providers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you through the Service or via email for significant changes that affect how your data is handled
• Give you at least 14 days' notice before material changes take effect

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@optimus-edge.com

We aim to respond to all privacy-related inquiries within 30 days.