Welcome to Optioneer.io ("we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.
By using Optioneer, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use our service.
1. Information We Collect
1.1. Information You Provide
Account Information: Email address, password (encrypted), and optional profile information (name, avatar)
Portfolio Data: Options positions you manually enter (ticker symbols, strike prices, dates, quantities, entry/exit prices)
Contact Information: Name and email when you contact us via our contact form
Payment Information (Future): When Premium features launch, payment data will be processed by Stripe (we do not store card details)
1.2. Information Automatically Collected
Usage Data: Pages visited, features used, time spent on the platform (via Google Analytics and DataFast)
Device Information: Browser type, operating system, IP address (anonymized)
Cookies: Essential cookies for authentication and optional analytics cookies (see Cookie Policy below)
1.3. Information from Third Parties
Google OAuth: If you sign in with Google, we receive your email, name, and profile picture from Google
Market Data: We fetch publicly available options market data (prices, Greeks) from third-party APIs (this data is not personal information)
2. How We Use Your Information
We use your information for the following purposes:
Provide the Service: Track and analyze your options portfolio, calculate P&L, fetch market data
Authentication: Secure login and session management via Supabase Auth
Communication: Respond to your support requests or feedback via email
Analytics: Understand how users interact with Optioneer to improve features and UX
Security: Detect and prevent fraud, abuse, and security incidents
Legal Compliance: Comply with legal obligations (e.g., GDPR, CCPA)
3. How We Share Your Information
We do not sell your personal information. We only share data with trusted third-party service providers:
Third-Party Services
Supabase (Database & Auth): Stores your account and portfolio data securely (encrypted at rest)
Railway (Hosting): Hosts our backend API infrastructure
Google Analytics: Tracks anonymous usage statistics (IP addresses anonymized)
DataFast Analytics: Privacy-friendly analytics for visitor patterns (no personal data collected)
Resend (Email): Sends transactional emails (password resets, contact form responses)
Market Data Services: Fetches public market data used to power pricing, analytics, and options-related features. No brokerage login credentials are shared with these services.
Legal Disclosures: We may disclose your information if required by law (e.g., court order, subpoena) or to protect our rights and safety.
4. Data Security
We implement industry-standard security measures to protect your data:
Encryption: Data encrypted in transit (HTTPS/TLS) and at rest (database encryption)
Password Security: Passwords hashed using bcrypt (we never store plaintext passwords)
Access Control: Strict authentication (JWT tokens) and authorization checks
Regular Audits: Security monitoring via Sentry error tracking
However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
5. Your Privacy Rights
Depending on your location, you may have the following rights:
GDPR Rights (EU/EEA)
Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your account and data
Data Portability: Export your data in CSV format (FREE for all users — your data is yours, anytime)
Objection: Object to processing for direct marketing or analytics
Withdrawal of Consent: Revoke consent for data processing at any time
CCPA Rights (California)
Know: What personal information we collect and how we use it
Delete: Request deletion of your personal information
Opt-Out: Opt-out of the "sale" of personal information (we do not sell data)
Non-Discrimination: We will not discriminate against you for exercising your rights
How to Exercise Your Rights: Email us at support@optioneer.io with your request. We will respond within 30 days.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide services. When you delete your account:
Your account and portfolio data are permanently deleted within 30 days
Some data may be retained for legal or security purposes (e.g., fraud prevention logs)
Anonymized analytics data may be retained indefinitely
7. Cookies Policy
We use the following types of cookies:
Essential Cookies (Required)
Authentication: Supabase session cookies to keep you logged in
Security: CSRF protection tokens
Analytics Cookies (Optional)
Google Analytics: Tracks page views, clicks, and user behavior (IP anonymized)
DataFast Analytics: Privacy-first analytics for general usage patterns
You can manage your cookie preferences at any time using the "Cookie Settings" link in the footer. Essential cookies are required for the service to function.
8. Children's Privacy
Optioneer is not intended for users under 18 years old. We do not knowingly collect data from children. If we discover that a child has provided personal information, we will delete it immediately.
9. International Data Transfers
Your data may be transferred to and processed in countries outside your own (e.g., USA for hosting). We ensure that appropriate safeguards are in place (e.g., standard contractual clauses, GDPR compliance).
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our website. Your continued use of Optioneer after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your rights, please contact us:
Note: This Privacy Policy is designed to comply with GDPR (EU), CCPA (California), and other major privacy laws. However, it is not a substitute for legal advice. For specific legal questions, please consult a privacy attorney.