Privacy Policy

Effective date: January 1, 2026 · Last updated: May 25, 2026

StratScribe AI ("we," "us," or "our") is incorporated under the laws of Ontario, Canada. This Privacy Policy explains what personal data we collect, how we use and protect it, and your rights with respect to it.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Scope and Applicability

This Policy applies to all users of StratScribe globally, including users in the European Economic Area (EEA), the United Kingdom, Canada, the United States, and all other jurisdictions. Where applicable law imposes additional requirements, we comply with those requirements as described below.

2. Data Controller

StratScribe AI
Email: hello@stratscribe.com
Canada

3. Data We Collect

3.1 Account Data

Email address and hashed password, stored via Supabase Auth. Account creation date and subscription plan.

3.2 Strategy Data

Trading strategy descriptions you enter, generated code, backtest results, and version history. Stored in your account only and not shared with other users.

3.3 Broker Credentials

API keys and tokens you provide to connect third-party broker accounts. Stored encrypted at rest using AES-256 encryption. Never stored in plaintext. Never logged in application logs. Access is restricted to the automated execution service only.

3.4 Usage Data

Anonymised, aggregate usage events (page views, feature interactions) collected via Plausible Analytics. Plausible operates without cookies and without collecting personally identifiable information. No cross-site tracking occurs.

3.5 Payment Data

Payment processing is handled entirely by Stripe, Inc. We do not store, log, or transmit card numbers, bank account details, or other payment credentials. Stripe's collection and use of payment data is governed by Stripe's Privacy Policy.

3.6 Communications Data

If you contact us by email or through support channels, we retain those communications for the purpose of resolving your inquiry.

3.7 Data We Do Not Collect

We do not collect sensitive personal data such as government ID numbers, biometric data, health information, or precise geolocation. We do not use tracking cookies, third-party advertising pixels, or cross-site tracking technologies.

4. How We Use Your Data

We use your personal data only for the following purposes and legal bases:

PurposeLegal Basis
Providing the strategy generation, validation, and backtesting servicePerformance of contract
Sending transactional emails (trial reminders, billing notices, account alerts) via ResendPerformance of contract
Processing payments via StripePerformance of contract
Improving the product based on anonymised, aggregated usage patternsLegitimate interests
Responding to support requestsLegitimate interests / Performance of contract
Complying with applicable legal obligationsLegal obligation

We do not sell your personal data. We do not use your strategy descriptions or generated code to train AI models. We do not use your data for advertising or marketing purposes beyond transactional communications related to your account.

5. Third-Party Data Processors

We share data with the following sub-processors solely to the extent necessary to provide the Service:

ProcessorPurposeLocationCompliance
Supabase, Inc.Authentication and database hostingUnited StatesSOC 2 Type II
Stripe, Inc.Payment processingUnited StatesPCI DSS Level 1
Resend, Inc.Transactional email deliveryUnited States
Anthropic, PBCAI code generation (strategy descriptions are sent to Anthropic's API)United StatesAnthropic Privacy Policy
Plausible AnalyticsPrivacy-first usage analyticsEuropean UnionGDPR compliant

Important note regarding Anthropic: When you submit a strategy description, that description is transmitted to Anthropic's API to generate code. Your strategy descriptions are processed by Anthropic subject to Anthropic's API data usage policies, which currently state that API inputs are not used to train models. You should review Anthropic's Privacy Policy at anthropic.com/privacy before submitting confidential or proprietary trading logic.

We do not permit any sub-processor to use your personal data for their own purposes beyond providing services to us.

6. International Data Transfers

We are based in Canada, which the European Commission has recognized as providing an adequate level of data protection for purposes of GDPR. Where we transfer data to processors located in the United States or other jurisdictions, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) or the processor's adherence to an approved certification framework.

7. Data Retention

8. Data Security

We implement the following technical and organisational measures to protect your personal data:

No method of transmission or storage is completely secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and, where required, relevant supervisory authorities, within the timeframes required by applicable law (72 hours under GDPR; as required under applicable Canadian and US state breach notification laws).

9. Cookies

We do not use tracking cookies or advertising cookies. We may use strictly necessary session cookies for authentication purposes only. These cookies are essential to the operation of the Service and cannot be disabled. For full details, see our Cookie Policy.

10. Your Rights

All users:

EEA and UK users (GDPR / UK GDPR):

California residents (CCPA / CPRA):

Canadian residents (PIPEDA / Law 25):

To exercise any of these rights, email hello@stratscribe.com. We will respond within 30 days (or within the shorter period required by applicable law). We may need to verify your identity before processing your request.

11. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy. If you do not agree, you may cancel your account before the effective date.

13. Contact and Complaints

Privacy inquiries:
hello@stratscribe.com
StratScribe AI, Canada

If you are located in the EEA or UK and are not satisfied with our response to a privacy complaint, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ico.org.uk). In Canada, this is the Office of the Privacy Commissioner (priv.gc.ca).