J2D

Privacy Policy

Effective: 2026-05-24

1. Data We Collect

  • Account: email address, name, hashed password (bcrypt), MFA secret
  • Usage: login timestamps, last IP address
  • Connections: broker API keys and bank tokens (AES-128 encrypted at rest)
  • Research & Chat: your messages and AI responses
  • Trade audit: log of every order submitted via the platform
  • Strategy Automation: rule definitions and backtest parameters you configure

2. How We Use Your Data

To provide the platform, authenticate your identity, submit orders you direct through connected brokers, power AI research features (with PII filtering before transmission), maintain compliance audit logs, and operate Strategy Automation rules you define.

3. Third-Party AI Processors

Research chat messages and market/portfolio context are processed by:

We apply regex-based PII filters (email addresses, SSNs, card numbers, account numbers) before transmission. Financial position data (prices, P&L, quantities) is transmitted as it is core to the service.

4. Security

  • Database: PostgreSQL on private VPS infrastructure
  • Credentials: AES-128 Fernet encryption at rest
  • Passwords: bcrypt (rounds=12)
  • Transport: TLS 1.2+ enforced by Caddy
  • Authentication: JWT HS256, 24h expiry

5. Data Retention

Account data retained while your account is active. Trade audit logs retained 7 years for regulatory compliance. Upon account deletion: all PII deleted; audit logs anonymized.

6. Your Rights (GDPR / CCPA)

  • Deletion: Settings → Delete Account
  • Access / Portability / Correction: [email protected]

7. Cookies & Authentication

We use a single authentication cookie (j2d_token) to maintain your login session. This cookie is HttpOnly, Secure, and contains a signed JWT — it is not used for tracking or advertising. We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

8. Contact

[email protected] · [email protected]