Privacy Policy

Effective: May 1, 2026

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a bcrypt hash). If you use Google OAuth, we receive your Google profile name and email.

Usage Data

We collect data about how you use the platform, including screening activity, portfolio operations, and feature usage. This helps us improve the product and enforce rate limits.

Payment Information

Payment processing is handled entirely by Stripe. We never store credit card numbers, bank accounts, or other payment credentials on our servers. We receive confirmation of payment status from Stripe to manage your subscription.

2. How We Use Your Information

• To provide and operate the Remora platform
• To manage your account and subscription
• To send transactional emails (welcome, password reset, trial expiry notifications)
• To send morning briefing notifications you have opted into
• To enforce usage limits and prevent abuse
• To improve platform performance and features

3. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Railway. All connections use TLS encryption. Passwords are hashed with bcrypt. JWT tokens expire after 60 minutes, and refresh tokens expire after 30 days.

API keys for MCP access are stored as salted SHA-256 hashes. The plaintext key is shown once at creation and never stored.

4. Third-Party Services

We use the following third-party services:

• Stripe — payment processing and subscription management
• SendGrid — transactional email delivery
• Polygon.io — market data (options chains, prices, Greeks)
• Google OAuth — optional sign-in method
• Railway — application hosting and database

Each service processes data according to their own privacy policies. We only share the minimum information required for each service to function.

5. Data Retention

Your account data, portfolios, and trade history are retained for as long as your account is active. After account deletion, data is removed within 30 days. Cancelled subscriptions retain data for 90 days before deletion.

6. Your Rights

• Access — You can view all your data through the platform at any time
• Export — Portfolio data can be exported via PDF reports
• Deletion — Contact us to request complete account and data deletion
• Correction — Update your profile information from the Account page

7. Cookies

We use localStorage for authentication tokens, theme preference, and report configuration. We do not use third-party tracking cookies or advertising pixels.

8. Changes to This Policy

We may update this policy as our service evolves. Material changes will be communicated via email to all registered users.

9. Contact

For privacy-related questions or data requests, contact us at support@heyremora.com.