Privacy Policy

The minimum we need to run the product:

• Account data — email, display name, and (when you sign in with OAuth) the public profile fields the provider returns (Google, GitHub).
• Usage events — pages visited, features used, credits consumed, and the IDs of objects you create (portfolios, backtests, alerts).
• Technical data — IP address, browser, OS, and the timestamps of requests, kept in server logs for security and debugging.
• Content you create — strategies, backtests, watchlists, alerts, portfolio positions, and chat messages with AI workspace agents.

• To run the product and the features you ask for.
• To enforce credit limits, rate limits, and abuse policies.
• To debug failures, prevent fraud, and respond to security incidents.
• To send transactional email (sign-in, password reset, billing receipts).
• To send product updates only if you have opted in. We do not sell or rent your data.

We share data with a small number of vendors who process it on our behalf:

• Resend — transactional email delivery.
• Google & GitHub OAuth — only if you choose to sign in with those providers.
• PostHog & Sentry — optional product analytics and error reporting. Opt-in via the cookie banner.
• Cloud infrastructure — our VPS and database providers, who store data at rest with disk-level encryption.

We do not share your content with AI providers without an explicit action on your part. When you run a workspace prompt, only the prompt and the context you select are sent to the model provider.

We set a small number of cookies. See the Cookies policy for the full list and how to opt out.

You can ask us to access, export, correct, or delete your data at any time. Self-service tools are in Settings · Danger:

• Export — download a JSON file containing your profile, content, credits ledger, and audit trail.
• Delete — schedule your account for deletion. See retention below.

EU/EEA and UK residents have additional rights under GDPR / UK GDPR (right to object, right to restrict processing, right to lodge a complaint with a supervisory authority). Email privacy@alphahubs.uk to exercise any of these.

When you request deletion, your account is suspended immediately and queued for hard deletion after a 30-day grace period. During the grace period you can email privacy@alphahubs.uk to cancel. After 30 days, your content, profile, and credentials are permanently removed. Anonymised aggregate metrics (e.g. “total backtests run in March”) are retained.

Server logs are retained for up to 90 days. Audit-log entries are retained for up to 24 months for security and compliance.

The Service is intended for users 18 years and older. We do not knowingly collect data from children. If you believe a child has created an account, email privacy@alphahubs.uk and we will remove the account.

AlphaHub is operated from Hong Kong with infrastructure in Singapore and the United States. By using the Service you consent to your data being transferred to and stored in these jurisdictions. We rely on Standard Contractual Clauses for transfers from the EU/EEA and UK where applicable.

Privacy questions: privacy@alphahubs.uk. Security disclosures: security@alphahubs.uk.