Your data, not for sale.

HMM Trade, LLC (“we,” “us”) operates a software platform for automated trading. This Privacy Policy explains what personal data we collect when you use the Service, how we use it, who we share it with, how long we keep it, and the rights you have over it.

We do not sell personal data. We do not use your trading configurations or audit logs to train third-party machine- learning models. We collect the minimum data we need to run your bots, charge you, support you, and keep the Service secure.

Account data you provide directly: email address, optional display name, password (stored hashed via Supabase Auth — we never see plaintext), Google account ID if you sign in with Google.

Subscription data we receive from Stripe when you upgrade: a Stripe customer ID, your selected tier, billing cycle, current-period-end timestamp, and last-four digits + expiry of your card. We never see or store your full card number, CVC, or bank credentials — those live only in Stripe's vault.

Broker connection data when you connect a broker on a paid tier: a broker-issued account identifier (for display), a label you choose, and an OAuth refresh token or API key. Tokens are encrypted at rest using AES-256-GCM with a per-record data key wrapped by Cloud KMS — see Section 06.

Bot configuration and audit data: the YAML profile that defines your bot (universe, risk knobs, features, alerts), and a stream of events emitted by your bot (signals, orders submitted, fills, regime changes, errors, log lines). Free-tier bots stream this only to your local machine; paid hosted bots stream it to our database and surface it on the bot detail page.

Device and agent data for paired local agents: hostname, OS, agent version, last-heartbeat timestamp, and the IP address of paired requests.

Usage and diagnostic data automatically collected as you use the Service: page views, button clicks, referrer, browser user-agent, IP address, and error stack traces sent to our error-tracking provider.

We use personal data only for the purposes listed below:

• To provide the Service: authenticate sign-ins, run your bots, place orders against your Broker, persist your bot state, render your dashboard.
• To bill you: create and manage Stripe subscriptions, send invoices and renewal receipts, handle disputes and chargebacks.
• To support you: reply to email tickets, help you debug a misbehaving bot, recover an account.
• To keep the Service secure: detect anomalous activity, rate-limit abuse, investigate suspected fraud or terms breaches.
• To improve the Service: understand which features are used, measure performance, prioritize fixes. We use only aggregated or anonymised data for this purpose.
• To send you transactional and product messages: magic-link sign-in emails, security alerts, billing receipts, material changes to these policies. You can opt out of non-transactional emails at any time.
• To comply with law: respond to lawful requests from regulators or courts, enforce our Terms, protect our rights and property.

If you are in the European Economic Area or the United Kingdom, the GDPR/UK-GDPR requires us to identify a legal basis for each processing activity. Ours are:

• Performance of a contract for processing necessary to deliver the Service you have signed up for (Sections 02's account, broker, configuration, audit, and agent data).
• Legitimate interests for security, fraud-prevention, product analytics, and our internal administration. Our interests are tested against your rights and only used where they do not override yours.
• Consent for non-essential cookies and optional marketing emails. You can withdraw consent at any time without affecting prior processing.
• Legal obligation for tax-record retention and responses to lawful authority requests.

We share data only with the categories of recipients below, and only to the extent necessary for the purposes in Section 03:

• Infrastructure providers that host the Service: Supabase (managed Postgres + Auth, EU/US region), Vercel (Next.js hosting, US edge network), Fly.io (per-bot container hosting, configurable region), Cloudflare (CDN, DDoS protection).
• Cloud KMS for envelope encryption of broker tokens. We use Google Cloud KMS or AWS KMS depending on environment; the plaintext token is never sent to KMS, only the data key.
• Payment processor: Stripe handles all payments end-to-end and is the controller for full card data. We share with Stripe the email address, name, and country needed to create a customer record.
• Brokers and exchanges when you connect an account: we send the orders + queries your bot generates using your authorized credentials.
• Email and notification providers: Resend (transactional email) and any webhook target you configure (Discord, Slack, custom URL) for alerts you opt into.
• Error-tracking providers: Sentry, with scrubbing rules that redact email addresses and tokens from stack-trace payloads.
• Professional advisers (counsel, accountants, auditors) under confidentiality.
• Successors in connection with a merger, acquisition, or sale of assets, subject to confidentiality and continuity of this Privacy Policy.
• Authorities when we are legally compelled (subpoena, court order, regulator request) or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of users or the public.

We do not sell, rent, or trade personal data. We do not share personal data with advertising networks for targeting.

We design the Service to limit the blast radius of any single compromise:

• Encryption at rest: broker OAuth refresh tokens and API keys are encrypted with AES-256-GCM. Each ciphertext has a unique data key wrapped by Cloud KMS; decryption requires both database access and a live KMS call.
• Encryption in transit: all connections to the Service use TLS 1.2 or higher.
• Row-level security: our database enforces tenant isolation in Postgres so that a bug in application code is not sufficient to leak data across users.
• Least-privilege access: production credentials are issued to a small team, rotated on schedule, and audited via cloud-provider logs.
• Vulnerability management: dependencies are tracked for known CVEs and patched on a defined schedule. We accept responsible-disclosure reports at security@hmmtrade.com.

No system is perfectly secure. We cannot guarantee that unauthorized parties will never access your data. You play a role in this too — use a strong unique password, enable 2FA, and notify us immediately of any suspected compromise.

We retain personal data only as long as we need it:

• Account data: for as long as your account is active, plus thirty days after closure to allow recovery, then deleted unless law requires longer.
• Broker tokens: deleted within seven days of disconnection or account closure. Revoked tokens are never decrypted again.
• Bot audit events: retained per your subscription tier (7 days on Free, 90 days on Pro, 365 days on Live, custom on Enterprise). After the retention window events are permanently deleted.
• Billing records: retained for seven years after the last transaction to satisfy tax and accounting obligations.
• Server logs: retained for thirty days for operational and security purposes, then deleted.

We are based in the United States and our infrastructure is primarily US-based. If you are outside the United States, your personal data will be transferred to and processed in the US and other countries where our service providers operate. Where the GDPR applies, we rely on the European Commission's Standard Contractual Clauses (or equivalent UK / Swiss instruments) for these transfers and use providers that are certified under the EU-US Data Privacy Framework where available.

Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to processing based on legitimate interests. EU/UK users have these rights under the GDPR. California users have rights under the CCPA / CPRA. Other US-state laws (Virginia, Colorado, Connecticut, Utah, and others) provide similar rights.

You can exercise most rights directly:

• Access and portability: export your bot profiles and audit log from the dashboard at any time.
• Correction: update your account profile from Settings.
• Deletion: delete your account from Settings; this triggers the retention windows in Section 07.

For any other request, write to privacy@hmmtrade.com. We will verify your identity, respond within thirty days (extendable by an additional sixty days for complex requests), and not charge you unless your request is manifestly unfounded or excessive. You also have the right to lodge a complaint with your local data-protection authority — for the EU, find yours at edpb.europa.eu; for the UK, the Information Commissioner's Office at ico.org.uk.

We use a small number of cookies and local-storage entries:

• Authentication cookies (Supabase session tokens) — strictly necessary, required to keep you signed in.
• Preferences (theme, recently-used filters) stored in your browser's localStorage — strictly necessary for the dashboard to feel persistent.
• Analytics (page-view counts and performance metrics) — privacy-friendly and aggregated; we do not deploy third-party advertising trackers.

You can clear cookies via your browser. Clearing the authentication cookie will sign you out.

The Service is not directed at children under 18. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected data from a minor, contact privacy@hmmtrade.com and we will delete it promptly.

We may revise this Privacy Policy from time to time. If a revision materially changes how we use personal data we will notify you in-app or by email at least seven days before the change takes effect. The version date at the top of this document indicates when this Policy was last revised. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

Questions or requests under this Privacy Policy can be sent to privacy@hmmtrade.com. For security incidents please use security@hmmtrade.com for the fastest response.