Privacy Policy

🔒

Data We Collect

Account info, paper trading activity, educational usage analytics, and cookies. No real broker connections or financial data.

🎯

How We Use It

To operate the educational platform, run paper trading simulations, improve our service, and communicate with you.

🤝

Data Sharing

We don't sell your data. We share with service providers, as required by law, and with Alpaca Securities LLC when brokerage features are enabled.

⚙️

Your Rights

Access, correct, delete, or export your data. CCPA and GDPR rights honored.

Overview
Data We Collect
Paper Trading Data
How We Use Data
Data Sharing
Cookies & Tracking
Data Security
Data Retention
Your Rights
CCPA (California)
GDPR (EU/UK)
Children's Privacy
Contact Us
Data Shared with Brokerage Partner
Financial Data Protection

1. Overview

WealthSignal ("we," "us," or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the WealthSignal platform and related services.

By using WealthSignal, you consent to the practices described in this Policy. If you do not agree with this Policy, please do not use our services.

2. Data We Collect

2.1 Information You Provide

Category	Examples	Purpose
Account Data	Email address, password (hashed), name	Authentication, account management
Profile Data	Investment knowledge level, learning preferences, paper trading settings	Personalization, educational content delivery
Billing Data	Payment method details (processed by Stripe), subscription history	Payment processing
Communications	Support tickets, feedback messages, emails; SMS phone number (if opted in for trade alerts or notifications)	Customer support, service improvement, transactional alerts

2.2 Automatically Collected Data

Usage Data: Pages visited, features used, session duration, click patterns
Device Data: IP address, browser type and version, operating system, device identifiers
Log Data: Server logs including access times, error logs, API calls
Performance Data: Platform performance metrics, error reports

2.3 Third-Party Sources

We may receive publicly available market data from financial data providers to power our educational content and paper trading simulations. We do not receive or store data from real brokerage accounts.

3. Paper Trading Data

WealthSignal's paper trading feature operates entirely with simulated funds. Paper trading does not connect to real brokerage accounts and does not collect, store, or process real broker credentials or real account data.

For paper trading, we store and process:

Simulated portfolio positions and holdings (not linked to any real brokerage)
Simulated order history and paper trade executions
Educational strategy configurations and parameters you set
Simulated performance metrics and analytics

                Paper trading data is educational and simulated only. No real broker API keys, no real account credentials, and no real financial data is collected or stored. All portfolio values reflect simulated funds — no real money is at risk.
            

Upcoming: Real-Money Trading via Alpaca Securities LLC. WealthSignal is developing optional real-money brokerage features powered by Alpaca Securities LLC. When these features are released, you will be asked to opt in separately and will be presented with additional disclosures. Real-money brokerage features require collection of sensitive personal and financial information (including SSN, bank account details, and trading activity) that is not collected for paper trading. See Section 14 (Data Shared with Brokerage Partner) for full details.

4. How We Use Your Data

We use your information for the following purposes:

Platform Operations: Account authentication, running paper trading simulations, displaying educational content and simulated portfolio data
Service Improvement: Analyzing usage patterns, identifying bugs, improving features and performance
Communications: Sending transaction confirmations, security alerts, product updates, and marketing communications (where permitted)
Compliance & Safety: Fraud detection, abuse prevention, compliance with legal obligations
Analytics: Understanding how users interact with the Platform to improve our products
Billing: Processing payments, managing subscriptions, resolving billing issues

We do not use your personal data to train general-purpose AI or machine learning models. We do not sell your personal data to third parties.

5. Data Sharing

5.1 Service Providers

We share data with trusted service providers who assist in operating the Platform:

Provider	Purpose	Data Shared
Stripe	Payment processing	Billing information (card number, billing address) — processed directly by Stripe, not stored by WealthSignal
Cloud infrastructure providers (Render, Neon)	Hosting & databases	All platform data (encrypted at rest)
Postmark (transactional email) — only when your account triggers email (e.g., signup confirmation, billing alerts, security notices)	Transactional and marketing emails	Email address, name, message content — only transmitted when a message is actually sent; no bulk data sharing
PostHog	Product analytics and session recording — helps us improve the Platform. All form inputs are masked. Only active when you consent to analytics cookies.	Anonymized usage data, session replays (inputs masked)
Meta (Facebook Pixel)	Advertising and conversion measurement — helps us understand which ads lead to signups. Only fires when you consent to analytics cookies.	Page view events, conversion events (email address hashed for matching, where provided and consented)
Google AdSense	Display advertising on Free and Beginner tier pages. Google may use cookies and your browsing data to serve relevant ads. Only shown to Free/Beginner tier users; disabled for paying subscribers. Only active when you consent to analytics cookies.	IP address, device identifiers, browsing behavior (via Google's cookies)

All service providers are contractually obligated to protect your data and use it only for the purposes specified.

5.2 Legal Requirements

We may disclose your information if required by law, court order, regulatory authority, or to protect the rights, property, or safety of WealthSignal, our users, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via email and/or prominent Platform notice before your data is transferred and becomes subject to a different privacy policy.

5.4 We Never Sell Your Data

WealthSignal does not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve the Platform. For detailed information on our cookie practices, please see our Cookie Policy.

In summary:

Essential cookies: Required for authentication and security — cannot be disabled
Analytics cookies: Help us understand Platform usage — can be disabled
Preference cookies: Remember your settings — can be disabled

7. Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit: All data transmitted between your browser and our servers uses TLS 1.2+
Encryption at rest: Sensitive data (including API credentials) is encrypted using AES-256-GCM
Access controls: Strict role-based access controls limit who can access user data internally
Security audits: Regular security reviews and vulnerability assessments
Password hashing: Passwords are never stored in plain text

Despite these measures, no security system is perfect. In the event of a data breach affecting your rights and freedoms, we will notify you as required by applicable law.

8. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

Data Type	Retention Period
Account data	Duration of account + 3 years after closure
Paper trading history (simulated)	Duration of account + 1 year after closure
Billing records	7 years (tax/accounting requirement)
Server logs	90 days
Analytics data	2 years (anonymized after 12 months)
Support communications	3 years after case closure
Brokerage account records (when applicable)	6 years after account closure (SEC Rule 17a-4 requirement)
KYC/AML records (when applicable)	5 years after account closure (FinCEN/BSA requirement)
Trade confirmations & order records (when applicable)	6 years (SEC Rule 17a-4 requirement)
Tax reporting records (Form 1099, etc.)	7 years (IRS requirement)

You may request earlier deletion of your personal data (see Your Rights below), subject to legal retention requirements.

Account Deletion & Data Purge. When you delete your WealthSignal account (or your account is terminated), your personal data — including your profile, simulated portfolio history, educational progress, and activity logs — is scheduled for permanent deletion within 30 days of the deletion date. After this 30-day retention window, data is irrecoverably purged from our systems. You may request expedited deletion within the 30-day window by emailing support@wealthsignal.net with the subject "Data Deletion Request." Note: certain data categories (billing records, server logs, brokerage records where applicable) follow the separate retention periods in the table above, as required by law.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data ("right to be forgotten")
Portability: Receive your data in a structured, machine-readable format
Objection: Object to certain uses of your data (e.g., marketing)
Restriction: Request that we restrict processing of your data in certain circumstances
Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise your rights, contact us at support@wealthsignal.net. We will respond within 30 days (45 days for complex requests). We may need to verify your identity before processing requests.

10. CCPA — California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you additional rights:

Know: Right to know what personal information we collect, use, disclose, and sell
Delete: Right to request deletion of your personal information
Opt-Out of Sale: Right to opt out of the sale or sharing of your personal information (we do not sell personal information)
Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
Correct: Right to correct inaccurate personal information
Limit Use of Sensitive PI: Right to limit use of sensitive personal information

To submit a CCPA request, email support@wealthsignal.net with "CCPA Request" in the subject line. We will respond within 45 days.

In the past 12 months, we have not sold or shared personal information as defined under the CCPA.

11. GDPR — EU/UK Residents

If you are located in the European Union, European Economic Area, or United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR applies to your data.

11.1 Legal Basis for Processing

Processing Activity	Legal Basis
Account creation and authentication	Contract performance
Running paper trading simulations and educational features	Contract performance
Billing and payments	Contract performance; legal obligation
Fraud prevention and security	Legitimate interests
Marketing communications	Consent
Analytics and improvement	Legitimate interests
Regulatory compliance	Legal obligation

11.2 International Transfers

Your data may be transferred to and processed in countries outside the EU/EEA/UK, including the United States. We ensure such transfers comply with GDPR through appropriate safeguards such as Standard Contractual Clauses (SCCs).

11.3 Data Protection Officer

For GDPR-related inquiries, contact us at support@wealthsignal.net. You also have the right to lodge a complaint with your local supervisory authority.

11.4 Controller / Processor Roles

WealthSignal operates in two distinct data protection roles depending on the type of user:

User Type	WealthSignal's Role	Explanation
Direct individual subscribers (Pro / Elite plan users who sign up on wealthsignal.net)	Data Controller	WealthSignal determines the purposes and means of processing your personal data. This Privacy Policy governs that processing.
End users of Business tier organizations (users whose accounts are managed by a company with a Starter, Growth, or Enterprise plan)	Data Processor	The Business tier organization (your employer, coach, or financial adviser) is the data controller. WealthSignal processes your data only on that organization's instructions, under the terms of the Data Processing Agreement. For privacy requests, contact your organization.

If you are an end user of a Business tier organization and wish to exercise your data subject rights (access, correction, deletion, portability, objection), you should contact your organization directly. WealthSignal will assist the organization in fulfilling your request in accordance with the Data Processing Agreement.

11.5 Business Tier Data Processing Agreement

Business tier customers (organizations on Starter, Growth, or Enterprise plans) are required to enter into a separate Data Processing Agreement (DPA) with WealthSignal. The DPA governs:

The controller/processor relationship between the organization and WealthSignal
Technical and organizational security measures
Sub-processor notifications and obligations
Data breach notification (72-hour GDPR requirement)
Data subject rights assistance procedures
International data transfer mechanisms (Standard Contractual Clauses)
Data retention and deletion upon termination

The DPA is accepted during Business tier signup and is incorporated by reference into the Terms of Service.

12. Children's Privacy

WealthSignal is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 18, we will promptly delete that information and close the associated account. If you believe we have collected data from a minor, please contact us immediately at support@wealthsignal.net.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy, contact us at:

WealthSignal
Address: Slidell, Louisiana
Email: support@wealthsignal.net
Subject line: "Privacy Request"

We will acknowledge your request within 5 business days and respond fully within 30 days.

14. Data Shared with Brokerage Partner

This section applies when you activate real-money trading features through WealthSignal's integration with Alpaca Securities LLC. Real-money trading features are optional and require a separate enrollment. Until you opt in, the data practices in this section do not apply to your account.

14.1 Why We Share Data with Alpaca

Opening and maintaining a brokerage account with Alpaca Securities LLC requires sharing certain personal and financial data. This data sharing is legally required to: (a) verify your identity and comply with Know Your Customer (KYC) rules under FINRA regulations; (b) screen your account against OFAC sanctions lists and conduct Anti-Money Laundering (AML) due diligence; (c) open your brokerage account and process your trades; and (d) generate required tax documents (Form 1099-B, etc.).

14.2 Categories of Data Shared

Data Category	Specific Data	Regulatory Basis
Identity	Full legal name, date of birth, SSN/Tax ID, government-issued ID	FINRA KYC / FinCEN AML
Contact	Email address, phone number, residential address	Account opening requirement
Financial profile	Employment, annual income, net worth, investment objectives, risk tolerance	FINRA suitability rules
Banking	Bank account & routing numbers (for ACH funding/withdrawal)	ACH payment processing
Trading activity	Orders, executions, positions, account balances, transaction history	Brokerage record-keeping (SEC 17a-4)
Tax reporting	Trade proceeds, cost basis, dividends received	IRS Form 1099 reporting

14.3 How Alpaca Uses Your Data

Alpaca Securities LLC uses your data solely to provide brokerage services, comply with regulatory obligations, and as otherwise described in Alpaca's Privacy Policy. Alpaca does not sell your personal information to third parties for marketing purposes. Review Alpaca's Privacy Policy at alpaca.markets/legal before enabling brokerage features.

14.4 Data Separation

WealthSignal maintains strict separation between your WealthSignal platform data (educational usage, paper trading, subscription) and your brokerage data (real-money trading, KYC). Your brokerage data is not used to personalize educational content recommendations or marketing communications without your explicit consent.

14.5 Withdrawal of Consent

You cannot opt out of data sharing with Alpaca while your brokerage account remains open, as this sharing is required by law and the brokerage agreement. To stop this data sharing, you must close your brokerage account with Alpaca. Closing your brokerage account does not affect your WealthSignal platform account. However, certain records (KYC, trade records) will be retained by Alpaca for the periods required by law even after account closure.

15. Financial Data Protection

WealthSignal applies heightened security measures to sensitive financial data. This section describes the specific protections applied to financial information when brokerage features are active.

15.1 Encryption of Sensitive Financial Data

The following financial data is encrypted both in transit and at rest using industry-standard encryption:

Social Security Numbers (SSN) and Tax IDs: Encrypted using AES-256-GCM. WealthSignal stores only an encrypted, tokenized reference — raw SSN values are transmitted directly to Alpaca over TLS 1.3 and are not retained in WealthSignal's primary database after initial submission.
Bank account and routing numbers: Encrypted at rest and in transit. WealthSignal stores only a tokenized reference after ACH enrollment — full account numbers are not retained.
Government-issued ID information: Encrypted at rest. ID document images, where collected, are processed for KYC verification and deleted from WealthSignal's systems after transmission to Alpaca.
Trading data and account balances: Transmitted over TLS 1.3. Real-time brokerage data is fetched on-demand from Alpaca and is not persistently stored on WealthSignal servers beyond what is necessary for display and analytics.

15.2 Access Controls

Access to financial data within WealthSignal's systems is restricted on a strict need-to-know basis:

No employee has routine access to raw SSNs, bank account numbers, or government IDs
All access to financial data systems is logged and audited
Production financial data is never used in development or testing environments
Multi-factor authentication is required for all internal access to systems containing financial data

15.3 Data Minimization

WealthSignal collects only the minimum financial data necessary to facilitate brokerage account opening and regulatory compliance. We do not collect or retain financial information beyond what Alpaca requires for KYC/AML purposes and what we need to display your account information to you.

15.4 Breach Notification

In the event of a security incident involving financial data, WealthSignal will:

Notify affected users within 72 hours of confirming the breach (as required by GDPR and applicable state laws)
Notify Alpaca Securities LLC promptly so they can take appropriate protective action on brokerage accounts
Report to applicable regulators as required by law
Provide you with clear information about what data was affected and recommended protective steps

15.5 Regulatory Compliance

WealthSignal's financial data practices are designed to comply with applicable data protection laws including: the Gramm-Leach-Bliley Act (GLBA) for financial data privacy; FinCEN AML/BSA requirements; SEC recordkeeping rules; GDPR and UK GDPR for EU/UK residents; and applicable U.S. state privacy laws including CCPA/CPRA.