Privacy Policy

Last updated: April 25, 2026

1. Information We Collect

FinManager AI ("Atlas", "we", "us") collects the following categories of information:

• Account Information: Email address, display name, and authentication credentials when you create an account via OAuth (Google, Discord, or email).
• Subscription Data: Payment information processed securely through Stripe. We do not store credit card numbers.
• Strategy Content: Investment strategies, journal entries, and uploaded files that you create within the platform.
• Workflow Configuration: Scheduled AI workflows you create — the schedule (cron + timezone), the tools the AI is told to read, the plain-English instruction, the trigger shape (the symbols and conditions you allow it to act on), the broker account you point each workflow at, and a per-run log of the AI's reasoning, decision, and any trigger that fired. Public workflows you publish and workflows you import from other users follow the same rules; an imported workflow is a private copy under your account, paused, with no broker account selected until you choose one.
• Usage Data: Request counts, feature usage metrics, and timestamps for rate limiting and service improvement.
• Discord Integration: Discord username and numeric ID when you link your Discord account, used solely to identify you within the Atlas Discord bot.
• Brokerage Connection: Read-only brokerage account data accessed through SnapTrade. We do not store brokerage credentials, account numbers, or financial data on our servers.
• Personal Access Key: A randomly generated UUID tied to your account that authenticates requests to the Atlas REST / CLI API and the MCP endpoint. You can view and rotate this key at any time from the dashboard; rotation immediately invalidates the previous key.
• Trading Activity: Preview orders you create through the tools (symbol, side, quantity, order type, and trigger rule), trigger rules the AI registers on your behalf, and a record of orders you (or a workflow you authorized) explicitly place or cancel. We retain this as an audit trail of activity you initiated on the platform.
• Internal Identifiers: Every account, strategy, workflow, trigger, order, and broker connection is referenced by an internal UUID we generate. These IDs are internal references only — they are not your bank account number, your brokerage account number, your government ID, or any third-party identifier you would recognize, and they are not portable outside the Atlas platform. They exist so we can link rows together inside our own database; on their own they reveal nothing about you or your finances.

2. Information We Do NOT Collect

• We do not collect or store brokerage login credentials.
• We do not collect or store your bank account number, your brokerage account number, your social security number, or any government-issued identifier.
• We do not collect browsing history or track users across websites.
• We do not sell, rent, share for advertising, or trade your personal information to or with any third party. The third-party services listed in section 5 are sub-processors that we use to deliver the service to you, not buyers of your data.
• We do not store AI conversation logs permanently. Conversations are ephemeral and not retained after the session ends.
• We do not run cross-site advertising trackers, analytics fingerprinting, or behavioural profiling pixels.

3. How We Use Your Information

• Service Delivery: To authenticate you, manage your strategies and workflows, run scheduled workflows on your behalf when you have activated them, process requests, and deliver market data and analysis.
• Rate Limiting: To enforce subscription-based usage limits and prevent abuse.
• Communication: To send account-related notifications (password resets, subscription changes, optional Discord run notifications when you have linked Discord).
• Improvement: Anonymized, aggregated usage data to improve service quality.

4. Data Returned via AI Tools (MCP / REST API)

Atlas exposes the same tool surface through two authenticated transports: the MCP endpoint (used by Claude, ChatGPT, and other MCP-compatible clients) and the REST / CLI API at /api/v1/tools. Both require your Personal Access Key and follow the same privacy rules. Tool responses contain only the data necessary to fulfill your specific request. The following data types may be returned:

• Market data: Stock quotes, options chains, price history, chart images, financial metrics, analyst ratings, earnings data
• Strategy content: Your own strategy documents, journal entries, and file metadata (only yours, only upon request)
• Workflow content: Your own workflows — schedule, tools, instruction, trigger shape, broker account selection, run history, and AI reasoning per run (only yours, only upon request). Public workflows you discover or import return the publisher's display name and the workflow's shape — never the publisher's broker selection or run history.
• Portfolio data: Read-only brokerage holdings, balances, and transaction history (only when you explicitly request it via a connected brokerage)
• Trading activity: Preview orders, trigger rules, and placed-order summaries that you (or a workflow you activated) created on your own account. These reflect actions you initiated and are returned only when you list, preview, or act on them.
• Subscription status: Your current tier and remaining request count
• Marketplace strategies and workflows: Publicly shared titles, content previews, and import counts (no author personal data, no broker account information)

Tool responses do not include: internal user IDs, email addresses, authentication tokens, IP addresses, server infrastructure details, internal URLs, error stack traces, session identifiers, telemetry data, or any third-party personal data. All error messages returned to AI tools are generic and do not expose system internals.

Our tool instructions do not instruct AI assistants to bypass their safety guidelines or usage policies. Atlas tools provide data retrieval, visualization, and — when you explicitly authorize them — the ability to preview or place trades against a brokerage you have connected, or to schedule a workflow that you have configured and activated. They do not instruct the AI to make financial decisions on your behalf or override platform safeguards.

5. Third-Party Services

The following sub-processors help us deliver the service. We pass them only the data they need to perform their function and never permit them to use your data for their own marketing.

• Stripe: Payment processing. Subject to Stripe's Privacy Policy.
• SnapTrade: Brokerage account connectivity (read-only by default; trade placement only when you explicitly authorize an order or activate a workflow). Subject to SnapTrade's Privacy Policy.
• Discord: Optional bot integration for run notifications. We only store your Discord ID and username when you link the integration, and only use them to deliver messages you opted into.

6. Data Retention and Deletion

• Account data is retained while your account is active.
• You can delete your account at any time from the dashboard. This permanently removes all your data, strategies, workflows, workflow run history, journal entries, uploaded files, trading activity records, and your Personal Access Key.
• Individual workflows and strategies can be deleted at any time from the dashboard; deletion is immediate and includes any associated run history.
• Preview orders can be removed individually at any time via the corresponding tool; placed-order records are retained as an audit trail until account deletion.
• Rotating your Personal Access Key immediately invalidates the previous key; any client using the old key will be rejected.
• Stripe customer data is deleted upon account deletion.
• Aggregated, anonymized analytics data may be retained indefinitely.

7. Data Security

We implement industry-standard security measures including:

• OAuth 2.0 for authentication with PKCE flow
• HTTPS encryption for all data in transit
• Strict per-account access controls so users can only access their own data
• Encrypted file storage for strategy assets
• No storage of brokerage credentials (delegated to SnapTrade)
• Personal Access Keys are user-rotatable, scoped to a single account, and transmitted only over HTTPS as a bearer token. You are responsible for keeping the key secret; if you suspect it has been exposed, rotate it from the dashboard.

8. Your Rights

You have the right to:

• Access your personal data through the dashboard
• Export your strategies and workflows
• Delete your account and all associated data
• Pause, edit, or delete any workflow at any time, immediately stopping any further runs
• Rotate your Personal Access Key at any time to revoke existing API, CLI, or MCP sessions
• Disconnect third-party integrations (Discord, brokerage) at any time

9. AI Platform Integration Compliance

Atlas integrates with third-party AI platforms (OpenAI/ChatGPT, Anthropic/Claude) via the Model Context Protocol (MCP). In these integrations:

• No personal identifiers, session data, or telemetry are included in tool responses beyond what is required to fulfill the user's explicit request.
• Tool instructions comply with each AI platform's usage policies and do not contain language that could bypass platform safeguards.
• Authentication is handled via OAuth 2.0 — access tokens are never exposed in tool response content.
• All tool responses use generic error messages and do not expose internal system logs, file paths, or infrastructure details.
• User-specific data (strategies, workflows, portfolios) is only returned when the authenticated user explicitly requests it.
• Every tool advertises whether it is read-only, mutating, or destructive, and whether it reaches systems outside Atlas, so the AI client can prompt you for explicit confirmation before any side-effecting call.

10. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from minors.

11. Changes to This Policy

We may update this policy periodically. Material changes will be communicated through the platform. Continued use constitutes acceptance of the updated policy.

12. Contact

For privacy questions or data requests, contact us at accesspoint@finmanagerai.com.