Privacy Policy
Effective April 12, 2026 · CRUCiBLE CAPiTAL SYSTEMS LLC · shawwe@alumni.vcu.edu
This Privacy Policy describes how CRUCiBLE Markets (“we,” “us,” or “our”), operated by CRUCiBLE CAPiTAL SYSTEMS LLC, collects, uses, and protects information when you use our quantitative trading platform. By creating an account or using the Service, you agree to the practices described here.
1. Information We Collect
Account Information
When you register, we collect your name, email address, and password (stored as a cryptographic hash). Google and GitHub sign-in options transfer your name, email, and profile photo from those providers.
Trading Strategy and Portfolio Data
We store the strategies, indicators, and backtest configurations you create on the platform. Backtest results — including performance metrics, trade logs, and equity curves — are stored under your account and visible only to you.
Broker Connection Credentials
If you connect an external broker account (Alpaca, Bitunix, Coinbase, etc.), we store your API key and secret in encrypted form using AES-256 encryption. These credentials are used solely to retrieve account data and, where authorized by you, execute trades. We never store withdrawal or transfer credentials.
Paper Trading and Portfolio Data
Simulated trade history, paper account balances, and portfolio positions are stored in your account. Live trading activity (Phase 3) is logged for your review and for risk management purposes.
Payment Information
Subscription billing is processed by Stripe. We do not store your full card number. Stripe provides us with a billing token and transaction summary.
Usage Data
We collect logs of features used, pages visited, and API calls made. This data is used to improve the platform, enforce tier limits, and diagnose issues.
2. How We Use Your Information
We use the information we collect to:
- Provide and operate the CRUCiBLE Markets platform, including charting, backtesting, paper trading, and (once released) live trading features
- Connect to your broker accounts and retrieve portfolio data as authorized
- Power AI-driven features, including the Risk Agent and strategy analysis tools
- Enforce tier-based access limits (Free / Pro / Elite / Enterprise)
- Send account alerts, billing notifications, and security warnings
- Respond to support requests
- Improve platform features through aggregate usage analysis
3. Data Sharing
We do not sell your personal data or trading strategies. We share data only as follows:
- Broker APIs: We communicate with your connected brokers using your encrypted credentials to retrieve data or place authorized orders.
- Market data providers: Yahoo Finance, Alpha Vantage, CoinGecko, and similar APIs are called to retrieve price and fundamental data. These are outbound requests and do not involve sharing your personal data.
- AI providers: Anthropic Claude is used for the Risk Agent's SWOT narrative generation. Only structured, non-personal market data is sent to generate these analyses.
- Infrastructure: Supabase (database and auth) and Stripe (billing) process data under confidentiality obligations.
- Legal requirements: We may disclose information when required by law or to protect our rights and the safety of our users.
4. Broker Connection Security
Broker connections are a planned roadmap feature and are not currently enabled. When released, broker API keys will be encrypted with AES-256 before storage. We will request read-only permissions by default; write permissions will only be enabled when you explicitly activate live trading. Every broker API call will be logged in an audit trail accessible to you. You will be able to revoke any broker connection instantly from your settings page. Connections will automatically expire after 90 days of inactivity.
5. Data Storage and Security
All data is stored in Supabase (PostgreSQL) with row-level security policies ensuring strict per-user data isolation. Broker keys are encrypted at the application layer before database storage. Passwords are hashed using bcrypt. All connections use TLS 1.3. We maintain audit logs for all sensitive operations, and conduct regular security reviews.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we remove your personal data and trading history within 30 days. Aggregate, anonymized performance data (no PII, no identifiable strategies) may be retained for platform analytics purposes.
7. Cookies
We use essential cookies for authentication session management. We do not use advertising cookies or behavioral tracking by third parties. Disabling cookies will prevent you from staying logged in.
8. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate account information
- Delete your account and all associated data
- Export your strategies, backtest results, and trade history
- Revoke any connected broker integration at any time
- Opt out of non-essential communications
To exercise these rights, contact us at shawwe@alumni.vcu.edu.
9. Children's Privacy
CRUCiBLE Markets is not intended for users under 18. Trading platforms involve financial risk and are not appropriate for minors. We do not knowingly collect information from anyone under 18.
10. Changes to This Policy
We may update this Privacy Policy as the platform evolves. We will notify users of material changes via email or an in-app notice. Continued use of CRUCiBLE Markets after changes are posted constitutes acceptance.