Privacy Policy
How EdrisFinance collects, uses, and protects your data.
EdrisFinance (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our platform.
1. Information We Collect
Account Information — Name, email address, and password (stored as a secure hash) provided during registration.
Trading Data — Trade history, portfolio data, CSV/XLSX imports, and any financial data you voluntarily upload.
Usage Data — IP address, browser type, pages visited, and interaction logs used to improve the platform.
Payment Data — Payment processing is handled exclusively by Stripe. We do not store credit card numbers on our servers.
Broker API Keys — When you enable live broker sync, the read-only API key and (where required) passphrase are stored encrypted at rest. Keys cannot place trades or move funds; they are used only to fetch your trade history.
2. How We Use Your Information
- To provide, maintain, and improve the Services
- To process payments and manage Ledger Pro subscriptions
- To send transactional emails (verification, password reset, invoices, weekly AI report)
- To respond to support requests and feedback board notifications
- To detect and prevent fraud or abuse
- To comply with legal obligations
3. Third-Party Services
We rely on a small set of vendors to deliver the platform. None of them receive your full trading dataset; each is scoped to the minimum data required for its purpose.
| Vendor | Purpose |
|---|---|
| Firebase / Google Cloud | Authentication, Firestore database, file storage, hosting infrastructure |
| Stripe | Payment processing and subscription lifecycle |
| Vercel | Application hosting and edge deployment |
| Resend | Transactional and notification emails |
| Anthropic (Claude) | AI Weekly Report generation — anonymised trade summaries only, no PII |
| PostHog | Anonymous usage analytics — never sold or shared |
| Sentry | Crash and error monitoring — IP and user agent collected, no trade data |
4. Data Security
We implement industry-standard security measures including encrypted connections (HTTPS/TLS), Firestore deny-by-default security rules, server-side authentication on every API endpoint, and encryption-at-rest for sensitive credentials. Two-factor authentication (TOTP) and Passkeys are available to further protect your account.
5. Data Retention
We retain your data for as long as your account is active. Upon account deletion, your personal data and trading data are permanently erased within 30 days. Anonymised, aggregated usage statistics may be retained indefinitely for product analytics.
6. Your Rights
- Access — request a copy of the data we hold about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your account and all associated data
- Portability — export your trading data at any time as CSV from the Ledger section
To exercise these rights, contact us at privacy@edrisfinance.com or through the contact form.
7. Cookies
We use essential cookies for authentication session management only. We do not use advertising or behavioural-tracking cookies. See our Cookie Policy for full details.
8. Children's Privacy
Our Services are not directed to individuals under 18. We do not knowingly collect personal information from minors.
9. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification. The “Last updated” date at the top of the page reflects the most recent revision.
10. Contact
For privacy-related questions, contact us at privacy@edrisfinance.com. For all other inquiries, use the contact form.