What we collect, and what we refuse to.
Data minimization is a design constraint here, not a settings page.
1.What we collect
Account basics (name, email, authentication method), your stated jurisdiction and suitability acknowledgments, your mandate configuration, your subscription and acknowledgment history, and the operational logs described in the regulatory note. If you enable SMS or push delivery, the necessary handles. That is the list.
2.What we deliberately don't
In Phase 1 we hold no brokerage credentials, no account numbers, no positions other than the paper book you build here, and no payment card data beyond our processor's tokens. The future execution phase would add brokerage links through an aggregator's OAuth — credentials would go to the aggregator, never to us, and tokens would be envelope-encrypted with keys we can rotate.
3.How it's used
To run the service: delivering signals under your mandate, enforcing eligibility, computing your paper portfolio, billing, and the audit log. We do not sell personal data, we do not share it with advertisers, and creators see aggregate subscriber analytics, never your identity or your mandate.
4.Retention and your rights
Account data is deleted or anonymized on request within 30 days, except records we are required to keep — the audit log retains events, not your marketing profile. You may export your mandate, feed history and paper portfolio at any time. GDPR and CCPA requests go to privacy@semanticsecurities.com and are honored regardless of jurisdiction.
5.Security
Passkeys first, TOTP fallback, mandatory MFA for creators and admins; sessions are short-lived with rotating refresh tokens; personal data is encrypted in transit and at rest; access is role-scoped and logged. A production launch would carry a SOC 2 roadmap; a prototype carries this sentence instead.