Privacy Policy

1. Overview

OpticAlpha ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. By using the Service, you agree to this policy.

2. Data We Collect

• Account data: Email address and name provided during Auth0 sign-up.
• Billing data: Payment method and billing address, processed and stored by Stripe. We do not store card details on our servers.
• Usage data: Pages visited, features used, and WebSocket session metadata for performance monitoring.
• Technical data: IP address, browser type, timezone, and device type for access control and analytics.

3. How We Use Your Data

• To authenticate your account and verify subscription status.
• To process payments and manage your subscription via Stripe.
• To send transactional emails (account verification, password reset, billing receipts) via Resend.
• To monitor service performance and diagnose technical issues.
• To comply with legal obligations.

4. Third-Party Services

We use the following third-party services that may process your data:

• Auth0 — authentication and identity management.
• Stripe — payment processing and subscription management.
• Resend — transactional email delivery.
• Google Analytics 4 (GA4) — anonymised usage analytics. No advertising features are enabled.
• Cloudflare — DNS, CDN, and DDoS protection.

Each provider operates under their own privacy policy. We only share the minimum data necessary for each service to function.

5. Data Retention

• Account data is retained for as long as your account is active.
• Billing records are retained as required by financial regulations.
• Usage logs are retained for up to 10 days before rotation.
• Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.

6. Cookies

We use essential cookies for authentication session management. We do not use advertising or tracking cookies. Google Analytics uses anonymised cookies for aggregate usage statistics.

7. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Object to or restrict processing of your data.
• Export your data in a portable format.

To exercise any of these rights, contact us at [email protected].

8. Data Security

We implement industry-standard security measures including HTTPS encryption, JWT-based authentication, and rate limiting. We do not store plaintext passwords or card numbers. However, no system is completely secure and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed at anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or in-app notice. Continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy questions or data requests, contact us at [email protected]. For terms of use, see our Terms of Service.