Privacy Policy

1. Information We Collect

Information You Provide

We collect information you provide directly, including: name, email address, account credentials, portfolio data, investment preferences, watchlists, brokerage account information, financial data you choose to import, communications with us, survey responses, and feedback.

Information Collected Automatically

When you use the Service, we automatically collect certain information, including: IP address, browser type and version, device identifiers, operating system, referring URLs, pages visited, time spent on pages, click patterns, search queries within the Service, feature usage data, and session duration.

Information from Third Parties

We may receive information about you from third-party sources, including: brokerage data accessed via SnapTrade or other authorized integrations (positions, balances, transactions, account details), analytics providers, and authentication providers.

2. Brokerage Data

When you connect a brokerage account through our integration partner, SnapTrade, we collect and process certain financial data to provide portfolio analysis features. This section describes how that data is handled.

What Brokerage Data We Collect

• Account metadata: brokerage name, account name, account type
• Holdings data: ticker symbols, number of shares, market values
• Transaction history: buys, sells, dividends, and other account activities
• An encrypted connection token used to refresh your data

We do not collect or store your brokerage login credentials (username, password), Social Security number, bank account numbers, or any information that could be used to execute trades or move funds.

How Brokerage Data Is Stored & Encrypted

All brokerage connection tokens are encrypted at rest using AES-256-GCM. Portfolio data (holdings, transactions) is stored in our Supabase-hosted PostgreSQL database and protected by Row-Level Security (RLS) policies that ensure only the authenticated account owner can access their records. All data in transit is encrypted via TLS 1.2+.

Read-Only Access

Brokerage connections are strictly read-only. Beyalan cannot execute trades, transfer funds, change account settings, or perform any action on your brokerage account. We import holdings and transaction history for analysis purposes only.

Retention & Deletion

Brokerage data is retained for as long as your connection is active. When you disconnect a brokerage account, we immediately revoke the access token with SnapTrade and delete all associated portfolio data (holdings, transactions, account metadata) from our servers. Manual portfolios you have created are not affected by disconnection.

Third-Party Data Processor: SnapTrade

Brokerage connections are facilitated by SnapTrade, a regulated financial data aggregator. SnapTrade is SOC 2 Type II compliant and uses bank-grade encryption to securely broker the connection between Beyalan and your brokerage. You authenticate directly with your brokerage through SnapTrade's secure OAuth portal. Beyalan never communicates directly with your brokerage — all data flows through SnapTrade's audited infrastructure. For more information, please refer to SnapTrade's own privacy policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide, maintain, operate, and improve the Service
• Process and complete transactions
• Send technical notices, updates, security alerts, and administrative messages
• Respond to comments, questions, and support requests
• Communicate about products, services, offers, promotions, and events offered by Beyalan and others
• Monitor and analyze trends, usage, and activities in connection with the Service
• Detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities
• Personalize and improve the Service, including providing content and features that match user profiles or interests
• Conduct research and analytics to understand how users interact with the Service, develop new products and features, and improve our offerings
• Create aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you, which we may use and share for any purpose
• Facilitate contests, sweepstakes, and promotions and process entries
• Carry out any other purpose described to you at the time information was collected

4. Sharing of Information

We may share information about you as follows or as otherwise described in this Privacy Policy:

• Service Providers: With third-party vendors, consultants, and service providers who need access to such information to perform services on our behalf, including hosting, analytics, email delivery, and customer support.
• Analytics Partners: With analytics companies to help us understand usage patterns and improve the Service.
• Business Transfers: In connection with, or during negotiations of, any merger, acquisition, financing, dissolution, transaction, or proceeding involving sale, transfer, or divestiture of all or a portion of our business or assets.
• Aggregated or De-Identified Data: We may share aggregated, de-identified, or anonymized information with third parties for any purpose, including marketing, research, and commercial purposes.
• Legal Compliance: When we believe in good faith that disclosure is required by law, regulation, subpoena, court order, or other legal process.
• Protection of Rights: When we believe disclosure is necessary to protect the rights, privacy, safety, or property of Beyalan, our users, or the public.
• With Your Consent: When you direct us to share information with third parties.

5. Cookies & Tracking Technologies

We and our third-party partners use cookies, pixel tags, web beacons, local storage, and similar technologies to collect information about your interactions with the Service. These technologies include:

• Essential Cookies: Required for the Service to function properly.
• Analytics Cookies: Help us understand how users interact with the Service (e.g., Google Analytics).
• Functional Cookies: Remember your preferences and settings.
• Marketing Cookies: Used to deliver relevant advertising and track campaign performance.

Third-party analytics and advertising partners may collect information about your online activities over time and across different websites and services. The Service does not respond to Do Not Track (“DNT”) browser signals.

6. Data Retention

We retain personal information for as long as your account is active, as needed to provide you with the Service, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. De-identified and aggregated data may be retained indefinitely. Usage data and analytics may be retained for up to five (5) years after account deletion for research, analytics, and service improvement purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access & Correction: You may access, correct, or update your personal information through your account settings or by contacting us.
• Deletion: You may request deletion of your personal information, subject to certain exceptions.
• Marketing Opt-Out: You may opt out of marketing communications by using the unsubscribe link in any marketing email.
• California Residents (CCPA): You have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. Beyalan does not sell personal information in the traditional sense; however, sharing data with certain analytics partners may constitute a “sale” under the CCPA.
• EEA Residents (GDPR): You have the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing.

To exercise any of these rights, please contact us at help@beyalan.com.

8. Security

We use reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, use, alteration, and disclosure. However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information.

9. Children’s Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the updated policy on the Service with a new “Last Updated” date. Your continued use of the Service after the posting of any changes constitutes your acceptance of the revised Privacy Policy.

11. Contact

If you have any questions about this Privacy Policy, please contact us at help@beyalan.com.