← Back to StrikeIQ

Privacy Policy

Last updated: March 2026

1. Introduction

StrikeIQ ("we", "our", "us") is an options premium harvesting platform operated from the Republic of Singapore. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform.

We are committed to protecting your privacy and complying with applicable data protection laws, including the Personal Data Protection Act 2012 (PDPA) of Singapore, the General Data Protection Regulation (GDPR) for users in the European Economic Area, and the California Consumer Privacy Act (CCPA) for California residents.

2. Data We Collect

Account Information

  • Name, email address
  • Hashed password (we never store plaintext passwords)
  • Subscription tier and billing information (processed by Stripe)

Trading Data

  • Positions, strategies, and trade history you enter
  • Journal entries and notes
  • Alert preferences and settings

Uploaded Files

  • Screenshots and images you attach to help tickets (stored server-side; limited to PNG, JPEG, WebP, and GIF formats, maximum 5MB per file)
  • Broker portfolio files uploaded for reconciliation (processed in memory and not stored after processing)

Technical Data

  • Session tokens (for authentication)
  • Error reports (via Sentry, anonymized)
  • Basic usage patterns for service improvement

3. How We Use Your Data

  • Provide and operate the StrikeIQ platform
  • Process payments via Stripe
  • Send transactional emails (verification, password resets)
  • Generate trade recommendations and alerts
  • Process and respond to help tickets and support requests
  • Improve our platform and fix issues

We do not sell your personal data to third parties. We do not use your trading data for any purpose other than providing you with the StrikeIQ service.

4. Third-Party Services

We use the following third-party services to operate StrikeIQ:

  • Stripe — Payment processing. Stripe has its own privacy policy.
  • Polygon.io — Market data provider. We fetch stock prices and options data on your behalf. No personal data is shared with Polygon.
  • Resend — Email delivery for transactional emails.
  • Sentry — Error monitoring. Error reports are anonymized and contain no trading data.

5. Your Rights

Under the PDPA, GDPR, and similar regulations, you have the right to:

  • Access — Request a copy of all data we hold about you.
  • Portability — Export your data in a machine-readable format (JSON).
  • Erasure — Delete your account and all associated data permanently, including uploaded files.
  • Rectification — Update or correct your personal information.
  • Object — Opt out of non-essential data processing.
  • Withdrawal of Consent — Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

You can exercise these rights from your Account Settings page or by contacting us at privacy@strikeiq.com.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, all personal data, trading data, and uploaded files are permanently deleted within 30 days. Anonymized aggregate data (e.g., total user counts) may be retained.

7. Cookies

We use only essential cookies required for authentication and session management. If you consent to analytics, we may use additional cookies to understand usage patterns.

  • Essential — Session token (httpOnly, secure). Required for the platform to function.
  • Optional — Analytics cookies. Only set if you consent via the cookie banner.

8. Security

We protect your data using industry-standard security measures:

  • Passwords are hashed using bcrypt
  • All connections are encrypted via HTTPS/TLS
  • Session tokens are signed JWTs with expiration
  • Two-factor authentication (TOTP) is available
  • Database access is restricted and monitored
  • Uploaded files are validated for type and size, stored with randomized filenames, and access-controlled

9. Data Breach Notification

In the event of a data breach that affects your personal data, we will:

  • Notify the Personal Data Protection Commission (PDPC) of Singapore within 3 calendar days of becoming aware of a notifiable data breach, as required by the PDPA.
  • Notify affected users as soon as practicable, and no later than 3 calendar days after assessment, via email and/or in-app notification.
  • Provide details of the breach, the data affected, and the steps we are taking to mitigate the impact.
  • For users in the EEA, notify relevant supervisory authorities within 72 hours as required by the GDPR.

10. International Data Transfers

StrikeIQ is operated from Singapore. If you access our platform from outside Singapore, your data may be transferred to and processed in Singapore. By using StrikeIQ, you consent to such transfer. We ensure that any international transfer of personal data complies with applicable data protection laws and includes appropriate safeguards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. Continued use of StrikeIQ after changes constitutes acceptance of the updated policy.

12. Governing Law

This Privacy Policy is governed by the laws of the Republic of Singapore. Any disputes relating to this policy shall be subject to the exclusive jurisdiction of the courts of Singapore.

13. Contact

For privacy-related questions or to exercise your data rights, contact us at: privacy@strikeiq.com