← Warren Bot home

Privacy Policy

Draft — last updated: TBD by counsel

Draft for legal review only

This text is a non-binding placeholder prepared for product development. It is not legal advice and must be replaced or approved by qualified counsel before you rely on it with customers. Enforceability of any limitation of liability depends on jurisdiction, facts, and how disclosures are presented.

1. Who we are

This Privacy Policy describes how [insert legal entity name and address]collects, uses, discloses, and protects information when you use Warren Bot (the "Service"). This is a draft and must be adapted to your actual data practices and jurisdictions (including U.S. state privacy laws, GDPR if you have EU users, etc.).

2. Information we collect

  • Account data: email, password (stored using industry-standard hashing — describe your implementation accurately), and similar credentials you provide.
  • Brokerage connection data: when you connect Alpaca or another supported integration, we may store API keys or tokens you provide so the Service can act within the permissions you grant. Describe encryption, access controls, key rotation, and who can access this data after security review.
  • Trading and portfolio data: information returned from your brokerage or needed to display balances, positions, and order status.
  • Billing data: handled largely by payment processors (for example, Stripe); we may store limited billing metadata as described in your checkout flows.
  • Technical and usage data: logs, device/browser data, IP address, diagnostics — list what you actually collect.

3. How we use information

To provide, secure, and improve the Service; authenticate users; place or route orders as you direct; process payments; communicate service-related messages; detect fraud and abuse; comply with law; and enforce our agreements. Do not claim purposes you do not follow.

4. How we share information

We may share information with service providers who assist us (hosting, email, analytics, payment processing, brokerage APIs). Counsel should list categories and require contracts where required. We may disclose information if required by law or to protect rights, safety, and security.

5. Retention

Describe how long you retain brokerage credentials, logs, and account data after account closure or inactivity. Legal holds, audits, and regulatory requirements may extend retention.

6. Security

Summarize administrative, technical, and organizational measures truthfully. Avoid absolute promises ("unbreakable encryption"). Include guidance on user responsibilities (strong passwords, securing email access, revoking API keys).

7. Your choices and rights

Depending on location, users may have rights to access, delete, correct, or port data, and to opt out of certain processing. Add accurate instructions and any authorized agent process. Include a "Do Not Sell or Share" / CPRA section if applicable.

8. International transfers

If data is processed in countries other than the user's country, describe safeguards (SCCs, DPF, etc.) with counsel.

9. Children

The Service is not intended for children under the age required by law (often 13 or 16). Describe deletion procedures if you learn you collected child data.

10. Changes to this policy

Describe how you will notify users of material privacy changes and when the updated policy takes effect.

11. Contact

Privacy inquiries: support@hiwarrenbot.com.