Privacy policy

Last update: May 1, 2026

1. Founding principle: 0 data collected by Alpha

Alpha Terminal is a 100% client-side app. This means your data (API keys, holdings, analyses, notes, transcripts, budget) never leaves your browser. We operate no server that receives, stores, or processes your data.

Open verification: open your browser's DevTools (F12) → Network tab. During use, you only see calls to AI provider APIs (api.anthropic.com, api.openai.com, etc.) and financial data providers (FMP, Polygon, etc.). No call to an alpha-terminal.app domain to transfer data.

2. You bring your own AI key (BYOK — Bring Your Own Key)

In practice: you create an account at Anthropic, OpenAI, Google or another AI provider, you generate an API key there, and you paste it into Alpha. The key is encrypted locally (AES-GCM 256-bit + PBKDF2 100,000-iteration SHA-256 derivation) with a password only you know. The encrypted vault is stored in your browser's localStorage. Without your password, no one can decrypt your key — not even us.

3. Local storage only

• localStorage: preferences, encrypted API keys vault, user tags (language, theme, watchlist).
• IndexedDB: saved analyses, wealth holdings, watchpoints, transcripts, knowledge base, historical snapshots.
• Service Worker: cache of static assets (HTML, CSS, JS, images) for offline use. No API call caching.

4. Cookies

No tracking cookies, no ad cookies, no third-party cookies. No server analytics (Google Analytics, Plausible, etc.) — so no consent banner required. The only technical "trace": the Service Worker registered by your browser (essential for offline operation).

5. Your GDPR rights

Since we collect or store no personal data about you server-side, classical GDPR rights (access, rectification, erasure, portability) do not apply in the usual sense: you already have 100% control of your data, locally.

• Erasure: Settings → "Wipe all local data" + uninstall the PWA app.
• Portability: Settings → Full export (JSON) of all your data for re-import on another device.
• Rectification: directly from the app, Wealth / Knowledge Base / Settings modules.

6. Data sent to AI providers (you bring your key)

When you launch an analysis, the content (prompt + module data) is sent directly to the API of the AI provider you chose (Anthropic, OpenAI, Google, etc.). Each provider has its own privacy policy — refer to their documentation. Alpha is not an intermediary in this flow.

7. Premium account (optional) — data collected by Supabase

If you activate a Premium subscription (€9.99/month), an account is created on our Supabase infrastructure (EU-hosted — Frankfurt) solely for payment and access management. Strictly minimal data is collected:

• Google email — retrieved via OAuth (« Sign in with Google ») to identify your account. No password created or stored on our side. Google provides your verified email and a unique identifier; Alpha requests no other scope (no Gmail, no Drive, no Calendar, no extended profile).
• Lemonsqueezy IDs — customer_id, order_id, subscription_id (accounting compliance and renewal management).
• Amount and currency of the payment (tax compliance).
• Premium status — is_active boolean + expiration date.

What is NEVER sent to Supabase: your analyses, prompts, wealth holdings, notes, transcripts, knowledge base. The "your AI key, your data" principle and 100% client-side stay intact. Open verification via DevTools → Network: you only observe calls to *.supabase.co at login + premium activation, never during analyses.

Premium account deletion: email savetheworldfr@gmail.com — deletion within 30 days (auto CASCADE on auth.users, premium_access, payments).

8. Contact

For any question on this policy: savetheworldfr@gmail.com.

← Back to home