Privacy Policy

This Privacy Policy explains what data the RisingEdge iOS app collects, how it's used, and the choices you have. We've kept it short and direct — the goal is for you to be able to read it in five minutes and know exactly what we do. If anything here is unclear, email aimatee@gmail.com.

1. Who we are

RisingEdge is built and operated by Lei Wang as an independent developer. The "we" in this document means Lei Wang. The legal entity, if and when one is formed, will be named here in a future version of this policy and we'll notify users in-app when that happens.

The app is currently in TestFlight beta with up to 15 invited testers. The data and process below describe how the beta operates.

2. What data we collect

We collect the minimum data necessary to make a personal swing-trading assistant work for you. Specifically:

Category	What we collect	Why
Account identifier	The opaque Apple Sign-In subject (`sub`) we receive when you sign in. We do not receive your real name unless you choose to share it. We may receive your email if you allow it during sign-in.	To distinguish your account from other accounts.
Position data	Symbol, share count, cost basis, and acquisition date for every lot you enter manually.	To generate recommendations specific to your holdings. Encrypted at rest per §3.
Watchlist symbols	Tickers you choose to watch.	To run analysis on your watched names.
Preferences	Risk tolerance, tax constraints, hold-horizon range, push-notification confidence threshold.	To shape recommendations to you.
OAuth tokens (BYOS only)	If you opt into Bring-Your-Own-Subscription in Settings, we store the OAuth access + refresh tokens for the provider you connect (OpenAI / Anthropic / Google).	To make analysis calls against your subscription on your behalf. Encrypted at rest per §3. We never see your subscription password.
Recommendation history	The recommendations we've generated for you, with the reasoning, citations, and your interactions (acted on / ignored).	To compute your performance vs baselines, and to power the journal screen.
Usage telemetry	Anonymized counters — how often the app opened, how many recommendations were emitted, how many pushes fired, error rates. No personal identifiers, no per-user breakdowns leave the backend.	To monitor app health and reliability.
Crash diagnostics	Standard iOS crash reports, only if you opt in via the system-level "Share with App Developers" toggle.	To fix crashes.

What we don't collect

Your real name (unless you explicitly share it during Apple Sign-In)
Your physical address, phone number, or contacts
Your location
Your browsing history, search history, or device fingerprint
Health, biometric, or other sensitive data
Children's data — RisingEdge is rated 17+ and not directed at users under 13

3. How we protect your data — encryption posture

This is the part most apps gloss over. We don't.

Per-user envelope encryption. Position data, freeform memory text, OAuth tokens, and other sensitive per-user fields are encrypted with a unique key derived for each user and each record. The encryption uses HKDF-SHA-256 to derive a per-record data key from a master key, then AES-256-GCM for the encryption itself. The encryption is bound to your user identifier through Additional Authenticated Data (AAD), which means a row's ciphertext cannot be silently swapped with another user's row.
Master key separation. The master key sits in a Cloudflare Worker secret binding. Application code that handles your data cannot import the master key directly — the import path is structurally blocked by lint rules, and only the dedicated encryption module is allowed to use it. A bug in business-logic code cannot accidentally leak the key.
Plaintext absence is tested. A continuous-integration test verifies that no plaintext from your protected fields ever appears in the raw database storage. This test runs on every commit.
In transit. All communication between the iOS app and our backend uses TLS 1.2+ (HTTPS).
Logs are structurally redacted. The logging layer at the Cloudflare Worker drops anything that pattern-matches a secret or sensitive value before logs are stored. A separate Cloudflare Tail Worker re-applies the same redaction layer as a backstop.

4. How we use your data

We use your data exclusively to:

Generate stock recommendations specific to your holdings and watchlist.
Send push notifications when a recommendation clears the confidence threshold you set.
Compute your performance vs baselines on the Performance screen.
Improve the app over time (specifically: tune recommendation logic based on aggregated, anonymized outcomes — never your individual data without your consent).

We do NOT: sell your data, ever. Use your data for advertising (RisingEdge has no advertising and no ad SDKs). Run third-party analytics SDKs (no Mixpanel, Segment, Amplitude, Firebase Analytics, Google Analytics, or equivalent). Train any AI/ML model on your data without your explicit, separate, opt-in consent.

5. Third parties we share data with

To deliver the app, we share specific data with specific third parties for specific reasons. Here's the complete list:

Third party	What we share	Their privacy policy
Apple	Apple Sign-In subject, push-notification tokens, App Store metadata, crash reports (if opted in).	apple.com/legal/privacy
Cloudflare	All backend data (encrypted per §3), request metadata required to route HTTPS.	cloudflare.com/privacypolicy
Google (Gemini API) — DEFAULT TIER	Per-analysis prompts containing the symbol you're being analyzed for and the encrypted-then-decrypted-server-side context required to reason about it (positions, indicators, recent news). NOT your account identifier or any persistent per-user signal beyond a single-call context.	policies.google.com/privacy
Your chosen subscription provider — BYOS TIER (opt-in only)	If you connect your OpenAI / Anthropic / Google subscription via OAuth in Settings, we send per-analysis prompts to that provider on your behalf — billed against your subscription. You explicitly consent in Settings before any data is sent.	OpenAI: openai.com/policies/privacy-policy · Anthropic: anthropic.com/legal/privacy · Google: as above
Market data vendor (Polygon.io or Tiingo, decision pending)	Symbol list only — never your account identifier or position size.	Polygon: polygon.io/privacy · Tiingo: tiingo.com/privacy

We do not use any other third-party services. If we add one, this section will be updated and you'll be notified in-app.

6. Data retention

Category	Retention
Account + position data + recommendations	Retained until you delete your account. After deletion, a 7-day grace period during which you can undo; after that, permanent erasure.
OAuth tokens (BYOS)	Retained while BYOS is connected. Revoked by you in Settings → Disconnect. Tokens deleted within 24 hours of disconnect.
Backend logs	30 days
Pipeline traces (audit trail of every analysis run)	1 year
Crash reports (if opted in)	90 days

If you want all your data deleted earlier than the policy above allows, email aimatee@gmail.com and we'll process it within 30 days.

7. Your rights

You can:

Export your data. Settings → Privacy & data → "Export my data" generates an encrypted ZIP containing everything we hold about you, decryptable with your account credentials.
Correct your data. All preferences, watchlists, and positions are editable in the app.
Delete your data. Settings → Privacy & data → "Erase everything" wipes the account after a 7-day undo window.
Disconnect BYOS. Settings → LLM Provider → "Disconnect" removes the OAuth tokens within 24 hours.
Opt out of crash diagnostics. Standard iOS settings (Settings app → Privacy & Security → Analytics & Improvements).
Withdraw consent. Email us. We honor withdrawals within 30 days.

If you are a California resident, you additionally have the right under the California Consumer Privacy Act (CCPA) to know what personal information is collected, to delete it, to opt out of any "sale" (we never sell data), and to non-discrimination for exercising any of these rights.

If you are an EU/EEA/UK resident under GDPR, you additionally have rights to access, rectification, erasure, restriction of processing, data portability, and to object. The legal basis for our processing is your consent (when you sign in and use the app) and our legitimate interest in providing the service. To exercise these rights, email aimatee@gmail.com.

8. International transfers

The backend runs on Cloudflare's globally distributed network, which may route requests through data centers outside your country (typically the United States). All data in transit is encrypted; the encryption posture in §3 is uniform across regions.

9. Children's privacy

RisingEdge is rated 17+ in the App Store. We do not knowingly collect personal information from children under 13. If we learn that we've inadvertently collected data from a child under 13, we'll delete it immediately and terminate the account.

10. Changes to this policy

If we change this policy materially, we'll:

Update the Effective date and Version at the top.
Push an in-app notification to all active accounts asking you to review the changes.
For any change that expands what we collect or who we share with, require fresh consent before continuing the new processing.

11. How to contact us

For privacy questions, requests, or concerns:

Email: aimatee@gmail.com
Subject line that gets fastest response: [RisingEdge Privacy] <your topic>
Response SLO: 7 days for routine requests; 30 days for data-deletion / data-export requests as required under CCPA + GDPR.