PRIVACY & CUSTODY
Private by deployment, explicit by design.
This instance is a personal, single-Owner workspace. It has no public registration, payment profile, customer database or public report links.
Data stored
The service stores the Owner account, hashed credentials and recovery codes, sessions, selected securities, research tasks, approval history, paired-device credentials, private PDFs, report preferences and security audit events.
Credential boundaries
Passwords are protected with scrypt. Session and device tokens are stored as keyed hashes. The website does not store ChatGPT credentials, cookies, conversation URLs or browser contents.
Infrastructure
Traffic passes through Cloudflare and a private server deployment. PostgreSQL, Redis and report storage are not intentionally exposed as public services. Resend email delivery remains disabled until separately configured.
Retention and deletion
Research history is retained until the Owner archives or removes it through an explicit maintenance process. Operational backups must be encrypted, stored off-host and tested for restoration.
No public sharing
Report metadata and files require the authenticated Owner session. Private routes are marked noindex and excluded from the public sitemap.