Privacy Policy
Last updated: April 14, 2026
Options Insights ("we," "us," "the platform") is a trading analytics tool. We handle real brokerage data and take your privacy seriously. This policy explains exactly what data we collect, how we protect it, and who else touches it.
1. What Data We Collect
Account Information
- Email address, username, and hashed password
- Optional: phone number (if you enable SMS notifications)
TastyTrade Data
- Trade transactions (buys, sells, expirations, assignments)
- Open and closed positions
- Account numbers and account metadata
- This data is synced periodically from the TastyTrade API using the credentials you provide
Query Data
- The text of your natural language queries to the Query Assistant
- Anonymized token counts and cost metadata (never associated with your query content in billing records)
Stored Credentials
- TastyTrade OAuth tokens (access token and refresh token) — stored with field-level encryption (AES-256). We never see or store your TastyTrade password.
- Databento API key (only if you provide one) — stored encrypted. This is your own Databento account relationship; we only transmit your key to the Databento API on your behalf.
2. How We Store and Protect Data
- Hosted on Railway (cloud infrastructure) with PostgreSQL on Supabase.
- Row Level Security (RLS) is enforced at the database layer — your data is scoped to your user ID. No other user can query your data.
- API keys and credentials are encrypted at rest using field-level encryption (Fernet/AES-256). We never store secrets in plaintext.
- TLS in transit — all connections between your browser, our servers, and third-party APIs use HTTPS.
3. Third-Party Services
We use the following third-party services. Each has its own privacy policy that applies to data they process.
| Service | Purpose | What Data Passes Through |
|---|---|---|
| TastyTrade API | Read-only data pull of your trades, positions, and account info | OAuth tokens (we never see your TastyTrade password; you authorize via TastyTrade's OAuth page) |
| Stripe | Payment processing for post-beta subscriptions | Payment details (we never see your raw card number) |
| OpenRouter | Routes Query Assistant prompts to AI language models | Your query text is transmitted to generate SQL and responses. We use a platform-owned account — you do not need an API key. |
| Databento | Options market data (BYOK — your own API key) | Your Databento API key is transmitted to their API on your behalf. We store your key encrypted but have no independent Databento data relationship. |
| SendGrid | Transactional email (sync notifications, beta communications) | Your email address and notification content |
| Twilio | Optional SMS notifications | Your phone number (only if you provide one) |
4. Data Retention and Deletion
- Your data is retained while your account is active.
- If you delete your account, all data is permanently deleted within 30 days.
- We do not sell your data to third parties. Ever.
- We do not use your trade data for any purpose other than displaying it back to you and generating analytics for your account.
5. Your Rights
- Right to know: You can ask what data we hold about you by emailing support@optionsinsights.io.
- Right to delete: You can delete your account and all associated data from your account settings page. This removes everything within 30 days.
- Right to disconnect: You can revoke TastyTrade access at any time by removing your credentials from your account settings.
- Right to export: You can request an export of your data by emailing support@optionsinsights.io.
Questions about your data? Contact us at support@optionsinsights.io.