PRIVACY POLICY

Ghost Alpha Terminal

Back to Home

Last Updated: April 9, 2026

Effective Date: April 9, 2026

1. INTRODUCTION AND SCOPE

Ghost Alpha Terminal ("Platform," "we," "us," or "our") is committed to protecting the privacy and security of user information. This Privacy Policy ("Policy") describes our practices regarding the collection, use, retention, and protection of personal and non-personal data.

This Policy applies to all individuals and entities ("Users," "you," or "your") who access or use the Platform, whether as registered users, administrators, or casual visitors. By accessing or using the Platform, you consent to the practices described herein.

2. INFORMATION WE COLLECT

2.1 Account and Authentication Data

When you register an account, we collect your account credentials, email address, organizational affiliation, and authentication preferences. This information is necessary to establish and maintain your account access.

2.2 Configuration and Preference Data

We collect your trading configuration inputs, execution preferences, risk parameters, broker connection settings, and operational preferences necessary to customize and operate the Platform for your use case.

2.3 Usage and Telemetry Data

We automatically collect information about your interaction with the Platform, including feature usage, workflow activation, decision audit trails, simulation activity, and non-identifying technical metrics (IP address, user agent, browser type, session duration).

2.4 Broker-Provided Data

Through authorized OAuth connections, we may receive account identifiers, portfolio holdings, order history, and execution status from connected brokerage services. We do not directly store broker credentials.

2.5 Data You Do Not Provide

We do not intentionally collect sensitive personal information (e.g., social security numbers, passport information, payment card data) unless explicitly authorized and required for specific functionality. Users should not share such information through unsecured channels.

3. HOW WE USE INFORMATION

We use collected information for the following purposes:

  • Service Delivery: To provide, maintain, and operate the Platform
  • Security: To detect, prevent, and address fraud, abuse, and security incidents
  • Functionality: To enable market scanning, opportunity ranking, execution workflows, and decision audit replay
  • Personalization: To customize your experience and deliver relevant features
  • Improvement: To analyze usage patterns and improve Platform performance and features
  • Communication: To send service updates, security alerts, and administrative notices (where applicable)
  • Compliance: To meet legal, regulatory, and contractual obligations
  • Analytics: To measure conversion, engagement, and feature adoption (non-identifying)

4. DATA SHARING AND DISCLOSURE

4.1 Third-Party Service Providers

We may share data with third-party service providers (infrastructure hosts, analytics providers, brokerage integrations) only as necessary to deliver core Platform functionality. These providers are bound by confidentiality agreements and security obligations.

4.2 Brokerage Partners

To execute trades and retrieve market data, we share relevant order directives and account information with connected broker platforms. Each broker's privacy practices are governed by their respective terms.

4.3 No Sale of Personal Data

We do not sell, rent, lease, or otherwise disclose personal data to third parties for marketing or commercial purposes.

4.4 Legal Compliance

We may disclose information when required by law, court order, subpoena, or governmental request, or when necessary to protect the rights, safety, and property of Ghost Alpha Terminal, users, or the public.

4.5 Business Transitions

In the event of merger, acquisition, bankruptcy, or sale of assets, user data may be transferred as part of that transaction. We will notify users of any material changes to this Policy via email or prominent notice on the Platform.

5. DATA RETENTION

We retain information for as long as necessary to operate the Platform, fulfill contractual obligations, comply with legal and regulatory requirements, and resolve disputes. Retention periods vary by data type:

  • Account Data: Retained for the duration of your account and as required by law
  • Transaction Records: Retained for audit, compliance, and tax purposes (typically 7 years)
  • Usage Logs: Retained for 90 days unless needed for security investigations
  • Telemetry Data: Retained for aggregate analysis (typically 12-24 months)

You may request deletion of eligible personal data in accordance with applicable privacy laws. We will respond to verified requests within the timeframe specified by law.

6. SECURITY AND DATA PROTECTION

6.1 Technical Controls

We implement industry-standard security measures including encryption in transit (TLS/SSL), session authentication, access controls, and regular security testing. See our Cybersecurity Policy for detailed technical protections.

6.2 Organizational Controls

We maintain security policies, staff training, incident response procedures, and vendor management practices. Access to user data is restricted to authorized personnel on a need-to-know basis.

6.3 Limitation of Warranties

While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute protection against all potential security threats. Users are responsible for safeguarding their credentials, API keys, and account access.

7. USER RIGHTS AND CHOICES

7.1 Access and Portability

You may request access to the personal data we hold about you and, where applicable, request data portability in structured format.

7.2 Correction and Deletion

You may request correction of inaccurate data or deletion of your account. Some data may be retained for legal or operational reasons.

7.3 Opt-Out

You may opt out of non-essential communications (marketing, feature announcements) through account settings. Essential service notifications cannot be disabled.

8. CHILDREN AND MINORS

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If we learn that we have collected such data, we will take prompt steps to delete it.

9. INTERNATIONAL DATA TRANSFERS

Your data may be processed and stored in multiple jurisdictions. By using the Platform, you consent to transfer of your information to countries other than your country of residence, which may have different data protection rules.

10. POLICY UPDATES

We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent Platform notice. Your continued use of the Platform constitutes acceptance of the updated Policy.

11. CONTACT AND INQUIRIES

For privacy inquiries, data requests, or concerns, please contact your platform administrator or legal representative. For self-hosted deployments, refer to your deployment documentation for privacy contact information.

Disclaimer: This Privacy Policy is provided for informational purposes. It is not legal advice. Specific privacy rights and obligations may vary by jurisdiction. Users should consult with legal counsel regarding their specific privacy requirements and obligations.