Privacy Policy

1. Introduction

At Benchfolio ("we", "our", "us"), we operate securely at the intersection of financial analytics and user privacy. Because our platform processes institutional-grade portfolio metrics, zero-trust data methodology is our absolute priority. This Privacy Policy details precisely what data we collect, how it traverses our systems, and what stringent safeguards we deploy to protect your financial footprint.

2. Information We Collect

• Account & Registration Data: When you join the waitlist, request support, or register for the dashboard, we collect basic communication primitives such as your email address and preferred name.
• Financial Data & Integrations: To generate analytics, our end-user product requires you to connect your brokerage securely through the SnapTrade API. We autonomously process this read-only API data pipeline to strictly synchronize your trading executions, portfolio balances, and asset holdings. We never request, nor do we want, the ability to execute trades or withdraw funds on your behalf.
• System Usage Metrics: We log standard telemetry data (IP addresses, browser signatures, request latency) solely to maintain platform stability and monitor for malicious anomaly attacks.

3. How We Utilize Your Data

Your data acts as the inert fuel strictly for executing mathematical models. We use your SnapTrade linkage and uploaded transaction history exclusively to calculate your localized Sharpe ratios, Drawdown curves, volatility brackets, and active holdings, seamlessly populating your personal investment performance dashboard.

We do not sell your data.

We never utilize your specific portfolio composition or transaction history to reverse-engineer retail trading sentiment, we never front-run your data, and we strictly enforce a zero-tolerance policy against selling your profile information, API routing data, or holdings sheet to ad networks, hedge funds, or third-party marketing brokers.

4. Data Encryption and Security

Benchfolio leverages industry-standard security protocols to defend your data at rest and in transit.

• All ingress and egress traffic is encrypted automatically via TLS/SSL algorithms.
• Authentication logic is shielded by encrypted protocols.
• Third-party brokerage connection tokens are processed explicitly as read-only.

Despite these mathematical safeguards, no electronic transmission or cloud storage framework is impervious. We strive to use commercially acceptable means to protect your personal information, but we cannot guarantee absolute absolute, mathematically unhackable security against nation-state actors or zero-day vulnerabilities.

5. SnapTrade API and Brokerage Integrations

We utilize the secure SnapTrade API to aggregate and pipe your external portfolio balances into our analytics engine. When linking an account, your credentials (such as your username and password for Fidelity or Robinhood) are authenticated locally through SnapTrade's encrypted architecture. Benchfolio' servers are never exposed to your literal bank passwords. We simply receive an autonomous, read-only token granting us access to the numerical data outputs required to populate your dashboard.

6. Cookies and Local Storage

Unlike mass-market platforms, we do not deploy invasive marketing trackers (like Facebook Pixels) to follow you across the internet. We utilize minimal local session cookies and browser-based localStorage strictly for functional, cryptographic purposes—such as keeping you securely logged in, storing your encrypted JWT auth tokens, and persisting your dark-mode UI preferences.

7. Children's Privacy (COPPA)

Our Service is strictly engineered for sophisticated adult investors. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 18 or knowingly allow such persons to register for our financial software. If we learn that we have collected personal information from a child under 18 without verification of parental consent, we will instantly algorithmically destroy that data payload.

8. International Operations (GDPR & CCPA)

Benchfolio operates servers primarily within the United States. If you are accessing our analytics engine from the European Union, Asia, or any other region with laws governing data collection that differ from US law, please note that you are transferring your personal profile to the United States. We grant all users, regardless of global jurisdiction, the identical structural rights mapped out by the CCPA and GDPR: including the permanent right to opt-out, the right to data portability, and the absolute "Right to be Forgotten" (complete account purges).

9. Your Decentralized Rights

You maintain total sovereign control over your data footprint. You have the right to request a raw export of all data associated with your account, and you maintain a permanent, unilateral right to delete your account. Upon account deletion, we programmatically purge your historical portfolio syncs and numerical telemetry from our active databases.

10. Changes to This Privacy Policy

We may update our Privacy Policy transversally as we roll out new analytics modules or adapt to emerging compliance structures. We will notify you of any structural changes by posting the new Privacy Policy onto this page and updating the "Last Updated" timestamp. By continuing to ingest our analytics post-update, you accept the modified terms.