Privacy Policy
Last updated: June 17, 2026
SAN7 is designed to be local-first: your financial data and trading journal stay on your device. Data only leaves your device when it is needed to provide a feature you use — for example, to fetch market data, place an order with your broker, validate a subscription, or (only when you ask) generate an AI reflection. This Privacy Policy explains what information is handled by SAN7 and how.
1. Information We Collect and Store
Information You Provide
- Account profile: Your name and email address, stored locally on your device in platform secure storage (iOS Keychain / Android Keystore). These are used only for your on-device profile (for example, shown on the unlock screen) and are never transmitted off your device.
- Device PIN: A numeric PIN you create during onboarding, stored exclusively in platform secure storage. We cannot access or recover your PIN.
- Broker credentials: Your Alpaca API key ID and secret, or your Alpaca sign-in (OAuth) token, stored exclusively in platform secure storage. These are never transmitted to SAN7 servers.
- AI provider credentials: If you connect an AI provider, its API key or sign-in (OAuth) token is stored exclusively in platform secure storage and sent only to that provider, never to SAN7 servers.
- Trade journal: The reasoning you attach to trades — reason tags, your free-form thesis, and a conviction level — stored locally on your device.
Information Collected Automatically
- Portfolio and trading data: When you connect an Alpaca account, SAN7 fetches your portfolio holdings, order history, trade history, and account activity from Alpaca’s API. This data is cached locally on your device in platform secure storage and AsyncStorage.
- Market data cache: Stock quotes, charts, and related market data fetched from third-party providers (Yahoo Finance, Stooq, Alpaca) are cached locally to reduce network requests and improve performance.
- App preferences: Display preferences, watchlist symbols, and UI state are stored locally on your device.
2. How Information Is Stored
SAN7 is a local-first application. All sensitive data is stored exclusively on your device:
- expo-secure-store (iOS Keychain / Android Keystore): Session tokens, broker and AI provider credentials, your PIN, authentication state, portfolio data, trade state, provider configuration, watchlists, sync state, and your subscription cache and free-reflection allowance.
- AsyncStorage: Your trade journal and most recent AI reflection, plus a market data cache (stock quotes), to keep your history and reduce network requests.
- App memory: Runtime caches that are cleared when the app is closed.
SAN7 does not maintain user accounts on remote servers. The only "account" is the local profile on your device, protected by your device PIN/biometrics.
3. Data Transmission
When you use SAN7, data is transmitted to third-party services as necessary to provide functionality:
- Alpaca Markets LLC: Your API credentials are sent directly to Alpaca’s API to authenticate data requests and order placement. Data transmitted includes portfolio queries, order submissions, account activity requests, and market data requests.
- Yahoo Finance (query1.finance.yahoo.com): Stock symbol queries are sent to fetch quote and chart data. No personal information or credentials are included in these requests.
- Stooq (stooq.com): Stock symbol queries are sent as a fallback data source. No personal information or credentials are included.
- AI provider (Anthropic, OpenAI, DeepSeek, Google, xAI, or Mistral): Only when you run a reflection or ask a follow-up question, SAN7 sends a compact summary of your trade journal — such as symbols, your reason tags and thesis, conviction, hold time, and returns — together with your stored credential, directly from your device to the provider you connected. SAN7 has no server in this path. Your journal is not sent at any other time.
- Apple App Store / Google Play and RevenueCat: If you subscribe, purchase receipts and an anonymous app-user identifier are processed by the app store and by RevenueCat to validate your purchase and entitlements. SAN7 does not receive or store your payment card details.
If you forget your PIN, you reset it directly on your device using your phone’s own biometrics or passcode (Face ID, Touch ID, or device passcode). No email is sent and no reset request is transmitted to any server.
When SAN7 is configured to use a remote API server (non-local mode), broker and portfolio data may transit through that server. In local-only mode (the default), all data fetches happen directly from your device to the third-party services listed above.
4. Data Sharing
- SAN7 does not sell, rent, or share your personal information with third parties for their own marketing purposes.
- SAN7 does not maintain backend servers that collect or aggregate your trading activity, portfolio data, or financial information.
- In local-only mode, your broker and AI provider credentials never transit through any SAN7-operated server.
- The third-party services you choose to use through SAN7 — your broker, your AI provider, and the app store / RevenueCat for subscriptions — receive only the data described in this Policy and handle it under their own privacy policies, which you should review.
- We may disclose information if required by law, court order, or governmental regulation.
5. Data Retention and Deletion
- All data stored by SAN7 resides on your device. You can delete all app data at any time by uninstalling the App or using the "Logout" function in Account settings (which clears SecureStore and AsyncStorage data).
- Third-party services (Alpaca, Yahoo, Stooq) may retain query logs according to their own privacy policies, independent of SAN7.
6. Your Rights
Depending on your jurisdiction, you may have rights under data protection laws such as the GDPR (EU/EEA), CCPA (California), or similar regulations. Because SAN7 stores your data locally on your device:
- You have direct control over your data through the App’s settings.
- You can access, export (via screenshots or the Alpaca API directly), or delete your data at any time.
- Because SAN7 keeps your data on your device and not on our servers, there is no server-side profile to access or delete; using Logout in Account settings, or uninstalling the App, removes your local data.
7. Security
We implement security measures appropriate to a mobile financial application:
- All sensitive credentials are stored in platform-level secure enclaves (iOS Keychain, Android Keystore).
- Local authentication (PIN / biometrics) is required to access the App.
- Biometric authentication (Face ID / Touch ID) is performed entirely by your device’s operating system. SAN7 never receives, accesses, or stores your biometric data.
- An automatic privacy shield obscures app content when the app backgrounds.
- API communications use HTTPS encryption.
However, no security measure is perfect. You are responsible for securing your device and credentials.
8. Children’s Privacy
SAN7 is not intended for use by anyone under the age of 18. We do not knowingly collect information from children.
9. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated through the App. Continued use after changes constitutes acceptance.
10. Contact
For privacy-related questions or to exercise your data rights, contact us at san7app@gmail.com.