Privacy policy
Last updated 2026-05-14KRUX collects the minimum data needed to run the product. We don't resell data, we don't see your broker credentials, and we don't see your real-time market data — that flows through your machine, not ours.
01What we collect
Account-level: email, display name, hashed password (or OAuth subject ID), profile preferences (theme, layouts, watchlists, saved drawings, alerts).Billing-level (Pro tier only): name, billing email, last 4 digits of card, billing country — collected and stored by Stripe. KRUX never sees your full card number.Analytics: anonymised page views, click events, error logs. Tracked via PostHog with EU-region storage. No fingerprinting beyond standard session identification.
02What we don't collect
• Your broker credentials — they stay on your machine• Real-time market data — it passes through, never persisted• Your trade history from your broker• Your account balance, P&L, or positions
03Data processors
Supabase: account auth + database (EU region).Stripe: billing.Resend: transactional email (magic links, alerts, receipts).PostHog: product analytics + error tracking (EU region).Vercel: web hosting + edge middleware.Cloudflare: DNS + tunnel for the chart data path.
04Your rights
Under GDPR, UK DPA 2018, CCPA, and similar regimes:• Right to access — export everything we hold on you• Right to delete — purge your account + all derived data• Right to rectify — correct anything we've got wrong• Right to portability — receive data in JSON / CSVBoth export and deletion are user-initiated from /settings → Danger. Deletion is irreversible — your data is purged from primary storage immediately and from backups within 30 days.
05Cookies + tracking
KRUX uses Supabase Auth session cookies (`sb-*`) to keep you signed in. That's required for the product to work.PostHog uses a session-level identifier (no fingerprinting, no third-party cookies). EU users get consent prompts where required.Stripe sets a billing cookie when you reach a checkout surface. You can decline; checkout won't function without it.
06Contact
Privacy questions, data requests, or complaints: contact@krux.soWe respond within 5 working days. UK / EU residents can escalate to the ICO (UK) or your national supervisory authority (EU).