About
Contact
Get updates
Apply for early access
About
Contact
Get updates
Apply for early access

Privacy policy

1. Information We Collect

Account Information

  • Name
  • Email address
  • Password (hashed)

Service Usage Data

  • Interaction logs
  • Diagnostic data
  • Platform actions (e.g., node usage, project activity)

Trading-Related Data

  • Connected broker information
  • Positions, orders, and trade history
  • Strategy configuration (“recipes”)

Technical Data

  • IP address
  • Device information
  • Cookies
  • Error logs

Data We Do Not Collect

  • Credit card numbers
  • Government IDs
  • Personal data beyond email unless explicitly provided

2. How We Use Your Data

We process your data to

  • Provide and operate the Finforge platform
  • Authenticate your account
  • Generate and maintain your projects/recipes
  • Execute trades through your connected broker
  • Improve product performance and reliability
  • Detect fraud, abuse, or misuse
  • Comply with legal obligations

3. Legal Bases for Processing

Under GDPR, we process your data on the following legal bases

  • Contractual necessity: operating your account and executing trades
  • Legitimate interests: analytics, fraud prevention, product improvement
  • Consent: cookies and optional features
  • Legal obligation: security, auditing, compliance

4. How We Store Broker API Keys

Broker API keys are

  • Stored in a privileged-access password vault
  • Encrypted at rest
  • Never exposed to unauthorized staff
  • Injected into the application only at runtime
  • Rotated at least quarterly

Finforge does not store API keys in plaintext.

5. Data Retention

  • Account + Project/Recipe Data: retained according to GDPR requirements (typically 2 years after account deletion)
  • Security & Audit Logs: retained up to 12 months (or longer if legally required)
  • Operational Logs: retained up to 3 months
  • Broker API Keys: rotated at least every 90 days

6. Cookies

We use

  • Essential cookies (required for login and core functionality)
  • Analytics cookies (to understand usage and improve the product)

We do not use advertising or remarketing cookies.

7. Third-Party Service Providers

We use trusted sub-processors to operate Finforge

  • AWS – hosting, compute, storage
  • Cloudflare – CDN and security
  • Alpaca – brokerage integration
  • Massive – (your ML/hosting provider)
  • FMP (Financial Modeling Prep) – market data

These processors may store or transmit data outside the EU under GDPR-compliant safeguards (e.g., SCCs).

8. International Data Transfers

If data is transferred outside the EU/EEA, we use:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Additional safeguards where required

9. Your Rights Under GDPR

You have the right to

  • Access your data
  • Correct inaccurate data
  • Delete your data (“right to be forgotten”)
  • Export your data (data portability)
  • Restrict or object to processing
  • Withdraw consent for cookie usage
  • File a complaint with a supervisory authority

To exercise these rights, contact us at:

hello@finforge.com

10. Data Security

We use industry-standard security practices, including

  • Encryption in transit and at rest
  • Access control and least-privilege policies
  • Network firewalling and DDoS protection
  • Regular audits and key rotation
  • Secure environment variable injection

Despite these measures, no system is completely secure, and we cannot guarantee absolute protection against breaches.

11. Children’s Privacy

Finforge is intended for users 18 years and older.

We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy occasionally. If material changes occur, we will notify users via email or platform notice.

AboutContactTerms of ServicePrivacy PolicyLinkedIn
hello@finforge.com

Finforge AB (559514-0848)

Uppsala, Sweden

© Finforge 2025