Slatemark.

Privacy Policy

Last updated: 2026-05-24

This Privacy Policy explains what information Slatemark (formerly slatemark; “we”, “us”) collects when you use the Service, how we use it, who we share it with, and the choices you have. It is part of and incorporated into our Terms of Service.

1. Information we collect

We collect only the information we need to operate the Service:

  • Account information. Your email address, authentication tokens, and (optionally) a display name. We use Stytch as our identity provider; Stytch may collect additional metadata as described in its own privacy policy.
  • Subscription and billing information. We do not store your payment-card numbers. Stripe processes payments on our behalf and provides us with a customer identifier, the plan you are on, and high-level subscription events (created, renewed, cancelled, payment failed). Your payment details are stored by Stripe under its own privacy policy.
  • Brokerage OAuth tokens. If you link a brokerage account (such as Charles Schwab), we store the refresh tokens needed to maintain that link. These tokens are encrypted at rest with a per-environment AWS KMS key and are scoped to your user identifier; no other user can access them. We do not receive your brokerage password.
  • Vendor API keys. If you provide API keys for third-party data vendors (FRED, Finnhub, etc.), we encrypt them at rest with a KMS key pinned to your user identifier and the credential name. We use these keys solely to make the calls you initiate through the Service.
  • Your journal and profile. Trade journal entries, account-profile blocks, notes, tags, and any other content you author through the Service.
  • Connected applications. Records of the OAuth clients you mint to connect AI clients to the Service. We never see the client secrets after the moment of issuance.
  • Operational logs and metrics. Request timestamps, error rates, latency, and aggregate usage data necessary to operate, secure, and improve the Service. Operational logs are retained for thirty days and used only for the operation of the Service.
  • Cookies. We use a session cookie to keep you signed in and CSRF tokens to protect form submissions. We do not use third-party tracking cookies or advertising cookies.

We do not sell your information, and we do not share it with advertisers.

2. How we use your information

We use the information we collect to:

  • Operate the Service, authenticate you, and provide the features you request.
  • Process tool calls you initiate from your connected AI client, including proxying authenticated requests to third-party data vendors on your behalf.
  • Manage your subscription, process payments, and provide receipts.
  • Communicate with you about your account, the Service, and changes to these policies.
  • Monitor, secure, and improve the Service, including diagnosing errors and detecting abuse.
  • Comply with legal obligations and enforce our Terms.

We do not use your journal entries, account profile, or trading data to train any machine-learning model.

3. Who we share information with

We share information only with the third parties necessary to operate the Service:

  • Stytch: identity and authentication.
  • Stripe: payment processing and subscription management.
  • Amazon Web Services: hosting, compute, storage, and encryption (KMS).
  • Anthropic, Charles Schwab, FRED, U.S. SEC, Polygon, Finnhub, EIA, CFTC, FINRA, and other data vendors: when you initiate a request that requires their API, we forward only the information needed to fulfill that request (typically a ticker symbol, a date range, or an authenticated API key you provided). We do not forward your journal contents or unrelated data.

Each of these providers has its own privacy practices and contractual commitments to us. We do not authorize them to use your information for purposes other than providing services to us.

We may also disclose information when required by law, court order, or other governmental request; to protect the safety, rights, or property of users, us, or the public; or in connection with a merger, acquisition, or sale of assets, subject to confidentiality.

4. How we protect your information

  • All credentials and brokerage tokens are encrypted at rest with AWS KMS. Encryption-context fields pin a row to its user identifier and credential name, so a misrouted decrypt request fails.
  • Brokerage tokens are scoped per user. No shared key, no cross-tenant access.
  • Authentication is enforced at the request boundary; tool calls and dashboard actions both require a valid session bound to your user identifier.
  • Data is hosted on AWS in the United States.
  • We follow the principle of least privilege internally: production data access is limited to operators with a specific operational need.

No system is perfectly secure. If we learn of a breach that affects your information, we will notify you and the relevant authorities as required by law.

5. Data retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data and the content you authored within a reasonable timeframe, except where we are required by law to retain a record (for example, Stripe billing records). We may retain aggregated, de-identified operational metrics for longer periods.

You can request deletion of your data by contacting support@slatemark.ai.

6. Your rights

You can:

  • Access the data we hold about you through your dashboard.
  • Update or correct your account information at any time.
  • Request a copy of your data (see contact below).
  • Delete your account and the personal data we hold about you.
  • Opt out of non-essential communications.

Residents of California may have additional rights under the California Consumer Privacy Act (CCPA). To exercise any applicable right, contact support@slatemark.ai. We do not sell personal information and have not sold personal information in the prior twelve months.

7. Children

The Service is intended for users 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact support@slatemark.ai and we will delete it.

8. International users

The Service is currently offered only to residents of the United States and is hosted in the United States. If you access the Service from elsewhere, you do so at your own risk and are responsible for compliance with local laws.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will update the “Last updated” date above and, where appropriate, notify you by email or an in-product banner. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

Questions, data-access requests, and other privacy-related inquiries can be sent to support@slatemark.ai.