Privacy Policy

Last updated: 28 May 2026

BasisTrail is built to collect as little about you as possible, and to keep everything it reads strictly read-only. This policy explains what we collect, why, who processes it, and how to remove it.

BasisTrail never receives your brokerage password, your wallet's private keys, or your seed phrase. It cannot trade, transfer, or sign anything. Access is read-only by design.

1. Who we are

BasisTrail (“BasisTrail”, “we”, “us”) is an independent software product operated by its founder as a sole proprietor. For privacy questions, contact privacy@basistrail.app. We are the data controller for the information described below.

2. What we collect

Account email — from Sign in with Apple (which may be a private-relay address you control) or a web sign-in link. Used only for authentication and essential service email.
Optional display name — only if you choose to share it via Sign in with Apple.
Onboarding preferences — investing style, focus mix, AI tone, and dashboard order, used to tailor the app. Editable or removable any time in Settings.
Read-only portfolio data — activity and positions retrieved from Interactive Brokers via the Flex Web Service token you generate, and balances from the public Base wallet addresses you provide. We store positions, transactions, fees, and FX/price marks so the app can reconstruct your history.
AI usage events — timestamps and event types used to enforce fair-use limits and compute your credit balance. We do not retain the full text of your AI prompts longer than needed to generate a response.
Subscription state — plan, status, and renewal date, received from our payment processor. We never see or store your card details.
Minimal technical logs — error and security logs that may include IP address and device/OS type, retained briefly for reliability and abuse prevention.

3. What we do not collect

No brokerage passwords, wallet private keys, or seed phrases — ever.
No advertising identifiers, no third-party ad/tracking pixels, no data brokers.
No selling, renting, or trading of your personal data under any circumstances.

4. How we use it

Strictly to operate the service: authenticate you, reconcile and display your portfolio, generate AI explanations of your own data, apply fair-use limits, process your subscription, and keep the service secure and working. We do not use your portfolio data to train AI models.

5. Processors we rely on

Supabase — authentication and database hosting.
Our AI provider — receives a sanitized snapshot of only the portfolio context needed to answer your request, with credentials, tokens, account IDs, and key-shaped strings stripped server-side before transmission.
Whop — payment processing and hosted checkout. They handle card data and may collect or remit tax where applicable; we receive subscription status and limited billing metadata only.
Apple — Sign in with Apple and App Store distribution.

Each processor handles data under its own terms and only to provide its function to us.

6. Legal bases (GDPR/UK GDPR, where applicable)

We process data to perform our contract with you, on the basis of your consent (optional preferences), and for our legitimate interests (security, abuse prevention, and reliability), balanced against your rights.

7. Your rights

You can access, correct, export, or delete your data. Delete your account any time from the app (Settings → Delete Account) or by emailing us; this removes your profile, preferences, stored portfolio data, AI usage events, and subscription record from our systems, subject to limited legal retention. Depending on your location you may also have rights to restrict or object to processing, or to lodge a complaint with your data-protection authority.

8. Retention

We keep your data while your account is active and delete it after account deletion, except where we must retain limited records (e.g., tax/payment records) for legally required periods. Security logs are kept only briefly.

9. Security

Credentials are stored in the iOS Keychain on your device. Server data is encrypted in transit and at rest by our hosting provider, and access is restricted. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

10. International transfers

Our processors may store and process data in the United States and other countries. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses.

11. Children

BasisTrail is not directed to anyone under 18 and we do not knowingly collect their data. If you believe a minor has provided us data, contact us and we will delete it.

12. Changes

We may update this policy as the product evolves. Material changes will be reflected here with a new “last updated” date; continued use after changes means you accept them.

13. Contact

Questions or requests: privacy@basistrail.app.

Read the Terms of Service →