Obsidia
Sign inJoin waitlist

Legal

Privacy Policy

Last updated: May 3, 2026

Obsidia ("we", "us") respects your privacy. This policy explains what data we collect when you use our platform, how we use it, and your rights over it. By using Obsidia you agree to the practices described here.

1. What we collect

  • Account data — your email address, Google profile (name, avatar), and any handle you choose. We use Supabase Auth to store and manage credentials.
  • Strategy data — the strategies you save, backtest results, alerts fired, and paper-trade outcomes.
  • Delivery preferences — Telegram chat ID, Discord webhook URL, and email-alert opt-in setting (only if you provide them).
  • Usage telemetry — page views, button clicks, and API requests, gathered via privacy-first analytics. We do not use third-party advertising trackers.
  • Payment data — handled entirely by Stripe; we never see or store your card details. We retain your Stripe customer ID and subscription status.

2. How we use it

  • To run strategies you save and deliver alerts you've configured.
  • To compute leaderboards and marketplace listings (only for strategies you publish).
  • To improve the product — aggregated, anonymized usage patterns.
  • To send transactional emails (sign-up confirmations, billing receipts) and, only with explicit opt-in, the daily AI brief newsletter.

3. Who we share it with

  • Service providers — Supabase (auth + database), Anthropic (AI brief generation), Stripe (payments), Resend (transactional email), Vercel (hosting). Each operates under a data processing agreement.
  • Law enforcement — only when legally compelled. We publish a transparency report annually.
  • We do not sell your data. Ever.

4. Your rights

You can request export, correction, or deletion of your data at any time by emailing privacy@obsidia.fi. We respond within 30 days. Account deletion permanently removes strategies, alerts, and trade history; backups expire after 90 days.

5. Cookies & local storage

We use first-party cookies for authentication (Supabase session) and local storage for UI preferences. We do not set third-party advertising cookies. EU/UK users will see a consent banner if telemetry cookies are in scope.

6. Data retention

  • Active accounts: data retained while account is open.
  • Closed accounts: deleted within 30 days of closure.
  • Backtest results: retained for analytics; anonymized after 12 months.
  • Stripe records: retained 7 years for tax/audit compliance.

7. International transfers

Obsidia operates servers in the US and EU. By using the service you consent to data being processed in either region under SCCs/GDPR-compliant terms.

8. Changes to this policy

We'll email registered users at least 14 days before any material change takes effect. Minor edits are dated above and announced in the changelog.

9. Contact

Privacy questions: privacy@obsidia.fi. General contact: hello@obsidia.fi.