RuleGuard is operated by Antoine Bracmort (solo). This policy explains what we collect, why, and how it's protected. Plain language only.
What we collect
Email — for sign-in (magic link) and product notifications. Stored in Supabase Auth.
Exchange API keys — read-only keys you connect (Bitunix, Binance, Bybit). Encrypted at rest with AWS KMS. Permission scope is verified on connect: trade and withdraw scopes are rejected.
Trade history — pulled from your exchange via read-only API. Used to generate your behavioral insights and AI classifications. Never sold, never shared.
Device info — push notification token, app version, OS. For push delivery and crash reporting (Sentry).
Product analytics — anonymous event data via PostHog (screen views, feature use). No personally identifying content.
What we do NOT collect
Wallet seed phrases or private keys. Ever.
Your exchange password.
Funds. RuleGuard cannot move money. The API keys you give us reject trade and withdraw scopes by design.
Real-time location, contacts, microphone, or camera.
AI processing
Closed trades are sent to Anthropic's Claude API for setup classification and weekly coaching. The payload includes: symbol, side, entry, exit, leverage, P&L, computed indicators (RSI, ATR, trend), and a small chart image rendered server-side. We do NOT send your name, email, exchange account ID, or API keys. Anthropic does not train on API traffic by default.
Where data lives
Supabase (Postgres + Auth) — EU region (eu-central-1).
Fly.io — backend compute, EU region.
Upstash Redis — short-lived job queue.
Anthropic — for AI features only, per request, no storage.
Stripe — payment data only (handled by Stripe, not us).
Your rights
You can export all your data or delete your account anytime from Settings. Deletion is immediate and irreversible — encrypted API keys are purged, trades and insights wiped, email removed from Supabase Auth. Under GDPR you have rights of access, rectification, erasure, restriction, portability, and objection.