Legal
Privacy Policy
Last updated: May 2026
Overview
Vigil ("we", "us", "our") operates the runvigil.app website and AI trade rule compliance platform. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
Data We Collect
We collect the following categories of personal data:
- Account information -- your email address, used for authentication via magic link.
- Trading rules -- the text-based rules you create or select within the platform.
- Trade data -- symbol, entry/exit prices, P&L, and other trade metadata you submit for auditing.
- Chart screenshots -- images you upload for AI-powered trade audits.
How We Use Your Data
- To authenticate you and provide the Vigil platform.
- To run AI audits on your trades against your configured rules.
- To display your compliance history, analytics, and dashboard.
- To send transactional emails (e.g., magic link login).
- To improve the platform using anonymized, aggregated analytics.
Data Storage
Your account data, trade data, and screenshots are stored in Neon Postgres and Cloudflare R2. The website is served via Cloudflare Pages (global CDN).
Screenshot Handling
- Free tier: Screenshots are processed in-memory only and are never stored on our servers.
- Paid tiers: Screenshots are stored in Cloudflare R2 with a 90-day retention period. You can delete them at any time from your dashboard.
AI Processing
When you run an AI audit, your trade data and chart screenshots are sent server-side to our AI provider (Kimi / OpenRouter) for analysis. Screenshots are compressed before transmission. The AI provider processes the data to generate audit verdicts and does not retain your data after processing.
Third-Party Services
We share data with the following third parties as needed to operate the service:
- Stripe -- payment processing. Stripe receives your email and payment details. See Stripe's Privacy Policy.
- PostHog -- analytics. Collects anonymized usage data via cookies. You can decline analytics cookies via our cookie consent banner.
- OpenRouter / Kimi -- AI audit processing. Your trade data and screenshots are sent server-side to these providers for AI analysis. Data is not retained after processing.
- Beehiiv -- marketing emails. If you subscribe to our newsletter, your email is shared with Beehiiv for delivery.
Cookies and Local Storage
We use necessary browser storage for login, security, referral attribution, affiliate attribution, and basic product preferences. Optional analytics, advertising measurement, session replay, heatmaps, and chat tools load only after you choose "Accept all" in the cookie banner. Choosing "Necessary only" prevents PostHog, Google Ads/GA4, and Crisp chat from loading.
| Name | Type | Purpose | Duration | Category |
|---|---|---|---|---|
| vigil-cookie-consent | localStorage | Stores your cookie choice. | Until cleared | Necessary |
| vigil_ref | Cookie | User referral attribution. | 30 days | Necessary attribution |
| vigil_aff | Cookie | Affiliate attribution for commissions. | 90 days | Necessary attribution |
| vigil_utm_first / vigil_utm_last | localStorage | First-touch and last-touch campaign attribution. | Until cleared | Necessary attribution |
| vigil_first_touch_page | localStorage | First landing page attribution. | Until cleared | Necessary attribution |
| Supabase auth storage | localStorage | Keeps you signed in. | Session dependent | Necessary |
| PostHog | Cookie/localStorage | Analytics, experiments, replay, performance, and heatmaps. | PostHog controlled | Optional analytics |
| Google Ads / GA4 | Cookie | Ad conversion and aggregate analytics measurement. | Google controlled | Optional marketing |
| Crisp | Cookie/localStorage | Support chat. | Crisp controlled | Optional support |
We do not sell your data. You can update your optional-cookie choice at any time: .
Your Rights (GDPR)
If you are in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:
- Access -- request a copy of the personal data we hold about you.
- Rectification -- request correction of inaccurate data.
- Erasure -- request deletion of your personal data.
- Portability -- request your data in a machine-readable format.
- Objection -- object to processing of your data for specific purposes.
Data Deletion
You can delete your account and all associated data at any time from Settings > Delete Account. This permanently removes your email, trading rules, trade data, and any stored screenshots. Deletion is irreversible.
Data Retention
We retain your data for as long as your account is active. If you delete your account, all data is removed within 30 days. Screenshots on paid tiers are automatically deleted after 90 days unless you delete them sooner.
Security
We use industry-standard security measures including encrypted connections (TLS), row-level security on our database, and secure authentication via magic links. No passwords are stored.
Children
Vigil is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors.
Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you via the email associated with your account. Continued use of the platform after changes constitutes acceptance.
Contact
For privacy-related questions or to exercise your rights, contact us at [email protected].