Privacy Policy

Vigil ("we", "us", "our") operates the runvigil.app website and AI trade rule compliance platform. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

We collect the following categories of personal data:

• Account information -- your email address, used for authentication via magic link.
• Trading rules -- the text-based rules you create or select within the platform.
• Trade data -- symbol, entry/exit prices, P&L, and other trade metadata you submit for auditing.
• Chart screenshots -- images you upload for AI-powered trade audits.

• To authenticate you and provide the Vigil platform.
• To run AI audits on your trades against your configured rules.
• To display your compliance history, analytics, and dashboard.
• To send transactional emails (e.g., magic link login).
• To improve the platform using anonymized, aggregated analytics.

Your account data, trade data, and screenshots are stored in Supabase (US-East, Virginia). The website is served via Cloudflare Pages (global CDN).

• Free tier: Screenshots are processed in-memory only and are never stored on our servers.
• Paid tiers: Screenshots are stored in Supabase Storage with a 90-day retention period. You can delete them at any time from your dashboard.

When you run an AI audit, your trade data and chart screenshots are sent server-side to our AI provider (Kimi / OpenRouter) for analysis. Screenshots are compressed before transmission. The AI provider processes the data to generate audit verdicts and does not retain your data after processing.

We share data with the following third parties as needed to operate the service:

• Stripe -- payment processing. Stripe receives your email and payment details. See Stripe's Privacy Policy.
• PostHog -- analytics. Collects anonymized usage data via cookies. You can decline analytics cookies via our cookie consent banner.
• OpenRouter / Kimi -- AI audit processing. Your trade data and screenshots are sent server-side to these providers for AI analysis. Data is not retained after processing.
• Beehiiv -- marketing emails. If you subscribe to our newsletter, your email is shared with Beehiiv for delivery.

We use cookies for analytics (PostHog). These cookies help us understand how the platform is used so we can improve it. You can accept or decline analytics cookies via the cookie consent banner shown on your first visit. If you decline, no analytics cookies are set and PostHog is not initialized.

We do not use advertising cookies or sell your data to advertisers.

If you are in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:

• Access -- request a copy of the personal data we hold about you.
• Rectification -- request correction of inaccurate data.
• Erasure -- request deletion of your personal data.
• Portability -- request your data in a machine-readable format.
• Objection -- object to processing of your data for specific purposes.

You can delete your account and all associated data at any time from Settings > Delete Account. This permanently removes your email, trading rules, trade data, and any stored screenshots. Deletion is irreversible.

We retain your data for as long as your account is active. If you delete your account, all data is removed within 30 days. Screenshots on paid tiers are automatically deleted after 90 days unless you delete them sooner.

We use industry-standard security measures including encrypted connections (TLS), row-level security on our database, and secure authentication via magic links. No passwords are stored.

Vigil is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors.

We may update this Privacy Policy from time to time. For material changes, we will notify you via the email associated with your account. Continued use of the platform after changes constitutes acceptance.

For privacy-related questions or to exercise your rights, contact us at [email protected].