Privacy policy

Effective 2026-04-29. We collect the minimum required to run the service.

What we collect

• Email address — when you join the waitlist or subscribe to Pro
• Stripe customer ID — when you subscribe (Stripe handles the actual payment data; we never see your card)
• API key + call count — for rate limiting and tier enforcement
• Server logs — IP address, request timestamps, endpoints called (standard 30-day retention)

What we don't collect

• No cookies for tracking. The site uses no analytics scripts, no Facebook pixel, no Google Analytics.
• No card numbers, bank info, or financial credentials. Stripe handles all payment processing.
• No personal identifying info beyond email.
• No third-party data brokers, no ad-networks, no behavioral profiles.

Where it lives

• Email + API keys: SQLite database on Railway-hosted application server (US, encrypted at rest)
• Mirror of email-only waitlist: Cloudflare KV (global edge, encrypted at rest)
• Stripe handles payment data per their privacy policy
• Server logs: Railway's standard log retention (30 days)

What we share

Nothing with anyone, except as required by US law. We do not sell, rent, or trade your data.

Your rights

• Access: email hello@wolfx.trade and we'll send you everything we have on you within 7 days
• Deletion: same email, same response time. We delete the email address, API keys, and call counts. Stripe records of past transactions remain per their retention policy and tax law.
• Export: same email, same response time. We send a JSON dump of your data.

Security

Passwords don't apply — we don't have password-based auth. API keys are 36-character UUIDs and rate-limited per tier. The server enforces HTTPS-only with valid TLS. Cloudflare WAF in front of the public surface.

Changes

If we change this policy materially, we'll email Pro subscribers and date-stamp the change. The new policy takes effect 30 days from notice.

Questions: hello@wolfx.trade