Privacy Policy
Last updated: March 11, 2026
Summary: We collect minimal data. We do not sell your personal information. Your trade journal data and portfolio information are stored locally in your browser. We use cookies only for authentication and analytics.
1. Introduction
This Privacy Policy describes how DORSAM ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our platform.
This policy complies with the Brazilian General Data Protection Law (LGPD — Lei nº 13.709/2018) and is aligned with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Data We Collect
| Data Type | What | Purpose | Storage |
|---|---|---|---|
| Account Data | Email, display name, hashed password | Authentication | Server (encrypted) |
| Usage Data | Tickers analyzed, pages visited, feature usage | Rate limiting, analytics | Server (anonymized) |
| Preferences | Language, theme, watchlists | Personalization | Server |
| Trade Data | Trade journal entries, CSV uploads | Portfolio analysis | Browser only (localStorage) |
| Analytics | IP address, browser type, device info | Service improvement | Google Analytics (anonymized) |
3. Data We Do NOT Collect
- Brokerage credentials — We never ask for or store your brokerage login.
- Bank or payment card details — Payments are processed by our third-party payment processor (Stripe). We do not store your card number.
- Social Security or tax ID numbers
- Personal financial portfolio values — Trade data stays in your browser's local storage.
4. How We Use Your Data
We use collected data exclusively for:
- Providing the Service: Authentication, analysis delivery, feature access control
- Improving the Service: Understanding usage patterns to improve features
- Communication: Sending service updates, security notices, and (only if opted in) marketing emails
- Legal compliance: Responding to lawful requests from authorities
We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.
5. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Google Analytics 4 | Website analytics | Anonymized usage data, IP (truncated) |
| Stripe | Payment processing | Email, payment information |
| Financial Modeling Prep (FMP) | Market data provider | Ticker symbols (no personal data) |
| Streamlit Cloud | App hosting | Session data |
Each third-party service has its own privacy policy. We encourage you to review them.
6. Cookies and Local Storage
We use:
- Session cookies: For authentication (essential, cannot be disabled)
- Analytics cookies: Google Analytics for usage tracking (can be blocked via browser settings)
- Local storage: For trade journal data, preferences, and cached analysis results. This data never leaves your browser.
7. Data Security
We implement industry-standard security measures including:
- Password hashing (bcrypt)
- HTTPS encryption for all data in transit
- Rate limiting on authentication endpoints
- Input sanitization and XSS protection
- Regular security audits
However, no system is 100% secure. We cannot guarantee absolute security of your data.
8. Your Rights (LGPD / GDPR)
Under applicable data protection laws, you have the right to:
- Access: Request a copy of all personal data we hold about you
- Rectification: Correct any inaccurate personal data
- Deletion: Request deletion of your account and all associated data
- Portability: Receive your data in a machine-readable format
- Restriction: Restrict processing of your data
- Objection: Object to processing of your data for marketing purposes
- Withdraw consent: Withdraw consent for data processing at any time
To exercise any of these rights, contact us at [email protected]. We will respond within 15 business days (LGPD) or 30 calendar days (GDPR).
9. Data Retention
- Account data: Retained for the duration of your account. Deleted within 30 days of account deletion request.
- Usage data: Anonymized after 12 months.
- Analytics data: Retained by Google Analytics per their data retention settings (default: 14 months).
- Trade data: Stored in your browser only. Cleared when you clear your browser data.
10. Children's Privacy
DORSAM is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it immediately.
11. International Data Transfers
Your data may be processed in countries outside your country of residence, including the United States (for hosting and third-party services). We ensure adequate data protection safeguards are in place in accordance with LGPD and GDPR requirements.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top of this page reflects the most recent revision.
13. Data Protection Officer (Encarregado)
In compliance with LGPD (Art. 41), our Data Protection Officer can be contacted at:
Email: [email protected]
14. Contact
For any privacy-related questions or concerns:
Email: [email protected]
Note: This Privacy Policy is provisional and provided in good faith. We recommend consulting with a legal professional for jurisdiction-specific compliance requirements.