← Back to OrdrFlw
Privacy Policy
Last updated: April 11, 2026
Note: This is a template Privacy Policy. We recommend having it reviewed by a qualified attorney for full CCPA/GDPR compliance before relying on it.
OrdrFlw is operated by Parikh Vision LLC.
1. Information We Collect
| Data | Purpose | Storage |
|---|
| Username | Account identification | PostgreSQL (Railway) |
| Email address | Account recovery, support communication | PostgreSQL (Railway) |
| Password | Authentication | Hashed (PBKDF2-HMAC-SHA256) — never stored in plain text |
| Watchlist tickers | Your saved stock watchlist | PostgreSQL (Railway), per-user |
| Alpaca API keys (Pro) | Trade execution on your own brokerage | Encrypted (AES-256 Fernet) — never visible in plain text |
| Chat queries | Improve the chat bot, identify unanswered questions | PostgreSQL (Railway) |
| Feature requests / support tickets | Improve the product, resolve issues | PostgreSQL (Railway) |
| Followed politicians/insiders | Alert you on new filings | PostgreSQL (Railway) |
| Ticker usage frequency | Cache warming (make frequent lookups faster) | PostgreSQL (Railway) |
2. Information We Do NOT Collect
- We do not track your browsing outside this platform
- We do not sell your data to third parties
- We do not use third-party analytics trackers or advertising pixels
- We do not store your brokerage account balance, positions, or trade history on our servers (we only facilitate order submission via your encrypted keys)
3. How We Use Your Data
- Authentication: Username + hashed password to verify your identity
- Personalization: Per-user watchlist, followed politicians/insiders, theme preference
- Trade execution (Pro only): Your encrypted API keys are decrypted in-memory only at the moment of order submission, then discarded
- Product improvement: Chat queries and feature requests help us identify gaps
- Cache optimization: Ticker usage patterns let us pre-load frequently-searched stocks so everyone gets faster responses
4. Third-Party Services
We interact with the following third-party services to provide market data:
- Alpaca Markets — Stock quotes, bars, options data, trade execution
- NASDAQ — Earnings calendar data
- Yahoo Finance (yfinance) — Fallback price/metadata + news headlines
- Federal Reserve (federalreserve.gov) — FOMC meeting schedule
- U.S. House / Senate / SEC EDGAR — Congressional and insider stock disclosures
- TradingView — Embedded chart widgets
- Railway — Cloud hosting and PostgreSQL database
Each third-party service has its own privacy policy. We do not share your personal data (username, email, API keys) with any of these services except Alpaca (when you explicitly connect your keys for trade execution).
5. Data Security
- Passwords: hashed with PBKDF2-HMAC-SHA256 (irreversible)
- API keys: encrypted with AES-256 (Fernet) using a per-deployment secret
- Database: hosted on Railway's managed PostgreSQL (encrypted at rest)
- HTTPS: all traffic is encrypted in transit
- Sessions: server-side Flask sessions with secure cookies
6. Your Rights
Access your data
You can view your watchlist, followed entities, feature requests, and support tickets through the Platform interface. For a full data export, contact support@ordrflw.com.
Delete your data (CCPA / GDPR)
You may request complete deletion of your account and all associated data by:
- Submitting a support ticket through the Platform, OR
- Emailing support@ordrflw.com with subject "Data Deletion Request"
We will process deletion requests within 30 days. Deletion removes: your user account, watchlist, follows, alerts, chat history, feature requests, support tickets, and encrypted API keys.
Disconnect your brokerage
Pro users can delete their stored Alpaca API keys at any time through the Platform's settings (⚙ icon). This immediately removes the encrypted keys from our database and stops all automated trading.
7. Data Retention
- Active accounts: data retained while account is active
- Cancelled accounts: data retained for 30 days after cancellation, then permanently deleted
- Chat queries: retained for 90 days for product improvement, then anonymized
- Ticker usage: aggregated and anonymized — not linked to individual users
8. Children's Privacy
This Platform is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we learn we have collected data from a user under 18, we will delete it immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification. Continued use after changes constitutes acceptance.
10. Contact
For privacy-related questions or data requests:
support@ordrflw.com