1. Information We Collect
We collect the following types of information:
- Account Information: Email address, password (hashed), and account preferences
- Portfolio Data: ETF symbols, share quantities, and target allocations you provide
- Brokerage Credentials: If you connect a brokerage account, we store encrypted access tokens (never your login password)
- Usage Data: Alert history, login times, and feature usage
- Payment Information: Processed securely by Stripe; we do not store your full card number
2. How We Use Your Information
We use your information to:
- Provide portfolio monitoring and rebalancing alerts
- Send contribution reminders based on your schedule
- Sync portfolio data from connected brokerage accounts
- Process subscription payments
- Send service-related communications
- Improve and maintain our service
3. Data Sharing
We do not sell your personal information. We share data only with:
- Payment Processor: Stripe, to process subscription payments
- Email Service: Resend, to deliver alerts and notifications
- Brokerage APIs: Questrade (if you connect your account), to fetch portfolio data
- Hosting Providers: Railway and Vercel, to run our service
We may also disclose information if required by law or to protect our rights.
4. Data Security
We implement industry-standard security measures including:
- Password hashing using bcrypt with SHA-256 pre-hash
- Encryption of sensitive data (brokerage tokens) using Fernet encryption
- HTTPS for all data transmission
- Secure, HTTP-only cookies for authentication
- Regular security updates and monitoring
5. Cookies
We use essential cookies to maintain your session and authentication state. We do not use advertising or tracking cookies. Our cookies are HTTP-only and secure, meaning they cannot be accessed by JavaScript and are only transmitted over HTTPS.
6. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate information
- Delete your account and associated data
- Export your data
- Disconnect brokerage integrations at any time
To exercise these rights, contact us at support@viati.ca or use the settings in your account dashboard.
7. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.
8. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes via email or through the service. Continued use of Viatica after changes take effect constitutes acceptance of the revised policy.
9. Contact
If you have questions about this Privacy Policy or how we handle your data, please contact us at support@viati.ca.