mkts

Privacy Policy

Last updated: February 3, 2026

1. Information We Collect

We collect the following information when you use mkts:

  • Account information — email address and hashed password (via bcrypt).
  • Portfolio data — asset holdings, transaction history, and watchlist selections you create.
  • AI usage metrics — query counts and tier information for enforcing usage limits.
  • Theme preferences — stored locally in your browser via localStorage.

2. Payment Data

All payment processing is handled by Stripe. We do not store credit card numbers, CVVs, or other sensitive payment details on our servers. We only retain your Stripe customer ID and subscription status to manage your account tier.

3. How We Use Your Data

  • Account authentication and session management.
  • Portfolio tracking and watchlist functionality.
  • AI-powered market analysis features.
  • Email verification and account-related communications.
  • Enforcing usage limits and subscription management.

4. Data Storage

Your account data, portfolio holdings, and usage metrics are stored in AWS DynamoDB. Data is stored securely with encryption at rest and in transit. We retain your data for as long as your account is active.

5. Third-Party Services

We use the following third-party services:

  • Stripe — payment processing and subscription management.
  • CoinGecko — cryptocurrency market data.
  • Yahoo Finance — stock, ETF, and commodity market data.
  • Resend — transactional email delivery (verification emails).
  • AI/LLM provider — powers the AI-driven market analysis features.

Each third-party service operates under its own privacy policy. We only share the minimum data necessary for each service to function.

6. Cookies & Local Storage

  • Session cookie — a next-auth session cookie is used to maintain your authenticated session.
  • Theme preference — your light/dark mode preference is stored in localStorage and never sent to our servers.

7. Data Retention & Deletion

Your data is retained for as long as your account remains active. You may request deletion of your account and all associated data at any time by contacting us. Upon account deletion, your personal data, portfolio holdings, and usage history will be permanently removed from our systems within 30 days.

8. Security Measures

We implement the following security measures to protect your data:

  • Passwords are hashed using bcrypt before storage.
  • API rate limiting to prevent abuse.
  • Input validation and sanitization on all endpoints.
  • HTTPS encryption for all data in transit.

9. Children's Privacy

mkts is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice within the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy, please contact us at support@mkts.com.