Privacy Policy
Last Updated: November 29, 2025
RileyAI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and related services.
Summary: We collect only the data necessary to provide our AI trading analysis service. We never store your actual trading credentials or execute trades on your behalf. Your data is encrypted and protected using industry-standard security measures.
1. Information We Collect
1.1 Account Information
When you create a RileyAI account, we collect:
- Email address
- Name (optional)
- Password (stored as a secure hash - we never store your actual password)
- Account preferences and settings
1.2 Usage Data
When you use RileyAI, we automatically collect:
- Session activity (start time, duration, symbols analyzed)
- Features used (chat messages, confluence analysis, snapshots)
- Trading symbols and timeframes you view
- Analysis requests and responses
- Timestamps of interactions
1.3 Financial Data (Optional - Plaid Integration)
If you choose to connect a brokerage account via Plaid:
- Read-only access to portfolio holdings and positions
- Account balances and performance data
- We NEVER store your brokerage login credentials
- We CANNOT execute trades or transfer funds
- All access is read-only and can be revoked at any time
1.4 Device Information
We may collect:
- Browser type and version
- Operating system
- Extension version
- General location (country/region, not precise location)
2. How We Use Your Information
We use collected information to:
- Provide and improve our AI trading analysis service
- Generate personalized market insights and coaching
- Process your subscription and payments
- Send service-related communications
- Analyze usage patterns to improve features
- Prevent fraud and ensure security
- Comply with legal obligations
3. Data Storage and Security
3.1 Local Storage
We use Chrome's local storage (chrome.storage.local) to store:
- Authentication tokens
- Session preferences
- UI settings (panel position, size)
3.2 Server Storage
Your data is stored on secure servers hosted by Railway with:
- PostgreSQL database with encryption at rest
- TLS/SSL encryption for all data in transit
- Regular security audits and updates
- Automated backups
3.3 What We Do NOT Store
- Your brokerage login credentials
- Raw bank account information
- Credit card numbers (handled by Stripe)
- Your actual trading orders or executions
4. Third-Party Services
We share data with the following third-party services to provide our service:
4.1 Anthropic (Claude AI)
Your chat messages and analysis requests are processed by Anthropic's Claude AI. Messages are sent to generate responses and are subject to Anthropic's Privacy Policy.
4.2 Stripe
Payment processing is handled by Stripe. Your payment information is sent directly to Stripe and is subject to Stripe's Privacy Policy.
4.3 Plaid
If you connect a brokerage account, the connection is facilitated by Plaid. Data is subject to Plaid's Privacy Policy.
4.4 Alpaca
Market data is provided by Alpaca Markets. Subject to Alpaca's Privacy Policy.
4.5 Railway
Our servers are hosted on Railway. Subject to Railway's Privacy Policy.
5. Your Rights
Depending on your location, you may have the following rights under GDPR, CCPA, and other privacy laws:
5.1 Right to Access
You can request a copy of all personal data we hold about you.
5.2 Right to Deletion
You can request deletion of your account and all associated data. Some data may be retained for legal compliance.
5.3 Right to Correction
You can request correction of inaccurate personal data.
5.4 Right to Data Portability
You can request your data in a portable format (JSON/CSV).
5.5 Right to Opt-Out
You can opt-out of non-essential data collection and marketing communications.
5.6 How to Exercise Your Rights
To exercise any of these rights, contact us at privacy@askrileyai.com. We will respond within 30 days.
6. Data Retention
- Session data: Retained for 90 days, then automatically deleted
- Chat history: Retained for 90 days, then automatically deleted
- Account data: Retained until you request account deletion
- Payment history: Retained for 7 years per legal requirements
- Plaid connections: Can be revoked at any time through your account settings
7. Cookies and Tracking
RileyAI uses:
- Authentication tokens: Essential for maintaining your login session
- Functional cookies: To remember your preferences
We do NOT use:
- Third-party advertising cookies
- Cross-site tracking
- Social media tracking pixels
8. Children's Privacy
RileyAI is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.
9. International Data Transfers
Your data may be transferred to and processed in the United States. By using RileyAI, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification for significant changes
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@askrileyai.com
- General inquiries: hello@askrileyai.com
California Residents: Under the CCPA, you have specific rights regarding your personal information. We do not sell your personal information. To exercise your CCPA rights, contact us at privacy@askrileyai.com.
EU/EEA Residents: Under GDPR, you have rights including access, rectification, erasure, and data portability. Our legal basis for processing is contract performance and legitimate interests. Contact our data protection representative at privacy@askrileyai.com.