Theta BetaSign in
← Back

Privacy Policy

Effective June 12, 2026 · Theta Beta

The Service is operated by Austin Norville as an individual. “Theta Beta” is the product name (not a separate legal entity).

1. Overview

Theta Beta (“we”, “our”, “us”) respects your privacy. This policy explains what data we collect, how we use it, and your rights. By using Theta Beta you agree to this policy.

We collect only what is necessary to provide the service and never sell your personal data to third parties.

The Service is operated by Austin Norville as an individual (“operator”). References to “we” include the operator.

2. Information we collect

Account information

When you create an account or sign in with Google, we collect your email address and name. This is handled by Supabase Auth and Google OAuth.

Trade data (brokerage sync via SnapTrade)

When you connect a supported brokerage account (currently Tastytrade, Schwab, Fidelity, Robinhood, E*TRADE & Webull, with others added over time), we import and store your transaction history, positions, and related account metadata you authorize through SnapTrade's OAuth2 infrastructure. This data is stored under your account in our Postgres database with row-level security and is intended to be visible only to you via the Service.

Imported brokerage files (CSV and similar)

You may optionally import trade history via files or exports you upload (for example Schwab or Tastytrade CSV/JSON exports). Data in those imports originates from your own export files or records. You are responsible for complying with any terms that govern your brokerage or platform data. We store and process uploads only to provide journaling and analytics to you.

Brokerage credentials (via SnapTrade)

Brokerage OAuth tokens are managed by SnapTrade Technologies Inc. on your behalf. SnapTrade stores and encrypts credential material server-side per their security standards. The Service does not receive or store raw brokerage passwords — only the access tokens SnapTrade issues after you complete each broker's OAuth flow.

Usage data

We do not currently run third-party analytics or advertising trackers. Standard server logs (IP address, timestamps, request paths) may be retained by our hosting provider for operational purposes.

Early access requests

If you submit an early access request, we store your name, email address, and optional message. This information is used solely to evaluate and process your request.

Voluntary feedback (bugs / features)

If you use the optional Feedback forms (/feedback), your text, optional reply email, and any screenshots are sent from our servers to Discord using private incoming webhooks for operator triage. You do not need a Discord account. Content may be visible to the operator in Discord and on Discord's infrastructure per Discord's terms.

3. How we use your data

  • To provide and operate the Theta Beta service
  • To sync your trade data from connected brokerages via SnapTrade on your request
  • To parse and retain imported brokerage files (CSV/JSON exports) you provide
  • To generate analytics, reports, and performance summaries displayed to you
  • To authenticate your identity and secure your account
  • To respond to support requests or access inquiries

We do not use your trade data or personal information for advertising or cross-user profiling.

4. Data sharing and subprocessors

We use third-party infrastructure to operate Theta Beta. Depending on configuration, subprocessors include:

ServicePurposeData involved
SupabaseDatabase & authenticationAccount info, journal/trade rows, session tokens
RailwayApplication hostingServer-side processing; application logs per provider defaults
CloudflareDNS / CDN / DDoS protectionIP address, TLS metadata, caching metadata
Google OAuthOptional sign-in methodEmail address, name (during sign-in only)
SnapTrade Technologies Inc.Brokerage OAuth infrastructureBrokerage OAuth tokens and account identifiers you authorize; SnapTrade holds credential material server-side
Supported brokerages (Tastytrade, Schwab, Fidelity, Robinhood, E*TRADE & Webull)Optional trade data sourceTransaction history and position data you authorize via SnapTrade OAuth
DiscordInternal triage of voluntary feedbackText and images voluntarily submitted via /feedback (webhook delivery)

We do not sell, rent, or trade your personal data. We share data only with subprocessors strictly as needed to provide the Service and as described above.

5. International transfers

Our infrastructure providers may process data in the United States (and transit through other jurisdictions as part of how the Internet and cloud providers operate). If you access the Service from outside the United States, you acknowledge that your information may be processed in the United States.

6. EU / UK GDPR-style rights

Depending on applicable law (including GDPR and UK GDPR), individuals may have rights to access, rectify, delete, restrict, or object to certain processing of personal data, and to portability where applicable.

Because Theta Beta is currently operated individually and lacks a staffed EU establishment, lawful bases and response procedures may vary — contact us below to submit a request.

Requests: austin@thetabeta.app. You may also have the right to lodge a complaint with your local supervisory authority where applicable law allows.

7. California (CCPA/CPRA-style) disclosures

We do not “sell” or “share” personal information as commonly defined under the California Consumer Privacy Act / CPRA categories for targeted advertising purposes. Categories of personal information we collect may include identifiers (name, email), commercial information relating to brokerage activity reflected in journals, and electronic network activity in server logs.

California residents may request access and deletion consistent with applicable law by contacting austin@thetabeta.app. We reserve the right to verify your request as permitted by law.

8. Data retention

Your data is retained while your account is active. If you request account deletion, we will delete your personal data and trading journal data associated with your account within 30 days, subject to lawful exceptions (backup retention, disputes, fraud prevention). Some minimally necessary logs may persist for a shorter or longer retention window per vendor policy.

9. Security

We aim to implement industry-standard security controls for a small SaaS product, including:

  • TLS for data in transit
  • AES-256-GCM encryption for stored brokerage credentials (where encryption is applied)
  • Database row-level security and authenticated access boundaries
  • Server-side custody of privileged tokens and secrets — not exposing them intentionally to browsers

No system is 100% secure. Reports: austin@thetabeta.app.

10. Your rights (general)

You may request:

  • Access to the personal data we hold about you
  • Correction of inaccurate profile data where technically feasible
  • Deletion of your account and associated data (subject to legal exceptions)
  • Export of journal-related data where available via the product

Contact austin@thetabeta.app.

11. Cookies

We use strictly necessary cookies to maintain authenticated sessions when you choose to remain signed in (and optionally a site unlock cookie during certain hosting configurations). Details: /cookies.

12. Children

The Service is not directed at children under 18. If you believe a minor has supplied personal data through the Service, contact us immediately.

13. Changes to this policy

We may update this policy periodically. For material changes, we will endeavor to notify active users by email. Continued use after the effective posted date constitutes acknowledgment of updates where permitted by applicable law.

14. Contact

Privacy inquiries: austin@thetabeta.app

AboutContactFeedbackSecurityTerms of ServicePrivacy PolicyCookie Policy