Privacy Policy
Effective June 12, 2026 · Theta Beta
The Service is operated by Austin Norville as an individual. “Theta Beta” is the product name (not a separate legal entity).
1. Overview
Theta Beta (“we”, “our”, “us”) respects your privacy. This policy explains what data we collect, how we use it, and your rights. By using Theta Beta you agree to this policy.
We collect only what is necessary to provide the service and never sell your personal data to third parties.
The Service is operated by Austin Norville as an individual (“operator”). References to “we” include the operator.
2. Information we collect
When you create an account or sign in with Google, we collect your email address and name. This is handled by Supabase Auth and Google OAuth.
When you connect a supported brokerage account (currently Tastytrade, Schwab, Fidelity, Robinhood, E*TRADE & Webull, with others added over time), we import and store your transaction history, positions, and related account metadata you authorize through SnapTrade's OAuth2 infrastructure. This data is stored under your account in our Postgres database with row-level security and is intended to be visible only to you via the Service.
You may optionally import trade history via files or exports you upload (for example Schwab or Tastytrade CSV/JSON exports). Data in those imports originates from your own export files or records. You are responsible for complying with any terms that govern your brokerage or platform data. We store and process uploads only to provide journaling and analytics to you.
Brokerage OAuth tokens are managed by SnapTrade Technologies Inc. on your behalf. SnapTrade stores and encrypts credential material server-side per their security standards. The Service does not receive or store raw brokerage passwords — only the access tokens SnapTrade issues after you complete each broker's OAuth flow.
We do not currently run third-party analytics or advertising trackers. Standard server logs (IP address, timestamps, request paths) may be retained by our hosting provider for operational purposes.
If you submit an early access request, we store your name, email address, and optional message. This information is used solely to evaluate and process your request.
If you use the optional Feedback forms (/feedback), your text, optional reply email, and any screenshots are sent from our servers to Discord using private incoming webhooks for operator triage. You do not need a Discord account. Content may be visible to the operator in Discord and on Discord's infrastructure per Discord's terms.
3. How we use your data
- To provide and operate the Theta Beta service
- To sync your trade data from connected brokerages via SnapTrade on your request
- To parse and retain imported brokerage files (CSV/JSON exports) you provide
- To generate analytics, reports, and performance summaries displayed to you
- To authenticate your identity and secure your account
- To respond to support requests or access inquiries
We do not use your trade data or personal information for advertising or cross-user profiling.
4. Data sharing and subprocessors
We use third-party infrastructure to operate Theta Beta. Depending on configuration, subprocessors include:
| Service | Purpose | Data involved |
|---|---|---|
| Supabase | Database & authentication | Account info, journal/trade rows, session tokens |
| Railway | Application hosting | Server-side processing; application logs per provider defaults |
| Cloudflare | DNS / CDN / DDoS protection | IP address, TLS metadata, caching metadata |
| Google OAuth | Optional sign-in method | Email address, name (during sign-in only) |
| SnapTrade Technologies Inc. | Brokerage OAuth infrastructure | Brokerage OAuth tokens and account identifiers you authorize; SnapTrade holds credential material server-side |
| Supported brokerages (Tastytrade, Schwab, Fidelity, Robinhood, E*TRADE & Webull) | Optional trade data source | Transaction history and position data you authorize via SnapTrade OAuth |
| Discord | Internal triage of voluntary feedback | Text and images voluntarily submitted via /feedback (webhook delivery) |
We do not sell, rent, or trade your personal data. We share data only with subprocessors strictly as needed to provide the Service and as described above.
5. International transfers
Our infrastructure providers may process data in the United States (and transit through other jurisdictions as part of how the Internet and cloud providers operate). If you access the Service from outside the United States, you acknowledge that your information may be processed in the United States.
6. EU / UK GDPR-style rights
Depending on applicable law (including GDPR and UK GDPR), individuals may have rights to access, rectify, delete, restrict, or object to certain processing of personal data, and to portability where applicable.
Because Theta Beta is currently operated individually and lacks a staffed EU establishment, lawful bases and response procedures may vary — contact us below to submit a request.
Requests: austin@thetabeta.app. You may also have the right to lodge a complaint with your local supervisory authority where applicable law allows.
7. California (CCPA/CPRA-style) disclosures
We do not “sell” or “share” personal information as commonly defined under the California Consumer Privacy Act / CPRA categories for targeted advertising purposes. Categories of personal information we collect may include identifiers (name, email), commercial information relating to brokerage activity reflected in journals, and electronic network activity in server logs.
California residents may request access and deletion consistent with applicable law by contacting austin@thetabeta.app. We reserve the right to verify your request as permitted by law.
8. Data retention
Your data is retained while your account is active. If you request account deletion, we will delete your personal data and trading journal data associated with your account within 30 days, subject to lawful exceptions (backup retention, disputes, fraud prevention). Some minimally necessary logs may persist for a shorter or longer retention window per vendor policy.
9. Security
We aim to implement industry-standard security controls for a small SaaS product, including:
- TLS for data in transit
- AES-256-GCM encryption for stored brokerage credentials (where encryption is applied)
- Database row-level security and authenticated access boundaries
- Server-side custody of privileged tokens and secrets — not exposing them intentionally to browsers
No system is 100% secure. Reports: austin@thetabeta.app.
10. Your rights (general)
You may request:
- Access to the personal data we hold about you
- Correction of inaccurate profile data where technically feasible
- Deletion of your account and associated data (subject to legal exceptions)
- Export of journal-related data where available via the product
Contact austin@thetabeta.app.
11. Cookies
We use strictly necessary cookies to maintain authenticated sessions when you choose to remain signed in (and optionally a site unlock cookie during certain hosting configurations). Details: /cookies.
12. Children
The Service is not directed at children under 18. If you believe a minor has supplied personal data through the Service, contact us immediately.
13. Changes to this policy
We may update this policy periodically. For material changes, we will endeavor to notify active users by email. Continued use after the effective posted date constitutes acknowledgment of updates where permitted by applicable law.
14. Contact
Privacy inquiries: austin@thetabeta.app