BANGERlegal
Last updated: 2026-05-09

Privacy Policy

1. Summary

Banger collects the minimum data needed to operate your account, run your strategies, and bill you accurately. We never sell your data, never share your strategy code outside what you explicitly publish to the marketplace, and never have access to plaintext venue private keys.

2. What we collect

  • Account data — your email address, display name, and authentication identifiers, all received through Clerk.
  • Billing data — your subscription tier and a Stripe customer ID. Card numbers and full payment details are handled by Stripe and never touch our servers.
  • Strategy data — the Python source code of any strategy you upload, parameter overrides on cloned strategies, and the deployment configurations you create.
  • Trading activity — orders, fills, and performance snapshots generated by your deployments. We retain this for the lifetime of your account so the dashboard can show historical performance.
  • Encrypted venue credentials — your venue API keys and private keys, encrypted at rest with AES-256-GCM and per-user derived keys. We do not have plaintext access; the decryption keys are derived inside the runtime container that executes your strategy.
  • Usage analytics — pageviews, click events, and session replays via PostHog (with input masking enabled by default). Used to improve product flows; never sold.
  • Logs — error reports and structured logs from your strategy runtime, retained for 30 days for debugging.

3. How we use your data

  • To operate, secure, and improve the Banger service.
  • To bill your subscription and metered usage.
  • To send transactional email (account changes, billing receipts, security alerts).
  • To respond to your support requests.
  • To enforce our Terms of Service and prevent abuse.
  • To comply with our legal obligations.

We do not use your strategy code, trading activity, or venue credentials for any purpose other than running your deployments and showing them back to you on your dashboard.

4. Subprocessors

We share narrowly-scoped data with the following service providers in order to operate Banger:

  • Clerk — authentication and session management.
  • Neon — managed Postgres database.
  • Vercel — web application hosting.
  • Modal — strategy runtime execution.
  • Stripe — payment processing.
  • PostHog — product analytics and session replay.
  • Anthropic — Claude API for the in-browser AI strategy authoring feature. Only the prompt you type and the generated code pass through Anthropic. We do not send your strategy library, account data, or trading activity.
  • Sendgrid or equivalent — transactional email (when configured).

5. What we never do

  • Sell your personal data.
  • Share your strategy code outside the marketplace strategies you explicitly publish.
  • Have plaintext access to your venue private keys.
  • Trade on your behalf or take any position in markets we operate against.

6. Cookies

We use cookies for session authentication (set by Clerk), feature flags and analytics (PostHog), and remembering small UI preferences. We do not use third-party advertising cookies.

7. Your rights

You may at any time:

  • View your data in the dashboard.
  • Export your strategy library and deployment history (request via support).
  • Delete your account, which removes your account data within 30 days.
  • Opt out of analytics by using a browser-level Do Not Track signal or contacting us.

EU/UK residents have additional rights under GDPR, including the right to object to processing, the right to data portability, and the right to lodge a complaint with a supervisory authority. California residents have rights under the CCPA. To exercise these rights, contact privacy@banger.fi.

8. Data retention

We retain your account and strategy data for as long as your account is active. After account deletion, we hard-delete personal data within 30 days, except where retention is required by law (typically tax records: 7 years).

9. Security

We use industry-standard practices: TLS in transit, encrypted database connections, AES-256-GCM envelope encryption for venue credentials, secure session cookies, and least-privilege access controls within our infrastructure. No system is perfectly secure; if you believe your account has been compromised, contact us atsecurity@banger.fi immediately.

10. International transfers

Banger’s infrastructure is hosted primarily in the United States (us-east-1). Our subprocessors may process data in their own regions (e.g. Anthropic in the US). By using Banger you consent to your data being processed in those locations.

11. Children

Banger is not directed at children under 18 (or the age of majority in your jurisdiction) and we do not knowingly collect data from them. If you believe we have inadvertently collected data from a minor, contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email and posted here at least 14 days before taking effect.

13. Contact

Privacy questions: privacy@banger.fi