1. Information We Collect
Account Information
- Email address (for account authentication)
- Password (encrypted and stored by Firebase Authentication — we never see plain-text passwords)
- Account creation date and last login timestamp
- User ID (automatically generated by Firebase)
Usage Data
- Favorite strategies and saved entry prices
- App preferences and filter settings
- Device information (type, OS version, app version) — for crash diagnosis only
- FCM push notification token (scoped per user-device pair, for push alerts)
- Error logs (timestamps and error types for debugging, retained 30 days)
Subscription Information
- Subscription status (active, expired, cancelled)
- Subscription type (monthly, annual)
- Purchase dates and renewal dates
- Transaction IDs (managed by Apple / Google and RevenueCat)
2. How We Use Your Information
We use collected information to:
- Provide and maintain app functionality
- Authenticate your account and verify your identity
- Sync favorites and preferences across your devices
- Process and verify subscription status
- Send push notifications for exit score alerts (premium only)
- Improve app performance and diagnose bugs
- Ensure security and prevent fraud or abuse
- Communicate important updates about the app or your account
- Comply with legal obligations
3. Third-Party Services
Firebase (Google)
We use Firebase for authentication and data storage:
- Email and encrypted password stored by Firebase Authentication
- Favorites and preferences stored in Firebase Firestore
- All data encrypted in transit (HTTPS/TLS) and at rest
- Hosted on Google Cloud Platform with industry-standard security
RevenueCat
We use RevenueCat to manage in-app subscriptions:
- Processes subscription events from Apple App Store and Google Play Store
- Stores subscription status, purchase dates, and transaction IDs
- Does NOT store payment card information (handled entirely by Apple/Google)
- Provides cross-platform subscription management
Apple App Store & Google Play Store
Payment processing is handled directly by Apple and Google. We never see or store your payment information. Subscriptions are subject to Apple's and Google's respective privacy policies and terms of service.
4. What We Do NOT Collect
To protect your privacy and security, we do NOT collect:
- Your brokerage account credentials, API keys, or trading passwords
- Your actual trading activity, open positions, or portfolio data
- Your financial information (income, net worth, bank accounts)
- Credit card or payment information (handled by Apple/Google)
- Precise GPS location data
- Contact lists, photos, microphone, or camera data
- Browsing history outside this app
- Social media profiles or connections
5. Data Retention
- Account Data: Retained while your account is active and for 90 days after deletion
- Usage & Error Logs: Retained for 30 days for debugging purposes
- Subscription Data: Retained for 7 years to comply with financial regulations
- Push Notification Tokens: Retained while you're signed in; removed on sign-out
- Anonymised Analytics: May be retained indefinitely for statistical purposes
6. Data Security
We implement industry-standard security measures:
- All data encrypted in transit using HTTPS/TLS
- Data encrypted at rest on Firebase servers
- Passwords hashed and salted by Firebase — never stored in plain text
- Push notification tokens scoped per user to prevent cross-account contamination
- Firestore security rules enforce that users can only read/write their own data
- Regular dependency updates and security reviews
7. Your Privacy Rights
Depending on your location, you have the following rights:
All Users
- Access: View the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and data (via Settings → Delete Account in the app)
- Export: Request a copy of your data in a portable format (JSON)
- Opt-out: Disable non-essential communications at any time
GDPR (EU) & CCPA (California)
- Right to be Forgotten: Complete deletion of all personal data
- Data Portability: Receive your data in machine-readable format
- Object to Processing: Object to certain data processing activities
- Withdraw Consent: Withdraw consent at any time
To exercise any of these rights, contact us at hello@leadifyai.ca or use the in-app contact form.
8. Children's Privacy
9. International Users & Data Transfers
Your data may be transferred to and processed in countries outside your residence, including the United States (where Firebase and RevenueCat servers are located). By using this app, you consent to these transfers. We ensure adequate safeguards are in place for international data transfers in compliance with GDPR and other applicable regulations.
10. Cookies and Tracking
This app does NOT use third-party advertising cookies or tracking technologies. We only use:
- Essential session tokens: Required for Firebase authentication (auto-expire on sign-out)
- Local storage: Stores preferences locally on your device only
- No third-party analytics: We do not use Google Analytics or similar tracking services
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted here and in the app with an updated "Last Updated" date. Material changes will be communicated via email or in-app notification. Continued use of the app after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or need to exercise your data rights:
- Email: hello@leadifyai.ca
- Response time: Within 48 business hours
- Developer: Leadify AI, Canada
- App: Option Lens
You can also use the Contact Us form on this website.