Privacy Policy
How AlphaWeg collects, uses, and protects information. Our authorization model is scoped, revocable, and encrypted: we never collect your broker password, and we cannot move or withdraw your funds.
This Privacy Policy explains how AlphaWeg (Amit Wegner), Amit Wegner, an individual sole proprietor (Osek Murshe) registered in Israel ("AlphaWeg," "AlphaWeg," "we," "us," or "our"), collects, uses, and protects information in connection with the AlphaWeg software and decision-support service (the "Service"). By using the Service, you acknowledge this Policy.
1. Information We Collect
1.1 Account and contact information. Information you provide when registering or communicating with us, such as your name, email address, and account settings and preferences.
1.2 OAuth tokens and connection data. When you connect a brokerage account, we receive and store a delegated authorization token (for example, an OAuth access and/or refresh token) and related metadata (such as scope, connection status, and the identity of the connected broker). See Section 4.
1.3 Brokerage data you authorize. Data made available through your authorized connection and needed to provide the Service, which may include account identifiers, positions, balances, and order or transaction information, strictly within the scopes you approve.
1.4 Usage and technical data. Information generated when you use the Service, such as log data, device and browser type, IP address, timestamps, feature interactions, diagnostic and crash data, and similar technical information.
1.5 Communications. Records of your support requests and correspondence with us.
1.6 We do not knowingly collect special categories of sensitive personal data, and we ask that you not provide them.
2. What We Explicitly Do Not Collect
2.1 We do not collect your broker password. We do not ask for, receive, or store your connected broker login password. Connection is made through a delegated authorization mechanism (such as OAuth), not by sharing your broker credentials with us. You sign in on your broker's own domain, and your broker issues AlphaWeg a limited-purpose token.
2.2 We cannot move or withdraw your funds. We do not hold, custody, or take title to your funds or securities, and we have no ability to transfer, deposit, or withdraw money or assets into or out of your brokerage account. Your funds remain with your connected broker, in your name, under your control.
2.3 We do not sell your personal information (see Section 6).
3. How We Use Information
3.1 We use information to:
- (a) provide, operate, maintain, and secure the Service;
- (b) authenticate you and manage your account and brokerage account connections;
- (c) generate and display decision-support output you request;
- (d) provide customer support and respond to your inquiries;
- (e) monitor, debug, and improve the Service, including analytics and product development;
- (f) detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms; and
- (g) comply with legal obligations and enforce our agreements.
3.2 We do not use your information to place, approve, or direct any order. All orders are initiated and approved by you.
4. OAuth Token Handling and Storage
4.1 Scoped. Tokens are limited to the permissions (scopes) you approve when connecting a brokerage account, and we request only the access necessary to provide the Service — order-entry scope, not the ability to withdraw or transfer funds.
4.2 Revocable. You may revoke a connection at any time — through the Service, through your connected broker, or both. Upon revocation, we cease using the token and delete or invalidate it in accordance with Section 8, subject to any legal retention obligation.
4.3 Encrypted. Tokens are stored using encryption and access controls designed to protect them at rest and in transit. [Specific encryption standards, key-management practices, and storage architecture — TBD; to be confirmed by security review before this Policy is published. We do not assert specific standards until verified.]
4.4 Not for fund movement. Tokens are used only to access authorized data and functionality within the approved scopes. They are not, and cannot be, used to withdraw or transfer your funds.
5. Legal Bases for Processing
5.1 Israel. We process personal information in accordance with the Israeli Protection of Privacy Law, 5741-1981, and its regulations. We process information as necessary to provide the Service you request, to pursue our legitimate business interests (such as security and product improvement) in a manner consistent with your rights, to comply with legal obligations, and, where required, based on your consent.
5.2 EU/EEA users (GDPR-aware). To the extent the EU General Data Protection Regulation (GDPR) applies to any user, we rely on the following legal bases: (a) performance of a contract (to provide the Service); (b) our legitimate interests (to secure and improve the Service), balanced against your rights; (c) compliance with a legal obligation; and (d) your consent, where applicable. [Applicability of GDPR, appointment of any EU representative, and any lead-supervisory-authority questions — TBD; to be confirmed by counsel.]
5.3 Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
6. Data Sharing
6.1 We never sell your personal information.
6.2 Service providers / processors. We share information only with a limited set of processors that perform services on our behalf (such as cloud hosting, infrastructure, and analytics), under contracts that require them to protect the information and use it only for the services they provide to us. [Specific sub-processors are not named in this draft and must not be listed until confirmed and contractually bound. A maintained sub-processor list — TBD.]
6.3 Your connected broker. Information necessary to operate your authorized connection is exchanged with the broker you choose to connect. Interactive Brokers and any other broker you connect are independent third parties; your relationship with that broker is governed by the broker's own terms and privacy policy.
6.4 Legal and safety. We may disclose information where required by law, legal process, or a lawful governmental request, or to protect the rights, property, safety, or security of AlphaWeg, our users, or the public, or to detect and prevent fraud or abuse.
6.5 Business transfers. In connection with a merger, acquisition, financing, or sale of assets, information may be transferred as part of the transaction, subject to this Policy or a successor policy.
7. Security Measures
7.1 We implement technical and organizational measures designed to protect information, including encryption of sensitive data such as tokens, access controls, and monitoring. [Specific security controls, certifications, and audit status — TBD; we do not claim any certification, audit, or insurance until independently verified by counsel and security review.]
7.2 No method of transmission or storage is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk. Please help protect your account by safeguarding your credentials.
8. Data Retention
8.1 We retain personal information for as long as needed to provide the Service, maintain your account, comply with legal obligations, resolve disputes, and enforce our agreements.
8.2 When you disconnect a brokerage account or close your account, we delete or invalidate associated tokens and delete or anonymize related personal information within a reasonable period, except where retention is required by law or for legitimate business purposes (such as security, fraud prevention, or record-keeping). Email and lead-contact information is retained for 24 months. [Specific retention periods — TBD; to be set by counsel.]
9. Your Rights
9.1 Subject to applicable law, you may have the right to:
- (a) access the personal information we hold about you;
- (b) request correction of inaccurate or incomplete information;
- (c) request deletion of your information;
- (d) object to or restrict certain processing, and (for EU users) request data portability;
- (e) withdraw consent where processing is based on consent; and
- (f) revoke a brokerage account connection at any time.
9.2 Israeli law provides rights of access to, and correction of, personal information held in a database, in accordance with the Protection of Privacy Law. EU users have the rights afforded under GDPR.
9.3 To exercise your rights, contact us using Section 14. We may need to verify your identity. We will respond within the timeframe required by applicable law.
9.4 You may have the right to lodge a complaint with a supervisory authority — in Israel, the Israeli Privacy Protection Authority (Rashut Le-Haganat Ha-Pratiyut), and in the EU, your local data protection authority.
10. International Data Transfers
10.1 We and our processors may store and process information in countries other than your own, including outside Israel or the EU/EEA. Such transfers are made in accordance with applicable law.
10.2 Where required, transfers of EU/EEA personal data are protected by appropriate safeguards (such as Standard Contractual Clauses or an adequacy determination). Hosting and data storage are provided through the Cloudflare global edge network. [Specific transfer mechanisms and safeguards — TBD; to be confirmed by counsel.]
11. Cookies and Analytics
11.1 The Service may use cookies and similar technologies to operate, secure, and improve the Service, remember your preferences, and understand usage.
11.2 We may use analytics tools to collect usage and technical data. [Specific analytics providers and cookie categories are not named in this draft and must be confirmed; a cookie notice and consent mechanism — TBD, particularly for EU users.]
11.3 You can control cookies through your browser or device settings; disabling some cookies may affect functionality.
12. Children
12.1 The Service is not intended for, and may not be used by, anyone under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it. If you believe a minor has provided us information, contact us using Section 14.
13. Changes to This Policy
13.1 We may update this Policy from time to time. Material changes will be communicated by reasonable means (for example, in-app notice or email) before they take effect where required by law. The "Last updated" date reflects the latest revision. Your continued use of the Service after the effective date constitutes acknowledgment of the updated Policy.
14. Contact and Privacy Inquiries
14.1 For privacy questions, requests, or to exercise your rights, contact:
AlphaWeg (Amit Wegner) — Amit Wegner, an individual sole proprietor (Osek Murshe) registered in Israel
Privacy and regulatory contact: compliance@alphaweg.com
General inquiries: hello@alphaweg.com
Registered address: [REGISTERED ADDRESS — TBD]
You can also reach us through our Contact page.
14.2 A Data Protection Officer is not currently required; privacy inquiries may be directed to the contact address below.
See also our Terms of Service and Risk Disclosure. Trading involves substantial risk of loss and is not suitable for every investor.