← Back to Zelta
Privacy Policy
Effective Date: April 18, 2026 · Last Updated: April 18, 2026
Summary: We collect only what's needed to run Zelta. We never sell your data. Your brokerage credentials never touch our servers. You can delete everything at any time.
1. Introduction
This Privacy Policy ("Policy") describes how Zelta ("we," "us," "our"), operated by Zelta Team, collects, uses, stores, discloses, and protects your personal information when you use the Zelta mobile application and any related services, websites, or tools (collectively, the "Service").
By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree, you must discontinue use of the Service immediately.
2. Information We Collect
2.1 Information You Provide Directly
- Account Registration Data: Email address, first name, last name, and password (stored as a salted hash; we never store plaintext passwords).
- User-Generated Content: Trade notes, voice recordings, strategy tags, mood selections, execution ratings, and any other data you voluntarily enter into the Service.
- Support Communications: Content of any messages you send to us via email or in-app feedback.
2.2 Information Collected Through Brokerage Connections
When you connect a brokerage account through our integration partner, SnapTrade Technologies Inc. ("SnapTrade"), we receive read-only access to:
- Trade and order history (symbol, price, quantity, date/time, fees)
- Account balances and positions
- Account metadata (account type, account number)
Important: We cannot and do not receive your brokerage login credentials. Authentication is handled entirely by SnapTrade using OAuth 2.0 or equivalent protocols. We cannot execute trades, transfer funds, or modify your brokerage account in any way.
2.3 Information Collected Automatically
- Device Information: Device type, operating system version, app version, screen resolution, and unique device identifiers.
- Usage Analytics: Screens viewed, features used, session duration, and interaction patterns. We use PostHog for product analytics. This data is aggregated and does not include your trading data or P&L figures.
- Performance Data: Crash reports, error logs, and latency metrics used to diagnose and fix technical issues.
2.4 Information We Do NOT Collect
- Social Security numbers or government-issued identification
- Bank account numbers or routing numbers
- Credit card or payment information
- Brokerage login credentials or passwords
- Location data or GPS coordinates
- Contacts, calendar, or other on-device data unrelated to the Service
3. How We Use Your Information
| Purpose | Legal Basis |
|---|
| Providing the Service (trade journaling, analytics, AI coaching) | Performance of contract |
| Synchronizing trades from connected brokerages | Performance of contract |
| Generating personalized insights and metrics | Performance of contract |
| Sending notifications you have opted into | Consent |
| Improving the Service based on usage patterns | Legitimate interest |
| Responding to support requests | Legitimate interest |
| Complying with legal obligations | Legal obligation |
4. Data Sharing and Disclosure
We do not sell, rent, license, or trade your personal information to third parties.
We share data only in the following limited circumstances:
| Recipient | Data Shared | Purpose |
|---|
| Supabase, Inc. | Account data, trade data | Database hosting and authentication |
| SnapTrade Technologies Inc. | Brokerage connection tokens | Brokerage data aggregation |
| PostHog, Inc. | Anonymous usage analytics | Product analytics |
| Cloudflare, Inc. | API request metadata | Backend infrastructure and security |
| Resend, Inc. | Email address | Transactional email delivery |
We may also disclose information if required to do so by law, court order, subpoena, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
5. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data transmitted between your device, our servers, and third-party services is encrypted using TLS 1.2 or higher.
- Encryption at Rest: Data stored in our databases is encrypted using AES-256.
- Authentication: User sessions are managed using JSON Web Tokens (JWT) with automatic expiration and refresh.
- Access Control: Row-Level Security (RLS) policies ensure users can only access their own data.
- Brokerage Security: Brokerage connections are managed by SnapTrade, which maintains SOC 2 Type 2 certification.
While we employ commercially reasonable safeguards, no system is 100% secure. You acknowledge that you provide data at your own risk.
6. Data Retention
- Active Accounts: We retain your data for as long as your account is active and the Service is in use.
- Deleted Accounts: Upon account deletion, we delete all personally identifiable data within 30 days. Anonymized, aggregated analytics data may be retained indefinitely.
- Voice Notes: Audio recordings are stored locally on your device and are not transmitted to our servers.
- Legal Obligations: We may retain certain data longer if required by law or to resolve disputes.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of all personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and all associated data via Settings → Delete Account.
- Portability: Export your trade data in standard formats from within the app.
- Objection: Object to processing based on legitimate interest.
- Withdrawal of Consent: Withdraw consent for optional processing (e.g., notifications) at any time via Settings.
- Brokerage Disconnection: Disconnect any brokerage connection at any time. Existing imported trades will remain unless you delete them.
To exercise any of these rights, contact us at richadultsclub@gmail.com. We will respond within 30 days.
8. Children's Privacy
The Service is not intended for, and we do not knowingly collect personal information from, individuals under the age of 18. If we become aware that we have collected data from a minor, we will take steps to delete such data promptly. If you believe a minor has provided us with personal information, please contact us immediately.
9. International Data Transfers
Your data may be transferred to, stored in, and processed in countries other than your country of residence, including the United States. By using the Service, you consent to such transfers. We ensure that any cross-border transfers comply with applicable data protection regulations.
10. Third-Party Links
The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies before providing any personal information.
11. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last Updated" date at the top of this Policy and, where appropriate, through the app or email. Your continued use of the Service after such changes constitutes acceptance of the revised Policy.
12. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: