Security and data handling
Last updated: July 10, 2026
The one-sentence policy
The narrative engine is conditioned on your prior updates, supplied as context. Your data is never used to train any model.
No fine-tuning occurs, and none of your data enters any model’s weights. That sentence is the standard we hold every feature to, and it appears — identically — in our privacy policy.
Nothing sends without you
Nothing goes to your investors until you press send. Every send requires you — signed in, looking at the full recipient list — to explicitly confirm it. There is no auto-send setting to misconfigure, because none exists.
Where your data lives
Your data is stored in a PostgreSQL database hosted on infrastructure we control. Connections are encrypted via TLS. Three third-party services touch narrow slices of it: Stripe processes payments (we never store card details), Resend delivers transactional email, and Amazon Web Services stores exported PDF reports.
Encryption
Your financial data is encrypted at rest and in transit. We follow industry-standard practices to protect your information.
Access and authentication
Sign-in is by magic link — no passwords to leak or reuse. We use a single session cookie to keep you signed in and no advertising or tracking cookies.
No selling, no aggregating
We don’t sell your data and we don’t aggregate it across customers. Your numbers exist to produce your forecasts and your updates — nothing else.
Export and deletion
You can export your data at any time from within the application. Request deletion and your account and all associated data are removed within 30 days.
Questions
The privacy policy has the full detail. For anything it doesn’t answer, email [email protected].