Privacy Policy
1. Who We Are
Verdikt is a Canadian company operating a momentum trading signals platform for self-directed investors. We are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).
2. What We Collect
| Information | Source | Purpose |
|---|---|---|
| Email address | You, at signup | Account creation, email verification, password reset |
| Password (hashed) | You, at signup | Authentication — stored as a bcrypt hash, never in plaintext |
| Watchlist symbols | You | Fetching signals for the tickers you track |
| Target allocations | You | Rebalancing preferences in the Planner feature |
| Portfolio positions & balances | Your brokerage via SnapTrade | Signal overlay and rebalancing analysis — read-only |
| Signal history | Computed from market data | Tracking signal performance over time |
- Brokerage login credentials (SnapTrade handles authentication)
- Trading history or order records
- Payment information
- Sensitive personal information (SIN, health data, etc.)
3. Third-Party Services
SnapTrade — We use SnapTrade as an OAuth intermediary to connect to your brokerage. Your brokerage credentials go directly to SnapTrade and your broker — Verdikt never receives or stores them. SnapTrade is SOC 2 compliant. SnapTrade's privacy policy governs their handling of your credentials.
Financial Modeling Prep (FMP) — We use FMP to fetch market data (stock prices, fundamentals). We do not share your personal information with FMP; we only send stock symbol queries.
We do not sell, rent, or share your personal data with any other third parties for marketing or commercial purposes.
4. Consent
By creating an account, you consent to collection and use of your personal information as described in this policy. Brokerage connection is optional and requires explicit OAuth approval through SnapTrade. You may withdraw consent at any time by deleting your account or disconnecting your brokerage.
5. Retention
- Account data (email, hashed password, watchlist): retained while your account is active. Deleted within 30 days of account deletion.
- Portfolio snapshots: retained while your brokerage is connected. Deleted within 7 days of disconnection.
- Signal history: retained for 2 years to support historical analysis features.
- Email verification tokens: expire after 24 hours. Password reset tokens expire after 1 hour.
6. Safeguards
- All data encrypted in transit via HTTPS/TLS.
- Database encryption at rest via MongoDB Atlas.
- Passwords stored as bcrypt hashes — never in plaintext.
- JWT-based authentication with session expiry.
- Access controls limit data access to authorized personnel only.
7. Data Residency
Our infrastructure runs in Canadian data centers (MongoDB Atlas — Canada, Railway — Canada). Your data does not cross international borders and is subject to Canadian privacy law.
8. Your Rights
Under PIPEDA you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and associated data.
- Withdraw consent for data processing.
To exercise these rights, email hello@verdikt.ca. We will respond within 30 days.
9. Changes to This Policy
We may update this policy periodically. Material changes will be communicated by email or an in-app notice. Continued use of Verdikt after changes constitutes acceptance.
10. Contact
Privacy questions or requests? Reach us at:
hello@verdikt.ca