Legal

Privacy Policy

Last updated: April 27, 2026

Your privacy matters to us. We collect only what we need to operate SHB Terminal, never sell your personal data, and give you full control over your information. This policy explains exactly what we do with your data.

1. Introduction

This Privacy Policy describes how SHB Terminal ("Company", "we", "us", or "our") collects, uses, stores, and shares your personal information when you use the SHB Terminal platform and related services ("Service").

This policy applies to all users of SHB Terminal worldwide. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

This Privacy Policy is GDPR-compliant for users in the European Union and CCPA-compliant for residents of California. Where applicable, your additional rights under these laws are described in Section 6.

2. Information We Collect

We collect the following categories of information:

Account DataRequired
  • Full name (provided during registration)
  • Email address
  • Password — stored as a secure bcrypt hash. We never see or store your plaintext password. Authentication is managed by Clerk.
  • Subscription status and billing history (transaction IDs only — see Payment Data below)
Payment DataProcessed by Lemon Squeezy
  • We do not store your payment card number, CVV, or bank details at any point.
  • All payment processing is handled by Lemon Squeezy, our Merchant of Record. Lemon Squeezy stores your payment information under PCI-DSS Level 1 compliance.
  • We receive only a transaction ID, subscription status, and renewal date from Lemon Squeezy.
Usage DataAutomatically collected
  • Pages visited and features used within the platform
  • Search queries entered (stock tickers, company names)
  • Watchlist contents and portfolio journal entries you choose to save
  • Trading journal entries and broker CSV files you upload
  • Session duration and frequency of use
Device & Technical DataAutomatically collected
  • IP address and approximate geographic location (country/city level)
  • Browser type, version, and language settings
  • Operating system and device type
  • Referral URL and entry page
  • Error logs and crash reports

3. How We Use Your Information

We use the information we collect exclusively for the following purposes:

  • Service delivery: To authenticate you, maintain your account, and provide the features you have subscribed to.
  • AI personalisation: To generate personalised AI insights, trade ideas, and coaching feedback based on your journal entries and watchlist.
  • Billing & payments: To manage your subscription via Lemon Squeezy, send billing confirmations, and handle renewals and cancellations.
  • Service improvement: To understand how the platform is used, identify and fix bugs, and prioritise new features.
  • Communications: To send account-related emails (receipts, password resets, policy updates) and, with your consent, product newsletters.
  • Security: To detect, prevent, and respond to fraud, abuse, and security incidents.
  • Legal compliance: To meet obligations imposed by applicable law and respond to lawful requests from authorities.
We will never sell your personal data to third parties, use your data for advertising, or share your information with data brokers.

4. Third-Party Services

SHB Terminal integrates the following third-party services to deliver the platform. Each provider processes data as described and has their own privacy policy.

Lemon Squeezy
Payments & Billing — Merchant of RecordPrivacy policy ↗

Handles all payment processing, tax calculation and remittance, and subscription management. Lemon Squeezy is the Merchant of Record, meaning your purchase is legally with Lemon Squeezy. They store your payment card details under PCI-DSS Level 1 compliance. We share your email address for invoice delivery.

Clerk
Authentication & IdentityPrivacy policy ↗

Manages user registration, login, session management, and multi-factor authentication. Clerk stores your email and hashed password. We do not have access to your plaintext credentials.

Anthropic (Claude AI)
AI Analysis & InsightsPrivacy policy ↗

Powers AI stock analysis, trading coach features, and natural-language insights. Queries sent to Anthropic may include stock ticker symbols and anonymised journal data, but never your name, email, or payment information. Anthropic does not use API queries to train their models.

Finnhub
Real-time Market DataPrivacy policy ↗

Provides real-time stock prices, earnings data, analyst estimates, and market news. Only your server-side API requests are sent to Finnhub — no personal data about you is transmitted.

Financial Modeling Prep (FMP)
Financial DataPrivacy policy ↗

Provides financial statements, ratios, discounted cash flow data, and SEC filing information. Only server-side API requests are sent — no personal user data is transmitted.

Vercel
Hosting & InfrastructurePrivacy policy ↗

Hosts the SHB Terminal web application. Vercel processes server request logs that may include IP addresses and HTTP request metadata. Vercel's infrastructure is SOC 2 Type 2 certified.

5. Data Retention

We retain your personal data for as long as your account is active. The following retention rules apply:

While active
Account & usage data
Retained for the full duration your subscription is active.
+90 days
After account deletion
After you request account deletion or your subscription lapses without renewal, we retain your data for 90 days in case you wish to reactivate, then permanently delete it.
7 years
Payment records
Transaction IDs and billing amounts are retained for 7 years to meet tax and accounting obligations.
Indefinite
Anonymised analytics
Aggregated, non-identifiable analytics that cannot be linked to you may be retained indefinitely.

To request early deletion of your account and all associated personal data, email privacy@shbterminal.com with the subject line "Account Deletion Request".

6. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you have the following rights regarding your personal data. We honour these rights for all users, regardless of location.

Right to Access

Request a copy of all personal data we hold about you, in a readable format.

Right to Delete

Request permanent deletion of your account and all associated personal data (right to erasure / right to be forgotten).

Right to Portability

Receive your account data (watchlists, journal entries) in CSV or JSON format.

Right to Correction

Request correction of inaccurate or incomplete personal information we hold about you.

Right to Opt-Out

Opt out of marketing emails at any time via the unsubscribe link in any email, or by emailing us. You cannot opt out of transactional emails (receipts, security alerts).

Right to Withdraw Consent

Withdraw any consent you have given for optional data processing at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, email privacy@shbterminal.com with the subject "Privacy Rights Request" and a description of your request. We will respond within 30 days (or 45 days where permitted by law for complex requests).

EU residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.

California residents (CCPA): We do not sell your personal information. You have the right to know what personal information is collected, the right to delete, and the right to non-discrimination for exercising your rights.

7. Cookies Policy

SHB Terminal uses a minimal set of cookies required to operate the Service. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies.

CookiePurposeDurationType
__sessionClerk authentication session tokenSessionNecessary
__client_uatClerk client-side authentication stateSessionNecessary
lemon_squeezyLemon Squeezy payment session & fraud detection1 yearNecessary
shb_prefsUser display preferences (theme, layout)1 yearFunctional

You can disable cookies in your browser settings, but this will prevent you from logging in to SHB Terminal, as session cookies are required for authentication.

8. Security

We implement industry-standard security measures to protect your personal data:

  • All data in transit is encrypted using TLS 1.2 or higher (HTTPS)
  • Passwords are stored as bcrypt hashes with a work factor of 12 — we never see your plaintext password
  • Authentication sessions are managed by Clerk with support for multi-factor authentication (MFA)
  • Payment data is handled exclusively by Lemon Squeezy under PCI-DSS Level 1 compliance — we never touch card details
  • Access to production databases and user data is restricted to authorised personnel on a strict need-to-know basis
  • We conduct regular security reviews and promptly patch known vulnerabilities

No method of data transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. If you discover a security vulnerability, please disclose it responsibly to security@shbterminal.com.

9. Children's Privacy

The Service is not directed at, and is not intended for use by, persons under the age of 18. We do not knowingly collect personal data from children under 18.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@shbterminal.com. We will promptly delete any personal data collected from a child upon verified request.

10. Contact Information

For any privacy-related questions, requests, or concerns, please contact us using the appropriate channel below. We aim to respond to all enquiries within 5 business days.

Privacy requests
privacy@shbterminal.com
Data access, deletion, portability
Security issues
security@shbterminal.com
Responsible disclosure
General support
support@shbterminal.com
Account & billing queries