Privacy, data use, and account protection

1. Scope

This policy applies to OrderForge, including the dashboard, authentication flow, device registration, orderflow panels, chart tools, AI analysis features, settings, admin tools, and related API routes.

2. Information We Collect

We collect only the information needed to provide, secure, and improve the app:

• Account information, such as your email address, phone number if provided, Clerk user ID, role, trial status, subscription status, and admin notes.
• Security and duplicate-account signals, including IP address, user agent, and browser/device fingerprint generated by FingerprintJS.
• Device records, including first seen time, last seen time, fingerprint, IP address, and user agent.
• Usage and configuration data, such as saved settings, risk rules, watchlists, indicator configuration, and dashboard preferences.
• Market analysis data you generate or request, such as AI prompts, AI responses, symbols, provider context, market snapshots, confluence reads, and scenario plans.
• Billing and access records when applicable, such as payment provider, customer or subscription IDs, payment status, billing interval, and plan status. We do not store full card numbers.
• Operational logs needed for debugging, security, fraud prevention, and service reliability.

3. Why We Use Your Data

We use your data for these purposes:

• To authenticate users and maintain account access through Clerk.
• To enforce trials, subscriptions, blocked accounts, and admin-granted access.
• To prevent one person from creating multiple accounts by checking email, phone, IP address, and device fingerprint against existing records.
• To provide the dashboard, charts, order book views, AI analysis, alerts, settings, and user-specific saved data.
• To investigate suspicious activity, duplicate accounts, abuse, fraud, or attempts to bypass access controls.
• To troubleshoot errors, protect the service, and maintain accurate access records.

4. Duplicate Account and Fraud Prevention

OrderForge is designed for one account per user unless we approve otherwise. During signup, auth sync, and device registration, we check the database for matching email, phone, IP address, and device fingerprint. If a duplicate signal is found, the account may be flagged, blocked, or reviewed by an administrator.

These checks are used only for account security, fraud prevention, abuse prevention, and subscription or trial enforcement. We do not sell device fingerprints or IP addresses.

5. AI and Market Analysis Data

When you use AI features, OrderForge may process the current market context, order book metrics, chart context, prompts, and generated responses. AI outputs are educational market context only. They are not financial advice, investment advice, execution instructions, or guaranteed trading signals.

6. Third-Party Services

OrderForge uses third-party providers to operate the app:

• Clerk for authentication and account sessions.
• FingerprintJS for browser/device fingerprinting used in duplicate-account prevention.
• Neon/Postgres and Drizzle for application database storage.
• Market data, calendar, and related API providers depending on enabled dashboard features.
• AI model providers for generating market context when you use AI features.
• Payment providers such as Stripe or PayPal when billing features are used.

These providers process data according to their own terms and privacy policies. We share only what is necessary to provide the requested feature, secure the service, or complete billing.

7. Cookies and Local Storage

We use essential cookies and browser storage for authentication, dashboard operation, saved preferences, and cookie-consent state. See the Cookie Policy for more detail.

8. Data Retention

We keep account, access, device, fraud flag, settings, and generated analysis records for as long as needed to operate the service, resolve disputes, enforce account limits, meet legal obligations, and protect the app. We may delete or anonymize records when they are no longer needed.

9. Your Choices and Requests

You may request access, correction, or deletion of your personal data. Some records may need to be retained for security, fraud prevention, billing, or legal reasons. If a device/IP duplicate flag is wrong, you can ask for review. For step-by-step instructions, visit the Data Deletion page.

10. Security

We use reasonable technical and organizational safeguards to protect your data. No system is perfectly secure, so users should keep their account credentials private, avoid sharing sessions, and contact us if they suspect unauthorized access.

11. Children

OrderForge is not intended for children. Users must be old enough to create a binding account and use trading analysis tools in their jurisdiction.

12. Changes

We may update this policy as the app changes. Material changes will be reflected by updating the date above and, where appropriate, notifying users in the app.

13. Contact

For privacy questions, account review, or data requests, contact the OrderForge administrator through the support channel provided with your account or subscription.