← Back to Dashboard

Privacy Policy

Last updated: February 15, 2026

1. Introduction

Small Time Devs Inc ("we", "us", "our") operates AramidX ("the Service"). This Privacy Policy explains how we collect, use, and protect your personal information. We are committed to protecting your privacy in accordance with applicable data protection laws, including GDPR for EU/EEA users.

2. Data We Collect

Data Type	Source	Purpose
Email address	OAuth provider	Account identification, transactional emails
Display name	OAuth provider	Personalization
Avatar URL	OAuth provider	UI display
OAuth provider ID	Google, GitHub, Microsoft	Authentication
IP address	HTTP request	Security, audit logging
User agent	HTTP request	Security, audit logging
Trading CSV data	User upload	Analytics processing, stored in analysis history
AI-generated insights	Cloudflare Workers AI	Trading performance analysis (derived from your metrics, never sent to external AI services)
Billing information	Stripe	Subscription management

3. OAuth Data

We use OAuth 2.0 for authentication via Google, GitHub, and Microsoft. We only request the minimum scopes needed:

• Google: email, profile (name, avatar)
• GitHub: email (verified primary), profile (name, avatar)
• Microsoft: email, profile (name)

We do not access your contacts, files, repositories, or any other data from these providers. OAuth tokens are used only during the login flow and are not stored.

4. Stripe Billing Data

Payment processing is handled entirely by Stripe. We store:

• Your Stripe customer ID (for linking your account)
• Subscription status and billing period
• Invoice IDs (for commission tracking)

We do not store credit card numbers, bank accounts, or full payment details. All payment data is handled by Stripe under their PCI-DSS compliant infrastructure.

5. Cookies

We use a single session cookie (aramid_session) for authentication. This cookie is:

• HttpOnly — not accessible to JavaScript
• Secure — only sent over HTTPS
• SameSite=Lax — CSRF protection
• 24-hour expiry — automatically cleared

We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

6. How We Use Your Data

• Authenticate and identify your account
• Process your trading data for analytics and store analyses in your history
• Generate AI-powered trading insights using Cloudflare Workers AI (your data stays on Cloudflare infrastructure)
• Manage your subscription and billing
• Send transactional emails (welcome, billing, trial reminders)
• Maintain audit logs for security compliance (NIST CSF 2.0)
• Prevent fraud and abuse

7. Data Storage and Security

Your data is stored on Cloudflare's infrastructure:

• D1 Database: User accounts, sessions, subscriptions, audit logs
• KV Store: Session cache, subscription cache (ephemeral)
• R2 Storage: CSV uploads linked to analysis history
• Workers AI: AI insight generation (processes metrics on Cloudflare, no data sent to external services)

All data is encrypted in transit (TLS 1.3) and at rest. Access is restricted by the principle of least privilege.

8. Data Retention

• Account data: Retained while your account is active. Deleted upon account deletion request.
• Session data: Automatically expires after 24 hours.
• Audit logs: Retained for 90 days for security compliance.
• CSV uploads & analyses: Retained while your account is active. Deleted upon account deletion request.
• AI insights: Stored as part of each analysis record. Retained while the analysis exists.
• Email logs: Retained for 90 days.

9. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a portable format
• Object: Object to processing of your data
• Restrict: Request restricted processing

To exercise these rights, contact support@smalltimedevs.com.

10. Third-Party Services

• Cloudflare: Infrastructure, CDN, DNS (Privacy Policy)
• Stripe: Payment processing (Privacy Policy)
• Cloudflare Workers AI: AI insight generation — runs on Cloudflare infrastructure, no data sent to third parties (Privacy Policy)
• Resend: Transactional emails (Privacy Policy)

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy at any time. We will notify users of material changes via email or a notice on the Service.

13. Contact

For questions about this Privacy Policy or to exercise your data rights:

Small Time Devs Inc
Email: support@smalltimedevs.com
Website: aramidx.app