← Back

Privacy Policy

Last updated: April 7, 2026

1. Introduction

dundunn LLC ("dundunn", "we", "us", "our"), a Wyoming limited liability company (EIN 41-5125291), operates the dundunn platform at dundunn.com and dundunnai.com. This Privacy Policy explains how we collect, use, store, and protect your information when you use our trading intelligence, fitness optimization, and business management services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and display name through Google Sign-In or email/password registration. We do not store your Google password.

2.2 Brokerage Data (via OAuth)

When you connect a brokerage account (TradeStation, Alpaca, TastyTrade, or others), we access your account through OAuth 2.0 authorization. This means:

  • You authorize access directly on your broker's website — we never see or store your broker login credentials.
  • We receive OAuth tokens that allow us to view your account data (balances, positions, order history) and submit orders on your behalf when you initiate a trade through dundunn.
  • We cannot withdraw funds, transfer assets, or modify your broker account settings.
  • You can revoke access at any time from your dundunn settings or directly through your broker.
  • OAuth tokens are encrypted at rest using AES-256 encryption.

2.3 Trading Data

We collect and store your trade executions, positions, orders, trade plans, trade reviews, grades, notes, decision logs, and performance analytics. This data is stored in our PostgreSQL database hosted on Railway and is associated with your user account.

2.4 Biometric and Wearable Data (Fitness)

If you use dundunn's fitness features, we may collect data from connected wearable devices including but not limited to:

  • Heart rate, heart rate variability (HRV), and resting heart rate
  • Sleep duration, sleep stages, and sleep quality metrics
  • Activity data including steps, calories, and workout sessions
  • Recovery and readiness scores
  • Body composition data if provided

This data is collected through authorized integrations with services such as Apple HealthKit, Garmin Connect, Oura, Whoop, and other wearable platforms. Each integration requires your explicit consent. Biometric data is stored in our Firebase Firestore database and is never shared with third parties or used for advertising.

2.5 AI Processing Data

When you use dundunn's AI features (market narratives, trade analysis, coaching conversations, performance reports), your trading data and conversation history may be sent to AI service providers (currently Anthropic/Claude) for processing. We do not use your data to train AI models. AI providers process your data according to their own privacy policies and data processing agreements.

2.6 Usage and Analytics Data

We collect standard usage data including pages visited, features used, browser type, device information, and IP address for platform improvement and security purposes.

2.7 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other payment credentials on our servers. Stripe's privacy policy governs payment data handling.

3. How We Use Your Information

  • Provide Services: Display your positions, execute trades, generate analytics, deliver AI-powered insights and coaching.
  • Improve the Platform: Analyze usage patterns to improve features and user experience.
  • Cross-Product Insights: With your consent, correlate trading performance with fitness/sleep data to identify patterns (e.g., sleep quality impact on trading decisions).
  • Communications: Send account-related notifications, product updates, and (with consent) marketing communications.
  • Security: Detect and prevent fraud, unauthorized access, and abuse.

4. Data Storage and Security

4.1 Infrastructure

  • Authentication: Firebase Authentication (Google Cloud) — manages user accounts and login sessions.
  • User Preferences and Documents: Firebase Firestore (Google Cloud) — stores settings, preferences, and fitness data.
  • Trade Data: PostgreSQL on Railway — stores executions, trades, and analytics.
  • Application Hosting: Vercel — serves the web application.
  • Backend Services: Railway — hosts the bridge API server.
  • Payments: Stripe — processes subscriptions and payments.

4.2 Security Measures

  • All data transmitted over HTTPS/TLS encryption.
  • OAuth tokens encrypted at rest.
  • API endpoints protected by authentication and rate limiting.
  • No broker credentials stored — OAuth-only broker access.
  • Firebase security rules restrict data access to authorized users.

5. Your Rights

  • Access: You can view all data we store about you through the platform's journal, settings, and analytics features.
  • Export: You can export your trade history, analytics, and account data at any time.
  • Deletion: You can request deletion of your account and all associated data by contacting support@dundunn.com. We will delete your data within 30 days, except where retention is required by law.
  • Broker Disconnection: You can disconnect any broker integration at any time, which immediately revokes our access to your broker data.
  • Data Portability: You can download your data in standard formats (CSV, JSON).
  • Opt-Out: You can opt out of AI processing, cross-product analytics, and marketing communications at any time.

6. Third-Party Services

We use the following third-party services, each governed by their own privacy policies:

  • Google Firebase (authentication, data storage)
  • Vercel (application hosting)
  • Railway (backend hosting, database)
  • Stripe (payment processing)
  • Anthropic (AI processing)
  • TradeStation, Alpaca, TastyTrade (broker integrations)
  • Apple HealthKit, Garmin, Oura, Whoop (wearable integrations)

7. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only as necessary to provide our services (e.g., sending trade orders to your broker, processing payments through Stripe, generating AI analysis through Anthropic).

8. Children's Privacy

dundunn is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. Your continued use of dundunn after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests, contact us at:

dundunn LLC
Email: support@dundunn.com