Privacy & storage

What we store, what we don't, what runs locally.

What stays in your browser

• All workspaces — windows, positions, sizes, chart symbols, indicator code, themes.
• All files — TextEditor docs, spreadsheets, JSON.
• All custom indicators.
• All settings.

What we send to a server

• Market-data fetches go through our gateway; we don't log who asked for what.
• Auth (if you sign up) — email + Argon2id password hash, NextAuth session cookie. Postgres on Neon, RLS-scoped role for app reads.
• Optional anonymous telemetry — opt-in via privacy.telemetry. Off by default.

What we do not send anywhere

• Workspace contents.
• Indicator code — runs entirely in your browser's Web Worker sandbox.
• Files / spreadsheets — IndexedDB only.
• Browser fingerprint, IP-tied tracking, marketing cookies.