Legal

Privacy Policy

Effective date: April 5, 2026

This Privacy Policy describes how Fortress Options ("we," "us," or "our") collects, uses, and shares information when you use the Fortress Options mobile application and website (collectively, the "Service"). We are committed to handling your data with transparency and care.

1. Information We Collect

We collect only the minimum data needed to operate the Service:

  • Email address — used to create and manage your account, deliver your API key, and send transactional emails.
  • Subscription tier — Pro or Elite, used to gate access to features and signals.
  • FCM push token — a device-specific token issued by Firebase Cloud Messaging, used exclusively to deliver trade signal push notifications to your device. We do not link this token to any personally identifiable information beyond your account.
  • API usage logs — timestamped records of requests made with your API key, used for rate-limiting, abuse prevention, and debugging. Logs are automatically purged after 30 days.

We do not collect, store, or have access to:

  • Your brokerage or trading account credentials or account numbers
  • Social Security numbers or government-issued ID numbers
  • Bank account or credit card numbers (payment is handled entirely by Stripe)
  • Your actual trade history or portfolio positions

2. How We Use Your Information

  • To create, authenticate, and manage your account.
  • To process your subscription and communicate billing-related information via Stripe.
  • To deliver push notifications for trade signals to your registered device.
  • To enforce rate limits and detect abuse of the API.
  • To send transactional emails (account confirmation, API key delivery, billing receipts).
  • To improve the Service by analyzing aggregate, anonymized usage patterns.

We do not use your information for advertising profiling or sell it to data brokers.

3. Third-Party Services

We use the following sub-processors. Each has its own privacy policy.

Stripe

Handles all payment processing. Stripe collects and stores your payment card details under its own PCI-DSS compliant infrastructure. We receive only a customer ID and subscription status from Stripe — we never see your raw card data.

stripe.com/privacy

Firebase (Google)

Provides Firebase Cloud Messaging (FCM) for push notification delivery. Your FCM token is transmitted to Google's servers to route notifications to your device. Google may process this token in accordance with its own privacy policy.

firebase.google.com/support/privacy

Render

Hosts our backend API and database. Account data and API logs reside on Render's infrastructure in the United States. Render is SOC 2 Type II certified.

render.com/privacy

We do not share your personal data with any other third parties, and we do not sell your data under any circumstances.

4. Data Retention

  • Account data (email, subscription tier, FCM token): retained for the duration of your active subscription, plus 90 days after cancellation. After that grace period, your account data is permanently deleted.
  • API usage logs: automatically purged after 30 days on a rolling basis.
  • Stripe billing records: retained by Stripe in accordance with their data retention obligations and applicable financial regulations. We retain only the Stripe customer ID and subscription status.

You may request immediate deletion of your data at any time (see Section 6).

5. Cookies & Local Storage

Our website uses browser local storage solely to remember your dark/light theme preference. No tracking cookies, cross-site cookies, or advertising pixels are used.

The mobile application does not use cookies. It stores your API key and FCM token locally on your device using Android's secure storage.

6. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate data.
  • Deletion — request permanent deletion of your account and associated data.
  • Opt out of push notifications — revoke notification permission in your device settings at any time.
  • Portability — request a machine-readable export of your data.

To exercise any of these rights, email us at support@fortress-options.com. We will respond within 30 days. We may need to verify your identity before fulfilling the request.

7. No Sale of Personal Data

We do not sell, rent, or trade your personal information to any third party for monetary or other consideration. This applies to all users, including California residents covered by the California Consumer Privacy Act (CCPA).

8. Security

We implement commercially reasonable technical and organizational measures to protect your data, including encrypted data transmission (HTTPS/TLS), hashed API keys, and access controls on our database. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately so we can delete it.

10. International Users

The Service is operated in the United States. If you are accessing the Service from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

11. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will revise the effective date at the top of this page. For material changes, we will notify you via email or in-app alert. Continued use of the Service after the updated policy takes effect constitutes your acceptance of the new terms.

12. Contact

Questions, requests, or concerns about this Privacy Policy? Contact us at:
support@fortress-options.com