Personal data we collect
The minimum required to operate the service:- Email — account identification, login.
- IP address — rate limiting, abuse prevention.
- API key fingerprints — for revocation and audit. Raw secrets are stored as Argon2 hashes only.
What we do not collect
- Credit-card data — handled by Stripe when applicable.
- Social-network credentials — you can connect X/Twitter for
sf x*features but the connection is read-only and revocable.
Cookies
The web terminal uses session cookies for Supabase auth. The Mintlify documentation site uses Mintlify’s analytics; see Mintlify’s privacy policy for that surface.Subprocessors
Production traffic may flow through these providers, depending on the surfaces you use:| Provider | Used for |
|---|---|
| Supabase | Account auth + Postgres. |
| Vercel | API + dashboard hosting. |
| OpenRouter / Anthropic | LLM calls when you use query, inspect, monitor-the-situation, ask, etc. |
| Resend | Email delivery for digests and notifications. |
| Trigger.dev | Cloud portfolio-tick runner. |
| Cartesia | Voice (/api/proxy/tts, /api/proxy/stt). |
| Kalshi / Polymarket | Trading, only when you authorize it. |
| HuggingFace | Public dataset publication (export-only). |
patrick@simplefunctions.dev for the current Data Processing Addendum or specific subprocessor questions for a procurement review.
What we never share
- Raw exchange private keys.
- Your thesis content, until you publish it.
- Your portfolio trades.
- Your watch / alert / webhook configuration.
Data access, export, and deletion
Emailpatrick@simplefunctions.dev for a data export or deletion request. Include the email on the account and the action you want.
See also
Data usage
What’s stored, what’s public.
Security
Encryption and incident response.
Compliance
Regulatory posture.