Privacy Policy
Last Updated: February 2026
Cyris AI LLC ("Cyris," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at cyrisai.com (the "Platform").
Key Point: For OAuth-connected brokers (TradeStation, Robinhood), your brokerage login credentials are NEVER shared with or stored by Cyris. You authenticate directly with your broker.
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, username, and password (hashed, never stored in plain text)
- Profile Information: Any optional information you choose to provide
- Payment Information: Processed securely through Stripe; we do not store your full credit card number
- Communications: Support requests, feedback, and other correspondence
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on the Platform
- Device Information: Browser type, operating system, device identifiers
- Log Data: IP address, access times, referring URLs
1.3 Information from Third-Party Services
- OAuth Brokers (TradeStation, Robinhood): When you connect your brokerage account via OAuth, we receive access tokens that allow us to retrieve your portfolio data, positions, and execute trades on your behalf. We do NOT receive or store your broker login credentials.
- API-Connected Brokers (Tradovate, OANDA, others): For brokers requiring API credentials, we store your API keys and secrets in encrypted form. These are used solely to connect to your brokerage account.
- Trading Data: Portfolio balances, positions, order history, and trade executions from connected brokers
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Platform
- Execute trades and manage your connected brokerage accounts as you direct
- Display your portfolio performance and trading history
- Process payments and manage your subscription
- Send you service-related communications (account verification, security alerts, updates)
- Provide customer support
- Analyze usage patterns to improve our services
- Detect, prevent, and address technical issues and security threats
- Comply with legal obligations
3. How We Protect Your Information
Security Measures: All data transmitted between your browser and Cyris servers is encrypted using industry-standard SSL/TLS (HTTPS) encryption.
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption in Transit: All communications use HTTPS/TLS encryption
- Encryption at Rest: Sensitive data including API credentials are encrypted before storage
- Password Security: Passwords are hashed using industry-standard algorithms; we cannot see your password
- OAuth Authentication: For supported brokers, we use OAuth so your credentials are never shared with us
- Access Controls: Strict access controls limit who can access user data
- Secure Infrastructure: Hosted on Microsoft Azure with enterprise-grade security
- Regular Security Reviews: We regularly review and update our security practices
4. Data Sharing and Disclosure
We do NOT sell your personal information. We may share your information only in the following circumstances:
| Recipient |
Purpose |
Data Shared |
| Connected Brokerages |
Execute trades, retrieve portfolio data |
OAuth tokens or API credentials (as applicable) |
| Stripe (Payment Processor) |
Process subscription payments |
Email, payment information |
| Microsoft Azure |
Cloud hosting infrastructure |
All platform data (encrypted) |
| Email Service (Resend) |
Send transactional emails |
Email address |
| Law Enforcement |
Legal compliance (if required) |
As legally required |
5. Data Retention
We retain your information for as long as your account is active or as needed to provide you services. Specifically:
- Account Data: Retained while your account is active
- Trading History: Retained for the duration of your account plus 7 years for potential regulatory compliance
- OAuth Tokens: Retained until you disconnect the broker or they expire
- API Credentials: Deleted immediately when you disconnect a broker
- Log Data: Retained for 90 days
Upon account deletion request, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
6. Your Rights and Choices
6.1 All Users
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your account and data
- Disconnect Brokers: Remove broker connections at any time from the Hub
- Disable Auto-Trading: Turn off automated trading at any time
6.2 California Residents (CCPA Rights)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we collect
- Right to Delete: Request deletion of personal information we collected
- Right to Opt-Out: We do not sell personal information, so this right does not apply
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, contact us at privacy@cyrisai.com or cyrisaillc@gmail.com.
7. Cookies and Tracking
We use cookies and similar technologies for:
- Essential Cookies: Required for the Platform to function (authentication, session management)
- Preference Cookies: Remember your settings (theme, layout preferences)
- Analytics: Understand how users interact with the Platform to improve our services
You can control cookies through your browser settings, but disabling essential cookies may prevent the Platform from functioning properly.
8. Third-Party Links
The Platform may contain links to third-party websites (e.g., your broker's website). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
9. Children's Privacy
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will delete it promptly.
10. International Users
Cyris is based in the United States. If you access the Platform from outside the US, your information will be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction.
11. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovery
- Describe the nature of the breach and the types of data involved
- Explain the steps we are taking to address the breach
- Provide recommendations for protecting yourself
- Report to relevant regulatory authorities as required by law
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on the Platform with a new "Last Updated" date
- Sending an email notification for significant changes
Your continued use of the Platform after changes constitutes acceptance of the updated policy.