Privacy Policy

Last updated: 29 May 2026

This Privacy Policy explains how BasisTrail collects, uses, stores, shares, and protects information when you use the BasisTrail website, iOS app, and related services. BasisTrail is built around read-only portfolio visibility and limited-data handling, but this document covers the full operational picture.

BasisTrail is read-only by design. We do not receive your brokerage password, wallet private keys, seed phrase, or any authority to place trades, transfer assets, or sign blockchain transactions.

1. Scope

This policy applies to the BasisTrail website, iOS application, support interactions, waitlist flows, transactional emails, hosted checkout, and any related product experience that links to this policy. It does not govern third-party services that you access separately, including Interactive Brokers, Apple, blockchain explorers, or payment providers acting under their own privacy notices.

2. Controller and contact details

BasisTrail is operated by its founder as an independent software business. For privacy requests, contact privacy@basistrail.app. For general support, contact support@basistrail.app. If a formal postal contact is required for a regulator, legal notice, or verified data-rights request, request it by email first so we can route your request securely.

3. Information we collect

Account identity data — email address, Sign in with Apple relay address, display name, internal user ID, authentication timestamps, and account status.
Preferences and configuration data — onboarding selections, dashboard preferences, AI tone, source ordering, and read-only data display settings.
Portfolio and reconciliation data — positions, transactions, balances, cash, fees, FX, market values, manual adjustments, cost-basis reconstruction inputs, and source health status generated from the data sources you connect.
Read-only source references — Base wallet addresses you provide, Interactive Brokers Flex Web Service token state and query configuration metadata, and related sync status information.
AI interaction metadata — usage events, timestamps, feature type, token/cost metadata, and fair-use or credit state. Depending on the feature, sanitized portfolio context and your AI question are processed to generate the response.
Subscription and billing state — plan, renewal status, entitlement state, limited payment metadata, and hosted-checkout linkage received from our payment providers. We do not store full card numbers.
Technical and security data — IP address, device type, operating system, app version, crash or error metadata, request logs, rate-limit events, and fraud/abuse prevention telemetry.
Support communications — messages, attachments, and metadata you send to us when you ask for support, report bugs, or request account help.

4. Information we do not intentionally collect

Brokerage passwords.
Wallet private keys or seed phrases.
Authority to place trades or move funds.
Advertising tracker profiles, third-party ad pixels, or brokered consumer dossiers.
Special-category personal data unless you choose to include it in support messages or free-form AI prompts.

5. How we collect information

Directly from you during sign-in, onboarding, settings changes, support requests, and source connection setup.
Automatically from your use of the website or app, including logs, usage telemetry, and service diagnostics.
From third-party services you connect or rely on, including Apple, Interactive Brokers, blockchain data infrastructure, and our billing stack.
From background reconciliation and entitlement processes that compute derived portfolio data or plan state.

6. Why we use information

To authenticate you and protect account access.
To operate the app, website, dashboard, and connected data sync flows.
To reconstruct and display your portfolio, cost basis, and reconciliation outputs.
To generate AI summaries, explanations, and portfolio answers from your own data.
To enforce credits, fair-use limits, entitlement restrictions, and operational abuse controls.
To send transactional messages such as sign-in links, billing confirmations, service notices, and support responses.
To investigate bugs, fraud, abuse, security events, sync failures, and legal compliance issues.
To improve service quality, product reliability, and feature design.

7. Legal bases for processing

Where GDPR, UK GDPR, or similar laws apply, we generally rely on: contract necessity to provide the service you requested; legitimate interests in operating, securing, and improving BasisTrail; consent where you choose optional preferences or communications; and legal obligations where retention, compliance, or law-enforcement response is required. If a legal basis varies for a specific workflow, we apply the basis most appropriate to that workflow.

8. AI and automated processing

BasisTrail uses AI features to summarize or explain portfolio data. Before data is sent to the AI provider, we sanitize context to reduce exposure of secrets and secret-shaped values. We do not intentionally use your portfolio data to train third-party frontier models. AI responses are generated automatically and can be incomplete, inaccurate, or stale. You remain responsible for verifying financial facts before relying on them.

9. Cookies, local storage, and similar technologies

The website and iOS app use essential storage, authentication state, and operational scripts necessary for sign-in, account experience, and security. BasisTrail also uses product analytics telemetry, including page and screen views, onboarding progress, source-sync outcomes, entitlement state changes, AI usage flow events, and operational diagnostics. We configure this telemetry to avoid collecting broker credentials, private keys, seed phrases, full payment card data, or full raw portfolio payloads in analytics events. BasisTrail does not currently run a behavioral advertising stack.

10. Sharing and disclosure

We share information only where needed to operate the service, comply with law, or protect the service. Categories of recipients may include:

Infrastructure and database providers.
Authentication and email delivery providers.
AI providers used to answer your requests.
Payment and merchant-of-record providers for subscription handling, tax treatment, and billing events.
Professional advisers, auditors, insurers, or acquirers where necessary for business operations.
Regulators, courts, or law enforcement where required by law or reasonably necessary to protect rights, users, or the service.

11. International transfers

Your information may be processed in countries other than the one where you live, including the United States and other jurisdictions where our vendors operate. Where required, we rely on contractual safeguards, vendor commitments, or other recognized transfer mechanisms. International transfers may still involve legal and practical risks that differ from your home jurisdiction.

12. Data retention

Account and configuration data — retained while your account remains active and for a limited period afterward as needed for restoration, security review, or legal obligations.
Portfolio and sync data — retained while the account exists or until you remove the source and request deletion, subject to backup and legal-retention constraints.
Billing and tax records — retained as required by accounting, fraud-prevention, and tax laws.
AI usage events and security logs — retained only as long as reasonably needed for credits, abuse prevention, support, and product operations.
Support messages — retained as long as needed to resolve the issue, maintain a support history, or meet legal obligations.

13. Security measures

We use a combination of access controls, encryption in transit, hosted infrastructure safeguards, least-privilege service design, server-side secret handling, and device-local storage patterns such as the iOS Keychain where appropriate. No system is perfectly secure, and you acknowledge that internet and cloud systems always carry residual risk.

14. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to, or complain about our processing of your data. You may also be able to withdraw consent where consent is the basis for processing. BasisTrail includes account deletion in-app, and you can also email us at privacy@basistrail.app for help with a data request.

15. California and similar U.S. state disclosures

BasisTrail does not sell personal information in the ordinary meaning of that term and does not use third-party ad-tech profiling as part of the current product. If that changes, we will update this policy and any required rights mechanisms. Residents of jurisdictions with state privacy laws may have statutory rights beyond the general rights described above.

16. Children's privacy

BasisTrail is not directed to children and is intended only for adults capable of managing financial accounts. If you believe a child has provided data to BasisTrail, contact us and we will investigate and remove the data as appropriate.

17. Changes to this policy

We may update this Privacy Policy from time to time. When changes are material, we may provide additional notice through the website, app, or email. Continued use of the service after the effective date of the revised policy means the revised policy applies, to the extent permitted by law.

18. Contact

Privacy questions and requests: privacy@basistrail.app. Support requests: support@basistrail.app.

Read the Terms of Service →

Read the Refund & Return Policy →