Your data is yours.
We can't touch it.

Read-only access, no training on your portfolio data, per-user isolation, and encryption at every layer.

Built-in protections.

No trade execution
No training on portfolio data
No brokerage connections
Encrypted at rest & in transit
US-based infrastructure
Per-user isolation

AES-256 at rest. TLS 1.2+ in transit.

Four principles behind every architecture decision.

How we think about
your data.

Read-only access by default

Stanalyst does not connect to your brokerage. Portfolios are added via screenshot import or manual entry. We cannot place trades, move money, or change anything in your accounts.

Your data stays out of the model

We do not use your portfolio or account data to train AI models. Our AI providers operate under strict data processing agreements that prohibit training on customer data. We improve report quality based on how our analyst recommendations perform over time.

Walled off from everyone else

Each user's data is logically isolated. AI analysis runs in separate contexts. Your holdings, watchlists, and reports are never visible to other users or aggregated across accounts.

Delete means delete

Disconnect a portfolio and the associated data is removed immediately. Delete your account and all stored data is purged within 30 days. No retention tricks, no "anonymized" holdbacks.

Infrastructure &
compliance.

Authentication

Email/password and social sign-on with session tokens that expire automatically. Failed login attempts are rate-limited.

Encryption

AES-256 at rest via our cloud providers. TLS 1.2+ for everything in transit. API keys and secrets live in environment-level vaults.

Payments

Stripe handles all billing. We never see or store card numbers. Stripe is PCI DSS Level 1 certified.

Hosting

US-based infrastructure on secured and trusted providers. Daily database backups with point-in-time recovery. Managed load balancers with DDoS mitigation.

Nothing leaves your account.

Your AI analyst receives your strategy settings and stock universe. It pulls market data from our providers. It never asks for your brokerage login or connects to your brokerage.

Strategy config

Your risk params

Market data

From our providers

AI analysis

Isolated per user

Trade proposals

Delivered to you

Common questions.

Can Stanalyst place trades or transfer money from my account?

No. Stanalyst does not connect to your brokerage and cannot place trades, initiate transfers, or modify your accounts.

Is my data used to improve or train AI models?

Never. We do not use your portfolio or account data to train AI models. Our AI providers operate under strict data processing agreements that prohibit training on customer data. We may use aggregated performance of analyst recommendations to improve future reports and proposals.

What happens when I disconnect a portfolio or delete my account?

Disconnecting a portfolio removes its holdings data immediately. Deleting your account purges all stored data within 30 days.

Who has access to my portfolio and reports?

Only you. Data is isolated per user. Stanalyst employees do not have default access to customer portfolios or AI-generated reports.

Always improving.

The controls above reflect where we are today. Security doesn't ship once and sit still. We're continuously tightening access policies, auditing dependencies, and expanding our compliance posture.

Found something? Reach out at security@stanalyst.app. For general questions, see FAQ. For data handling, our privacy policy.

Stanalyst

AI research for every portfolio.

Start free trial