Privacy Policy

Last updated: 2026

AlphaFlowSeven (AF7) handles only the data needed to run the service. This page describes what we collect, why, and what we do with it.

1. What we collect

Account data: email address, hashed password.
Usage data: the councils, strategies, signals, paper trades, and evaluations you create.
AI prompt data: the market data and prompts sent to upstream AI providers (Anthropic, OpenAI, Google, xAI, DeepSeek, Moonshot) so they can return decisions.
Operational logs: request timestamps, IP addresses, and error traces for debugging and abuse prevention. Logs are auto-deleted after 14 days.

2. What we don't collect

AF7 does not collect exchange API keys, bank details, or any custody credentials. AF7 does not execute real trades and therefore has no need for them.

3. Tenancy and isolation

Every council, strategy, position, and signal is scoped to your user via a tenant system that injects your user ID on insert. Other users cannot see your configurations or trades.

4. Third-party processors

Prompts and the necessary market context are sent to the AI provider you select per agent. Those providers operate under their own privacy policies. AF7 uses managed cloud infrastructure (database, hosting, email) under standard data-processing terms.

4a. Payment processing — Stripe

Account top-ups are processed by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland — an EU-licensed E-Money Institution. AlphaFlowSeven never sees or stores your card or bank-account details; those are collected directly by Stripe on Stripe-hosted pages.

Data we share with Stripe: your name, email address, billing address (street + country + postal code), VAT identification number (only if you provide one for a B2B reverse-charge invoice), and the deposit amount. Stripe additionally collects directly from you: card number and expiry / IBAN / equivalent payment-method data, depending on the method you choose. AF7 never receives that data.

Purpose: processing the payment, fraud prevention, calculating EU VAT, generating compliant invoices, and meeting regulatory requirements under PSD2 (which is why your bank may ask for Strong Customer Authentication — typically a one-time code or biometric challenge — during checkout).

Retention: Payment records are retained for seven years as required by Swedish bookkeeping law (Bokföringslagen).

Useful links: Stripe's privacy policy, data-processing agreement, and services agreement.

5. What we don't do

We do not sell user data.
We do not run advertising trackers.
We do not share your data with third parties beyond the AI and infrastructure providers required to operate the service.

6. Data export and deletion

You can export or delete your account data on request from the account dashboard. Deletion removes your configurations, signals, paper trades, and account record. Aggregate platform metrics may retain anonymized counts.

7. Cookies

AF7 uses a single session cookie required for login. No third-party tracking cookies, ad pixels, or analytics that identify individuals.

8. Contact

For privacy questions, contact us via your account dashboard.