Privacy Policy

Last updated: January 31, 2026

The Short Version

Your broker credentials never leave your device. Your trading data syncs to enable cloud backup — we don't analyze it, sell it, or share it. We use your email to manage your account and send you important updates. That's it.

Who We Are

CandleSight is operated by MicroMediaSites LLC. This policy explains what we collect, why, and what we do with it.

What We Collect

Your Email and Account Info

When you sign up, we collect your email address through Clerk (our auth provider). We use this to identify your account, manage your subscription, and send service updates.

Your Broker API Credentials

These never touch our servers. Your OANDA API key is encrypted locally on your device using AES-256-GCM and protected by your master password. We can't see it. We can't recover it. This is by design — see our security documentation for the full technical breakdown.

Your Trading Data

Trade history, strategies, backtest results, and notes sync to our servers so you can access them across devices and restore them if you reinstall. This data is tied to your account and encrypted in transit (TLS 1.2+) and at rest.

Anonymous Usage Analytics

We use Plausible (a privacy-focused, cookie-free analytics tool) to understand which features people use and where the app breaks. We don't track individual trades or trading behavior.

Payment Info

Stripe handles payments. We never see your card number.

What We Don't Do

  • We don't sell your data. To anyone. Ever.
  • We don't analyze your trades. We're not building a prop desk off your order flow.
  • We don't share with brokers. OANDA doesn't know you use CandleSight unless you tell them.
  • We don't run ads. No ad networks, no tracking pixels, no "partners" scraping your data.
  • We don't store your API credentials. They exist only on your device, encrypted.

How We Use Your Data

  • Authenticate your account and manage your subscription
  • Sync your strategies and trade history across devices
  • Send security alerts and important service updates
  • Fix bugs and improve the product based on aggregate usage patterns
  • Respond when you contact support

Third-Party Services

ServicePurposeTheir Privacy Policy
ClerkAuthenticationclerk.com/privacy
StripePaymentsstripe.com/privacy
PlausibleAnalytics (no cookies)plausible.io/privacy

Data Security

  • API credentials: AES-256-GCM encryption, never transmitted
  • Data in transit: TLS 1.2+
  • Data at rest: Encrypted on our servers
  • Authentication: Handled by Clerk with industry-standard practices
  • Password requirements: 16+ characters, checked against breach databases

For the full technical details, see How We Secure Your Keys.

Your Data, Your Control

You can:

  • Export your data anytime from the app
  • Delete your account and all associated data by emailing support@candlesight.com
  • Opt out of product update emails (security notifications will still be sent)

We retain your data while your account is active. If you delete your account, we remove your data within 30 days.

Age Requirement

CandleSight connects to brokerage accounts, which require users to be 18 or older. We don't knowingly collect data from anyone under 18.

Changes

If we make material changes to this policy, we'll notify you via email before they take effect.

Questions?

Email us: support@candlesight.com