Privacy Policy

Effective: May 3, 2026

TickerRoom ("we," "us") is operated by an individual based in Texas, USA. This policy explains what information we collect, how we use it, and the choices you have. We try to collect only what is necessary to run the service.

Information we collect

Account info: the email address and (optionally) display name you provide at signup, plus a securely hashed version of your password. We never see or store your plaintext password.
Invite codes: if you sign up using an invite, we record which code you used.
Waitlist signups: if you join the waitlist, we record your email address and the page you submitted from.
Authentication: when you log in we create a session token tied to your account, your last-login time, and the IP address and browser user-agent at the time of session creation.
Server logs: our web server logs the requests it serves (URL, timestamp, response code, and your IP address as forwarded by Cloudflare). These rotate weekly and are kept for at most a couple months.
Password resets: if you request or receive a password reset, we record the time, expiration, and originating IP for the reset link until it is used or expires.

We do not collect payment information (we don't currently charge), we do not use third-party analytics or advertising trackers, and we do not run social-media pixels.

How we use it

To run the service: authenticate you, deliver the morning brief and ticker research, manage your account.
Security: detect and prevent abuse (rate limiting, brute-force defense, audit trails for password changes).
Transactional email: send signup confirmations, password reset links, and security notifications. We do not send marketing email.

How we share it

We do not sell your information. We share it only with the third-party service providers we need to operate the site:

DigitalOcean — hosting (the server runs on a DigitalOcean droplet)
Cloudflare — DNS, CDN, DDoS protection, and the tunnel that fronts the site
Resend — outbound transactional email delivery

Market data is fetched from Yahoo Finance via the open-source yfinance library. We send Yahoo no information about you — only the ticker symbols our server is looking up.

We may also disclose information if required by law, valid legal process, or to protect the safety, rights, or property of TickerRoom, its users, or the public.

Cookies

We use a single first-party session cookie ("tr_session") to keep you logged in. It is HTTP-only, secure, and set with SameSite=Lax. We do not use advertising cookies, third-party tracking cookies, or analytics cookies.

Data retention

Account information is retained until you delete your account or request deletion. Server logs are rotated weekly and retained for at most a couple months. Expired or used reset tokens remain in the database in case of dispute but no longer grant access.

Your choices

Access / correction: email [email protected] and we will provide a copy of, or correct, the personal information we hold about you.
Deletion: email [email protected] from the account's email address and we will delete the account and associated data, except where retention is legally required.
Password: change it from the Account button inside the app, or use the "Forgot your password?" link on the login page.

Security

We hash passwords with bcrypt, store them only in hashed form, run the site over HTTPS via Cloudflare, and isolate the production database to a single hardened server with regular backups. No system is perfectly secure — if you become aware of a vulnerability, please email [email protected].

Children

TickerRoom is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with information, please contact us so we can delete it.

International users

The service is operated from the United States. If you access TickerRoom from outside the U.S., you understand that information you provide will be processed in the U.S.

Changes

We may update this policy. If we make a material change, we will notify registered users by email and update the effective date above.

Contact

Questions or requests about this policy: [email protected].