Legal
Data Processing Addendum
In preparation
A formal, signable Data Processing Addendum (DPA) is available to institutional customers on request. This page summarizes how Aureum Sentinel processes personal data and the sub-processors it relies on.
- What we process: your identity (email, name), your portfolio holdings and the risk metrics derived from them, and limited usage data for security and product improvement.
- Purpose and legal basis: we process this data to provide the service you signed up for (contract) and, where you have consented, for optional communications and analytics. Security logging relies on legitimate interest.
- Protection: portfolio data is encrypted at rest and isolated per user by row-level security. See the Security Guide for detail.
Sub-processors
We rely on the following processors, each bound by their own data-protection terms. This list may be updated as our infrastructure evolves.
- Supabase: database, authentication, and storage.
- Vercel: web application hosting.
- Fly.io: API service hosting.
- Resend: transactional email delivery.
- SnapTrade, Tink: brokerage connectivity (read-only positions; they hold their own credentials).
- Consent-gated analytics and crash reporting: used only where you have agreed via the cookie banner.
Retention, deletion, and your rights
You can export or delete your data from Settings at any time; deletion is honored after a short grace period. EU / UK residents have rights of access, correction, deletion, and portability under GDPR.
For a signed DPA or any data-protection question, email privacy@aureumfrontiers.com.