This policy describes what information we collect when you use OffHours Investing, how we use it, and the choices you have. We aim for the smallest practical collection surface: we only ask for what we need to run the Service.
What we collect
Account data. Your email address and (if you set one) a display name. Passwords are stored as bcrypt hashes; we cannot read them.
Billing data. Your Stripe customer ID and subscription/credit history. Card details are handled by Stripe directly — we never see or store them.
Usage data. The analyses you run, the tickers you view, and rough timing/metering needed to apply rate limits and prevent abuse. We do not maintain a third-party analytics tracker for behavioral advertising.
OAuth data. If you sign in via Google, we receive your email address and a provider-issued user ID from Google. Nothing else.
How we use it
Account, billing, and usage data are used to operate the Service: authenticate you, apply the right plan/credit balance, run analyses, deliver email about important account events, and respond to support requests. We do not sell personal data.
Third parties we share with
We use a small number of service providers to run the Service. Each receives only the minimum data needed for its function:
- Stripe — payments processing (card data goes directly to them, never through us).
- Vercel — application hosting.
- Upstash — data storage (encrypted at rest).
- Google — OAuth sign-in (only if you choose to use it).
- Anthropic — AI analysis generation. Anthropic processes the ticker and prompt content but does not receive your account identity.
Cookies
We use one essential cookie to keep you signed in. It is a signed session token (HttpOnly, Secure, SameSite=Lax) and contains no behavioral or advertising data. No third-party tracking cookies are set by OffHours Investing.
Data retention
We retain your account, billing, and analysis-history data for as long as your account is active. If you delete your account, we remove your personal identifiers within 30 days. Anonymized aggregates (e.g., total analyses run) may be retained for operational purposes.
Payment records may be retained longer where required by applicable tax, accounting, or anti-fraud laws.
Your rights
You can export, correct, or delete your account data by emailing hello@offhoursinvesting.com. If you are in the EU, UK, California, or another jurisdiction with specific data rights, you may have additional rights under local law — we will honor any valid request to the extent the law applies.
Security
Passwords are hashed (bcrypt). Session tokens are signed and HTTP-only. All traffic is served over HTTPS. We follow standard practices for cloud-hosted SaaS, but no system is ever completely secure — you should use a strong, unique password.
Children
The Service is not intended for anyone under 18. We do not knowingly collect data from minors.
Changes
We may update this policy. Material changes will be announced via email or in-product notice. The "Last updated" date at the top of the page reflects the most recent change.
Contact
For any privacy question or request, email hello@offhoursinvesting.com.