Privacy Policy

We collect the minimum data needed to provide and improve Materix:

• Account information: Your email address when you sign up (used for authentication and service communications).
• API usage logs: Timestamps, endpoints called, response codes, and your API key identifier. We use this for rate limiting, debugging, and usage analytics.
• Session data: A session cookie (materix_session) for dashboard authentication. This is HttpOnly and secure — it cannot be read by JavaScript.

• Payment data: We do not process or store credit card numbers, billing addresses, or other payment information. All payment processing is handled by Lemon Squeezy, our payment provider. Their privacy policy governs payment data.
• Trading data: We have no visibility into your brokerage accounts, positions, or trading activity.
• Tracking pixels or ad networks: We do not use third-party advertising trackers.

We use a small number of cookies:

• materix_session: Authentication cookie for the dashboard. HttpOnly, Secure, SameSite=Lax. Expires when you log out or after 7 days.

We do not use analytics cookies, advertising cookies, or cross-site tracking. If we add analytics in the future, we will update this policy and use a privacy-respecting provider.

• Authenticate you and manage your subscription
• Enforce rate limits and prevent abuse
• Send transactional emails (magic link login, key alerts)
• Debug errors and improve the service
• Generate aggregate usage statistics (not tied to individual users)

We do not sell, rent, or share your personal data with third parties for marketing purposes.

• Account data: Retained while your account is active. Deleted within 30 days of account closure.
• API usage logs: Retained for 90 days, then automatically purged.
• Session cookies: Expire after 7 days or on logout.

We use industry-standard measures to protect your data: TLS encryption in transit, encrypted database connections, hashed API keys, and HMAC-signed session tokens. Our infrastructure is hosted on Railway with managed PostgreSQL.

No system is perfectly secure. If we discover a data breach that affects your personal information, we will notify you by email within 72 hours.

Regardless of where you are located, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Ask us to fix inaccurate data.
• Deletion: Ask us to delete your account and associated data. We will comply within 30 days.
• Export: Request your data in a machine-readable format.
• Objection: Object to processing of your data for specific purposes.

To exercise any of these rights, email privacy@materix.dev.

We use the following third-party services that may process your data:

• Lemon Squeezy: Payment processing (handles billing data directly).
• Resend: Transactional email delivery (receives your email address for magic link login).
• Railway: Infrastructure hosting (servers, database).

Each provider operates under their own privacy policy and data processing agreements.

Materix is not directed at anyone under 18. We do not knowingly collect data from minors. If you believe a child has created an account, contact us and we will promptly delete it.

We may update this policy as our practices evolve. When we make material changes, we will update the date at the top and, where appropriate, notify you by email.

Privacy questions? Email privacy@materix.dev.