Privacy Policy — v1.0.0 — Last Updated June 1, 2026. Effective 2026-06-01. This is the current published version. Download PDF ↓

RAVENEDGE

EdgeTrade Privacy Policy

Last Updated: June 1, 2026 Version: 1.0

RavenEdge LLC ("RavenEdge," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you access or use the EdgeTrade automated trading platform, the ravenedge.net website, and related services (collectively, the "Service"). It also describes your rights and choices, including under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA").

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, you must not use the Service.

1. Information We Collect

1.1 Information You Provide

Account registration: name, email address, password (stored as a salted hash), and subscription tier.
Strategy configuration: per-symbol and account-level settings including contract size, take-profit, stop-loss, days-to-expiry, strike offset, signal-source filter (including the Expert filter token), maximum concurrent positions, maximum daily loss, maximum daily trades, trading window, and live-arming expiry.
Communications: any messages you send to us, including via [email protected], support requests, and feedback.

1.2 Information from Your Broker

With your authorization (via OAuth), we receive from Charles Schwab & Co., Inc.:

Account identifier(s) and routing information needed to place Orders;
Position data (open positions, sizes, average prices);
Order status data (open orders, fills, cancellations);
Account balance and buying-power data necessary to enforce your risk limits; and
Transaction history necessary to compute realized profit and loss.

We do not receive, store, or use: Social Security numbers, tax identification numbers, banking information beyond what is needed for Order routing, or any data unrelated to operating your Strategy.

1.3 Information from Signal Sources

For Self-Directed Signals, we receive the webhook payload you (or your signal source, with your authorization) send to your designated webhook URL. The payload typically includes a symbol, direction, optional metadata, and a shared secret used for authentication.

1.4 Information Collected Automatically

Device and connection data: IP address, browser type, operating system, device type, language, referrer URL, and similar metadata.
Usage data: pages viewed, features used, time spent, clicks, and other interactions with the Service.
Cookies and similar technologies: session cookies for authentication and analytics. You may disable cookies through your browser, but parts of the Service may not function correctly without them.

1.5 Information from Third-Party Service Providers

Subscription and billing: Whop processes Subscription payments on our behalf. We receive transaction confirmations and Subscription status; we do not store full payment card numbers.
Authentication: Cloudflare Access provides identity-layer authentication. We receive authentication metadata from Cloudflare necessary to grant access to the Service.
Hosting: Fly.io and Neon Postgres host our application and database. They process data on our instructions under their own privacy and security commitments.

1.6 Sensitive Personal Information (CCPA/CPRA)

We do not knowingly collect or process the following categories of sensitive personal information unless you provide them voluntarily: Social Security numbers, driver's license numbers, racial or ethnic origin, religious beliefs, mail or text message contents, genetic data, biometric data, health information, or sexual orientation. We do not use sensitive personal information to infer characteristics about you.

2. How We Use Your Information

We use the information we collect to:

Operate, maintain, and improve the Service, including processing Strategy configurations, Standing Authorizations, and Orders;
Communicate with you about your Account, Subscription, system status, and changes to the Terms or this Privacy Policy;
Detect, investigate, and prevent fraud, abuse, and unauthorized access;
Comply with legal obligations, including responding to law-enforcement requests;
Enforce the Terms and exercise our legal rights;
Produce aggregated and de-identified analytics that do not identify you individually; and
Provide customer support.

We do not sell your personal information (as the term "sell" is defined under CCPA/CPRA), and we do not share your personal information for cross-context behavioral advertising.

3. How We Share Your Information

We share personal information only in the following circumstances:

3.1 Service Providers

We share personal information with vendors that process data on our behalf, including:

Charles Schwab & Co., Inc. — to route Orders and receive position, order, and balance data;
Whop — to process Subscription payments;
Cloudflare (Cloudflare Access) — to authenticate Users;
Fly.io — to host application infrastructure;
Neon (Neon Inc.) — to host the application database;
Cloud infrastructure provider (Fly.io) — also acts as platform-secret store for the key-encryption key protecting Broker tokens; a managed key management service is configured as a dormant fallback; and
AI/ML Vendors (Anthropic, OpenAI, Google, and others) — only for informational/commentary features, never as part of the autotrade execution path, and never with material personally identifying information unless necessary for the feature.

These service providers are contractually limited to using the data we share with them only to provide services to us.

3.2 Legal Compliance

We may disclose personal information to comply with applicable law, regulation, legal process, or governmental request, including subpoenas, court orders, and lawful requests by law enforcement.

3.3 Business Transfers

If RavenEdge is involved in a merger, acquisition, financing, reorganization, sale of assets, or bankruptcy, we may transfer personal information to the successor or acquirer, subject to the protections of this Privacy Policy.

3.4 With Your Consent

We may share personal information for other purposes with your consent.

4. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include:

AES-256-GCM envelope encryption of Broker access tokens, with per-User binding;
TLS encryption in transit;
Access controls, including identity-layer authentication via Cloudflare Access;
Append-only operational audit logging of order lifecycle events;
Vendor management procedures for third-party service providers.

Key-custody disclosure. As of the date of this Privacy Policy, the key-encryption key used to protect encrypted Broker tokens is held as a platform secret of our cloud infrastructure provider (Fly.io). A managed key management service is configured as a dormant fallback but is not currently the primary keystore. This means that, in addition to the cybersecurity risks inherent in any online system, our token storage carries residual risk from compromise of (a) our infrastructure provider, (b) RavenEdge personnel with operational access to the platform secret, or (c) software supply-chain components used to derive or apply the encryption key. We may migrate the keystore to a managed key management service or other architecture in the future without notice.

However, no system is perfectly secure. We cannot guarantee absolute security and we are not liable for security breaches that occur despite reasonable safeguards.

5. Retention

We retain personal information for as long as your Account is active and for a reasonable period thereafter to:

Comply with our legal, accounting, and regulatory obligations;
Resolve disputes;
Enforce the Terms; and
Maintain accurate business records.

When personal information is no longer required, we delete or anonymize it, except where retention is required or permitted by law.

6. Your Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the following rights regarding your personal information:

6.1 Right to Know

You have the right to request that we disclose:

The categories and specific pieces of personal information we have collected about you;
The categories of sources from which we collected the information;
The business or commercial purpose for collecting the information;
The categories of third parties with whom we share the information; and
The categories of personal information we have disclosed for a business purpose.

6.2 Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (for example, where retention is required to complete a transaction, detect security incidents, or comply with a legal obligation).

6.3 Right to Correct

You have the right to request that we correct inaccurate personal information we maintain about you.

6.4 Right to Opt Out of Sale or Sharing

We do not sell or share personal information for cross-context behavioral advertising. If our practices change, we will update this Privacy Policy and provide an opt-out mechanism.

6.5 Right to Limit Use of Sensitive Personal Information

We do not use sensitive personal information for purposes beyond those permitted under CCPA/CPRA.

6.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights.

6.7 How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected] with your request. We will verify your identity before fulfilling your request, which may require you to provide information sufficient to identify your Account. We will respond within the timeframes required by CCPA/CPRA.

You may designate an authorized agent to make a request on your behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly.

7. Children's Privacy

The Service is not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. If you believe we have collected personal information from a person under 18, contact us at [email protected] and we will promptly delete it.

8. International Users

The Service is hosted in the United States. If you access the Service from outside the United States, you consent to the transfer, processing, and storage of your personal information in the United States, which may have data-protection laws different from those of your jurisdiction.

If you are in the European Economic Area, United Kingdom, or another jurisdiction with similar privacy regimes, additional rights may apply. Contact us at [email protected] for information about exercising those rights.

9. Cookies and Tracking

We use only essential session cookies for authentication and a limited set of analytics cookies. We do not use advertising cookies or share personal information for cross-context behavioral advertising. We honor browser-based opt-out signals where required by applicable law.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable advance notice through the Service, by email, or by posting the updated Privacy Policy with a revised "Last Updated" date. Your continued use of the Service after the effective date of any modification constitutes your acceptance of the modified Privacy Policy.

11. Contact Us

For questions, requests, or concerns regarding this Privacy Policy, contact us at:

RavenEdge LLC Attn: Privacy Email: [email protected] General legal inquiries: [email protected]