← Back to Terminal
Privacy Policy
Document ID: GOAT-PP-2026-001 | Effective: January 1, 2026 | Last Updated: March 17, 2026 | Version 3.0 | Jurisdiction: Tennessee, USA
GOAT Financial Terminal operates as a financial data analytics and research platform for informational and educational purposes only. We are committed to protecting your privacy and handling your data responsibly.
Section 1: Data Controller Information
| Detail | Information |
|---|
| Legal Entity | GOAT Financial |
| State of Registration | Tennessee, USA |
| Data Protection Officer | privacy@goatfinancial.com |
| General Contact | support@goatfinancial.com |
Section 2: Information We Collect
2.1 User-Provided Data
- Email addresses and usernames for account creation
- Passwords (stored via industry-standard cryptographic hashing with salt — we never store plaintext passwords)
- Display name and preference settings
- Payment information processed exclusively through third-party processors (Stripe, Apple) — we do not store complete payment card numbers
- Support communications and feedback
2.2 Automatically Collected Data
- Usage patterns: features accessed, time spent, interaction events
- Device specifications: operating system, browser type, screen resolution
- IP addresses (anonymized after 30 days)
- Approximate location derived from IP address (city/region level only)
- Performance metrics: page load times, API response times
2.3 Data We Explicitly Do NOT Collect
- Actual trading account data, brokerage credentials, or portfolio holdings (unless voluntarily entered by user)
- Social Security Numbers or government-issued identification
- Biometric information
- Precise GPS coordinates
- Health or medical data
- Information from minors under 18
Section 3: Legal Basis for Processing (GDPR)
| Processing Activity | Legal Basis |
|---|
| Account creation & service delivery | Contract performance |
| Payment processing | Contract performance |
| Fraud prevention & security | Legitimate interests |
| Service analytics & improvement | Legitimate interests |
| Marketing communications | Consent (opt-in only) |
| Legal compliance & regulatory | Legal obligation |
Section 4: How We Use Your Information
Service Operations
Platform delivery, subscription management, personalized analytics configuration, customer support, and account administration.
Security
Fraud detection and prevention, abuse prevention, threat identification, system monitoring, and Terms of Service enforcement.
Product Development
Usage analysis, feature improvement, A/B testing, and generation of anonymized aggregate statistics.
Communications
Transactional emails (account confirmation, password reset), customer support responses, and opt-in marketing (with unsubscribe option in every message).
Section 5: Information Sharing
We do NOT sell, rent, lease, or trade your personal data to third parties for marketing purposes or any other consideration.
Limited Disclosure Scenarios
- Service providers: Contractually bound third parties who assist in operating our Platform (hosting, payment processing, analytics)
- Legal requirements: When required by law, subpoena, court order, or government request
- Safety & rights protection: To protect the rights, property, or safety of the Company, users, or the public
- Business transfers: In connection with a merger, acquisition, or sale of assets (subject to continued policy coverage)
- With your explicit consent for any other purpose
We Never Share
- Personal data with data brokers or marketing companies
- Your identity with third parties without your consent
- User analytics with competitors
Section 6: Third-Party Service Providers
| Provider | Service | Data Shared |
|---|
| Railway | Cloud hosting | Application data (encrypted) |
| Polygon.io | Financial market data | API queries (no user PII) |
| GitHub | Source code management | No user data |
| Apple | iOS app distribution | Apple account (per Apple policy) |
Section 7: Cookies & Tracking
Cookie Categories
- Essential (Session–30 days): Authentication tokens, session management, CSRF protection. Strictly necessary; no consent required.
- Functional (Up to 1 year): User preferences, display settings, theme selection. Legitimate interest basis.
- Analytics (Up to 2 years): Usage patterns and performance data. Consent required where applicable.
- Marketing: Currently not used.
Users may manage cookies through browser settings, clear cookies at any time, or use Do Not Track signals.
Section 8: Security Measures
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Cryptographic password hashing (bcrypt/SHA-256 with salt)
- JWT token-based authentication with HMAC-SHA512 signing
- Role-based access controls
- Web Application Firewall (WAF) with rate limiting
- IP-based threat detection and automatic blocking
- Regular security audits and dependency updates
Limitation: No method of electronic transmission or storage is 100% secure. While we employ industry-standard protections, we cannot guarantee absolute security.
Section 9: Data Retention
| Data Type | Retention Period | Reason |
|---|
| Account information | 30 days after account closure | Service provision & legal |
| Transaction records | 7 years | Legal & tax obligations |
| Usage logs | 90 days, then anonymized | Security & analytics |
| IP addresses | 30 days, then anonymized | Security monitoring |
| Support tickets | 3 years | Quality assurance |
| Marketing consent records | Until withdrawn | Compliance documentation |
| Backups | 90-day rolling window | Disaster recovery |
Section 10: Your Privacy Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data and obtain a copy
- Correct inaccurate or incomplete information
- Delete your personal data ("right to be forgotten")
- Port your data to another service in a machine-readable format
- Restrict processing of your data
- Object to certain processing activities
- Withdraw consent at any time (without affecting prior lawful processing)
- Opt out of marketing communications
To exercise any right, contact privacy@goatfinancial.com. We will respond within 30 days (45 days for complex requests). Identity verification may be required. Most requests are fulfilled free of charge.
Section 11: California Residents (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to know what personal information is collected, used, and shared
- Right to request deletion of personal information
- Right to correct inaccurate information
- Right to opt out of the sale or sharing of personal information
- Right to non-discrimination for exercising privacy rights
We do NOT "sell" personal information as defined by the CCPA, nor do we share data for cross-context behavioral advertising.
Submit CCPA requests to privacy@goatfinancial.com with the subject line "CCPA Request."
Section 12: European Residents (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, you have all rights listed in Section 10, plus:
- Right to lodge a complaint with your local supervisory authority
- Right to be informed about data transfers outside the EEA
International data transfers to the United States are protected by Standard Contractual Clauses (EU-approved) and supplementary technical safeguards.
Section 13: Additional U.S. State Laws
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA): Residents of these states have rights to access, correct, delete, and port their data, as well as opt out of targeted advertising, data sales, and certain profiling. Exercise these rights by contacting privacy@goatfinancial.com.
Section 14: Children's Privacy
The Platform is restricted to users who are 18 years of age or older. We do NOT knowingly collect personal information from anyone under 18. If we discover that a minor's data has been collected, it will be promptly deleted. Parents or guardians with concerns should contact privacy@goatfinancial.com.
Section 15: Policy Updates
We may update this Privacy Policy periodically. Changes will be communicated through:
- Revised posting on this page with updated "Last Updated" date
- Email notification for material changes
- In-app notification banner
- 30-day advance notice for significant changes
Continued use of the Platform after updates constitutes acceptance of the revised policy.
Section 16: Contact Information
| Purpose | Contact |
|---|
| Privacy inquiries & data requests | privacy@goatfinancial.com |
| Data Protection Officer | privacy@goatfinancial.com |
| General support | support@goatfinancial.com |
| Legal inquiries | legal@goatfinancial.com |
Response commitment: 30-day response window. Prefix urgent security matters with "URGENT" in the subject line.