Privacy Policy

1. Who we are

Blindspot is a portfolio risk-analysis tool. We are a small team building this in the open; the contact for any privacy question is below in §8.

2. What data we collect

• Account. Email and a hashed password (via Supabase Auth). We never see your plaintext password.
• Portfolio. Tickers, weights, and the names you choose for your saved portfolios.
• Brokerage connection (optional, via Plaid or SnapTrade). See §4 for the full disclosure.
• Subscription (optional, via Stripe). If you upgrade to Pro, Stripe stores your payment details and tells us your subscription status. See §5 for what we receive vs. what stays inside Stripe.

3. Sub-processors

• Supabase— authentication and database (United States).
• Plaid— brokerage connectivity (United States). Only used when you actively connect a brokerage via Plaid; see §4A.
• SnapTrade— brokerage connectivity (Canada / United States). Only used when you actively connect a brokerage via SnapTrade; see §4B.
• Stripe— payments (United States). Only used if you subscribe to Pro; see §5.
• Yahoo Finance— price data. We send only ticker symbols to look up historical prices. We never send your account, holdings list, or identifying information to Yahoo.

4. Brokerage connections via Plaid and SnapTrade

Blindspot offers two optional ways to connect a brokerage so we can read your holdings for analysis: Plaid and SnapTrade. You only see one or the other in the product at any given time, depending on which is available for your account. Both follow the same model: you enter your brokerage credentials on the vendor's screen, not on Blindspot's, and the vendor hands us a token that authorizes read-only access. Blindspot never sees your bank or brokerage username, password, or any login credential.

§4A. Plaid

Plaid Inc. is the company that powers brokerage connections for thousands of financial apps. When you click “Connect Brokerage” in the Plaid flow, you are handed off to Plaid's interface to enter your brokerage credentials. Plaid handles credential capture, authentication, and the secure handoff back to us.

What Blindspot receives from Plaid

• A long-lived access token that authorizes us to read your investment holdings on your behalf. We store this token encrypted at rest using AES-256-GCM. It is never visible to anyone outside our backend.
• A snapshot of your investment holdings: ticker symbols, quantities, and market values, aggregated across the accounts you authorize.

What Blindspot does NOT receive

• Your brokerage credentials.
• Trading authority. Our access scope is “Investments” (analytics-only). We cannot place trades.
• Bank account or routing numbers, ACH transactions, or any non-investment account data.

Retention & control

We keep your Plaid access token until you click “Disconnect” in Blindspot. Disconnecting calls Plaid's /item/remove endpoint, which severs Plaid's link to your brokerage on Blindspot's behalf, and deletes our copy of the token. We do not retain a backup copy and we do not auto-purge inactive connections — if you stop using Blindspot, your connection stays in place until you affirmatively disconnect or delete your account. You can disconnect at any time from the Connect Brokerage tab on the Analyze page; disconnecting takes effect immediately.

Plaid's own policy

Plaid is a separate company with its own privacy policy: see plaid.com/legal/#consumers for what Plaid does with your data on their side. Plaid is regulated as a consumer reporting agency in some jurisdictions; their controls are independent of ours.

§4B. SnapTrade

SnapTrade (Passiv Inc.) is the company behind a brokerage connectivity layer used by investment analytics products. When you click “Connect Brokerage” in the SnapTrade flow, you are handed off to SnapTrade's Connection Portal to enter your brokerage credentials. SnapTrade handles credential capture, the OAuth handshake with each broker, and the secure handoff of a token back to us.

What Blindspot receives from SnapTrade

• A long-lived userSecret that authorizes us to read your investment holdings. We store it encrypted at rest using the same AES-256-GCM key as the Plaid path. It is never visible to anyone outside our backend.
• A snapshot of your investment holdings: ticker symbols, quantities, and market values, aggregated across the brokerage authorizations you grant.

What Blindspot does NOT receive

• Your brokerage credentials.
• Trading authority. We hard-code connectionType: “read” in our SnapTrade integration. We cannot place trades or move money.
• Bank account or routing numbers, ACH transactions, or any non-investment account data.

Retention & control

We keep your SnapTrade userSecret until you click “Disconnect” in Blindspot. Disconnecting calls SnapTrade's removeBrokerageAuthorizationendpoint to sever the link and deletes our copy of the credential. We do not retain a backup copy and we do not auto-purge inactive connections — you can disconnect at any time from the Analyze page.

SnapTrade's own policy

SnapTrade is a separate company with its own legal terms and privacy disclosures: see snaptrade.com/legal for what SnapTrade does with your data on their side. Their controls are independent of ours.

5. Payments via Stripe

If you subscribe to Blindspot Pro, payments are processed by Stripe, Inc. Stripe is our payments sub-processor and the system of record for your card data.

What Stripe stores (and we never see)

• Your full card number, expiration, and CVC. These are entered directly into Stripe's hosted Checkout page, not on Blindspot.
• Billing address (if collected at checkout for tax purposes).

What Blindspot receives from Stripe

• A Stripe customer ID and subscription ID. We use these to look up your subscription status.
• Your current subscription state (active, past-due, canceled, etc.) and the renewal-or-cancel date. We use this to decide whether to grant Pro features.

Stripe is a separate company with its own privacy policy: see stripe.com/legal. To cancel your subscription, use the Customer Portal link in your Blindspot account page; the cancellation takes effect at the end of your current billing period.

6. Retention

Account, portfolio, Plaid, SnapTrade, and Stripe-linked data persist until you delete them or close your account. We do not auto-purge on inactivity. If you delete a saved portfolio, the row is removed immediately from our database; backups expire on Supabase's standard schedule (currently 7 days for our tier).

7. Your rights and how to delete your data

To delete your account or any connected data, email us at the address below in §8 and we will action your request within 30 days. Disconnecting Plaid or SnapTrade is self-serve today via the Connect Brokerage tab on the Analyze page; canceling a Stripe subscription is self-serve via the Customer Portal link in your account page.

8. Contact

Questions, concerns, or requests: hello@blindspot.fyi. See also our Contact page for response-time expectations.