Privacy Policy
1. Who we are
This Privacy Policy describes how Maffeo & Co LLC ("we," "us," or "Capitol Gain"), a Louisiana limited liability company, collects, uses, and protects your information when you use Capitol Gain (the "Service") at tradingcapitolgain.com.
2. What we collect
| Category | Examples | Source |
|---|---|---|
| Account info | Email address, password hash, account creation date, tier (free / Pro / Elite) | You, when you sign up |
| Billing info | Stripe customer ID, subscription status, billing history | Stripe (we don't see your card number — Stripe handles it) |
| Portfolio holdings | Ticker symbols, share counts, cost basis (only if you connect) | You (manual entry, CSV upload, or via Plaid) |
| Usage data | Which features you use, alert preferences, watchlist contents | Generated as you use the Service |
| Seylah Chat history | Messages you send to Seylah (Elite feature) | You, when you chat |
| Technical data | IP address, user agent, timestamps (in server logs) | Standard web server logs |
We do not collect: your social security number, your bank account number, your home address, or any data you don't actively provide.
3. How we use your data
- Run the service. Authenticate you, show your portfolio, calculate signals.
- Send alerts. Email you about congressional trades, bill updates, and signals you opt into.
- Process payments. Charge your subscription and handle refunds via Stripe.
- Improve the product. Aggregate, anonymized usage patterns help us prioritize features.
- Communicate with you. Send service updates, security notices, and respond to support requests.
- Comply with the law. Respond to lawful requests, prevent fraud, enforce our Terms.
We do not sell your data to anyone. We don't run advertising in the Service. We don't share your portfolio data with third parties for marketing.
4. Third parties & data processors
To operate Capitol Gain, we send specific data to trusted infrastructure providers. Each has their own privacy policy and SOC 2 / similar compliance:
| Provider | Role | What they see |
|---|---|---|
| Vercel | Web hosting, edge compute | HTTP traffic, IP addresses, server logs |
| Supabase | Database, authentication | Email, password hash, all user data |
| Stripe | Payment processing | Card data (we never see it), billing email, subscription state |
| Plaid | Brokerage connections (optional) | Brokerage credentials (Plaid holds them, not us); we receive read-only holdings data |
| Anthropic | Seylah AI features | Messages you send to Seylah, plus relevant context (your tickers when Seylah analyzes them) |
| Resend | Transactional email | Your email address and the alert/contact content we send you |
| DigitalOcean | Backend compute (signal detectors) | Aggregated user data for signal generation; no PII beyond user IDs |
| Quiver Quantitative | Congressional trade data source | None — Quiver provides data to us, we don't send them your data |
5. AI features (Seylah)
Seylah is our AI-powered analysis layer, built on Anthropic's Claude API. When you use Seylah Chat or other AI-powered surfaces:
- Your messages are sent to Anthropic for processing
- Anthropic's commercial terms apply to that processing — they do not train on API customer data
- We may log chat content for abuse prevention, debugging, and improving Seylah's behavior
- We do not use your chat content to train any AI model
The non-chat Seylah surfaces (signal detection, insights, summaries) run on aggregated data and do not send your personal information to Anthropic beyond what's necessary to analyze the signals relevant to you.
6. Cookies & tracking
We use the minimum cookies needed to make the Service work:
- Authentication cookies / local storage. Keep you logged in (Supabase auth).
- Preference storage. Remember your settings (theme, alert preferences, last-viewed tab).
We do not use third-party analytics with cross-site tracking, advertising pixels, Facebook tracking, Google Analytics, or similar tools.
7. Data security
We take reasonable measures to protect your data:
- All connections use HTTPS (TLS) — no unencrypted traffic
- Passwords are hashed by Supabase using bcrypt — we never see them
- Database access uses row-level security policies
- API keys and secrets are stored encrypted in Vercel and rotated when compromised
- Card data is handled only by Stripe — never touches our servers
No system is perfectly secure. If we discover a breach affecting your data, we'll notify affected users within 72 hours of confirming the scope.
8. Data retention
- Active accounts: Data retained while your account is active.
- Deleted accounts: Personal data deleted within 30 days of account deletion. Aggregated, anonymized statistics may be retained indefinitely.
- Billing records: Stripe retains billing records as required by tax/financial law (typically 7 years).
- Server logs: Logs older than 30 days are deleted automatically.
9. Your rights
You have the right to:
- Access your data. Email us and we'll send you a copy.
- Correct your data. Most fields you can edit from account settings; contact us for the rest.
- Delete your account and data. Email us and we'll process the deletion within 30 days.
- Object to processing or withdraw consent. Stop using the Service and request deletion.
- Export your data. Email us for a JSON export of your portfolio and account.
To exercise any right, contact us at [email protected]. We respond within 7 business days.
10. Children's privacy
Capitol Gain is not intended for children under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we'll delete it.
11. Changes to this policy
We may update this policy as the Service evolves. Material changes (new data categories, new sharing relationships, new uses) will be communicated by email and/or in-product notice at least 14 days before they take effect. Minor wording changes will be reflected in the "Last updated" date at the top.
12. Contact
Privacy questions, data requests, or anything else:
- Email: [email protected]
- Contact form: tradingcapitolgain.com/contact
- Entity: Maffeo & Co LLC, Bossier City, Louisiana