Privacy Policy

We collect the following categories of data to provide our services, comply with legal obligations, and ensure the security of your account:

• Account Information: Name, email address, phone number, mailing address, tax identification number (SSN/TIN), and brokerage account details.
• Trading Data: Account balances, trading history, order logs, profit/loss data, positions, and API credentials (encrypted).
• KYC Documentation: Government-issued photo ID, proof of address, source of funds declaration, and suitability questionnaire responses.
• Technical Data: IP addresses, device information, browser type, operating system, and access logs.
• Communications: Email correspondence, support tickets, and consultation notes.

Trading data is used solely for the following purposes:

• Executing algorithmic trading strategies within your brokerage account.
• Calculating profit shares and generating invoices for performance fees.
• Fulfilling regulatory reporting obligations (SEC, FINRA, FinCEN).
• Monitoring account activity for fraud prevention and AML compliance.
• Generating monthly performance reports and tax documentation.

We do not sell your trading data to third parties. Your data is used exclusively for the operational and compliance purposes described above.

API keys are encrypted at rest using AES-256 and in transit using TLS 1.3. Access is restricted to automated trading systems and authorized engineering personnel with multi-factor authentication (MFA).

API keys are never logged in plaintext, shared via unsecured channels, or stored on personal devices. We conduct regular access reviews and rotate credentials as part of our security program.

Trading data may be shared with the following categories of third parties, under strict confidentiality and data processing agreements:

• Your Brokerage Firm: For order execution, account verification, and trade settlement.
• Regulatory Agencies: As required by law, including SEC, FINRA, FinCEN, and state securities regulators.
• Auditors and Compliance Consultants: Bound by professional confidentiality obligations and non-disclosure agreements.
• Service Providers: Cloud hosting, cybersecurity, and data analytics providers operating under data processing agreements (DPAs).

We retain your data for the following periods:

• Trading Records: Retained for 7 years per SEC Rule 17a-4 and FINRA requirements.
• KYC/AML Data: Retained for 5 years after account closure per Bank Secrecy Act (BSA) requirements.
• API Credentials: Deleted within 30 days of account termination.
• Non-Regulatory Data: You may request deletion of non-regulatory data after the applicable retention period has expired.

We implement industry-standard security controls to protect your data:

• SOC 2 Type II compliant controls and procedures.
• Annual third-party penetration testing and vulnerability assessments.
• Role-based access control (RBAC) with least-privilege principles.
• Comprehensive audit logging of all data access and system changes.
• Incident response plan with 72-hour notification for breaches affecting personal data.

You have the following rights regarding your data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Export: Request an export of your trading data in a structured format.
• Revocation: Revoke API access at any time through your brokerage platform.
• Deletion: Request account closure and data deletion, subject to legal retention requirements.

To exercise any of these rights, contact us at privacy@purposeinv.com.

Our website uses essential cookies to maintain session state and security. We do not use third-party advertising cookies or tracking pixels for behavioral advertising.

We may use analytics tools (e.g., Google Analytics) to understand website usage patterns. These tools collect anonymized data and do not identify individual users.