Skip to content
SISUL

Legal

Privacy policy.

This policy explains what information Sisul collects, why we collect it, who we share it with, and the choices you have. It applies to this website and to accounts created on it. Sisul is pre-launch and pre-license; we collect far less than a live brokerage product would, and this policy will be updated before that changes.

Effective date: June 9, 2026

What we collect

We collect only what the product needs to function:

  • Account information. Your email address and a password hash (we store a scrypt hash, never the password itself). If you enable two-factor authentication, we store your authenticator secret encrypted with AES-GCM.
  • Session records. When you sign in we create a server-side session record that includes an identifier, a hashed session secret, and technical metadata such as IP address and browser user agent, used to secure and revoke sessions.
  • Trading history (traders). If you connect a brokerage account as a trader, we read your trade history from your broker (Alpaca) through a read-only integration and store it to build your verified track record. We never receive your brokerage login credentials.
  • Waitlist information. If you join the waitlist, we store your email address along with the persona you selected and the page you signed up from.
  • Logs. Standard server logs (request paths, timestamps, IP addresses) kept for security and debugging.

We do not collect payment information, government identifiers, or precise location. No real money moves on this platform today.

How we use it

We use the information above to operate the service: creating and securing your account, building and displaying verified track records, responding to your requests, sending the emails you asked for (verification links, recovery links, waitlist updates), and keeping the platform safe. We do not use your information for advertising and we do not build advertising profiles.

Cookies and similar technologies

We use strictly necessary cookies only. The one cookie we set is the session cookie that keeps you signed in; it is HTTP-only and signed. Your theme preference (light or dark) is stored in your browser's local storage and never leaves your device. We use no analytics trackers, no advertising cookies, and no third-party cookies of any kind, which is why you do not see a cookie consent banner here.

Sharing

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only with service providers that host and operate the platform for us (cloud hosting, email delivery) and with your broker (Alpaca) to the extent you connect it. Each provider receives only what it needs to perform its function. We may also disclose information if required by law, or to protect the rights, safety, and security of Sisul and its users.

Retention

Account information is kept while your account exists. Session records are kept until they expire or are revoked. Waitlist emails are kept until you ask to be removed or we launch and migrate the list. Verified trade history is the product's core trust artifact: it is append-only by design, and a trader's chain is retained while their profile exists. Server logs rotate on a short schedule.

Security

How we protect the data we hold, including the hash chain, our session design, password hashing, and how to report a vulnerability, is described on the security page.

Your rights and choices

You can request access to, correction of, or deletion of your personal information at any time, and we will not discriminate against you for exercising any privacy right. California residents have these rights under the CCPA/CPRA; because we do not sell or share personal information for behavioral advertising, there is nothing to opt out of. If you are in the European Economic Area or the United Kingdom, you may also have rights to data portability, restriction of processing, and objection, and the legal bases we rely on are performance of a contract (operating your account) and legitimate interests (security and product operation).

To exercise any of these rights, contact us using the method in the Contact section below and we will respond within the timeframe the applicable law requires.

Do Not Track

Some browsers send a "Do Not Track" signal. Because we do not track visitors across other websites and use no third-party trackers, our response to a Do Not Track signal does not change anything: there is no tracking either way.

Children

This service is for adults. It is not directed at anyone under 18, and we do not knowingly collect information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.

Changes to this policy

When we change this policy we will update the effective date at the top of this page, and for material changes we will provide more prominent notice, such as an email to account holders. Continuing to use the service after a change takes effect means the updated policy applies.

Contact

For any privacy question or request, reach us through the contact form and we will route it to the right person. A dedicated privacy contact address will be published here before launch.