PremiumGuardHQ
Privacy v2026.07
Privacy policy

What we keep. What we don’t. Why.

PremiumGuardHQ is built on broker data. This document spells out exactly which data we receive, who else sees it, how long we keep it, and how to make it go away.

Last updated July 2, 2026 Sections 8
1.0

Introduction

This policy applies to PremiumGuardHQ, operated by Medium Rare Enterprises out of Doylestown, Pennsylvania. It covers both the marketing site at premiumguardhq.com and the application at app.premiumguardhq.com.

PremiumGuardHQ is an analytics platform for self-directed options traders. We do not place trades, hold custody of funds, or act as a broker-dealer or investment adviser. We read transaction data from brokers you authorize, run math against it, and show you the result.

2.0

Information we collect

Account information

Email address and display name, collected during sign-up and stored in Supabase Auth.

Brokerage transaction data

Transaction history (fills, expirations, assignments), positions, and account balances. This data reaches us by one of three paths that you choose:

  • Charles Schwab: OAuth 2.0 connection, scopes limited to accounts:read and transactions:read.
  • Interactive Brokers: Flex Web Service token that you generate inside IBKR Account Management. Read-only by design.
  • CSV upload: Schwab transaction-history format or IBKR Activity Statement format, auto-detected. Plus manual single-trade entries you create.

Broker credentials

Schwab OAuth access and refresh tokens are stored encrypted. IBKR Flex tokens are stored encrypted. We never receive your broker username, password, or two-factor codes.

Market data

Real-time stock prices for your open positions, fetched via Finnhub. The request contains ticker symbols only; Finnhub does not receive user identifiers or transaction data.

Usage data

Page views and feature interactions tracked through PostHog for product improvement. We do not send your transaction data, broker credentials, or financial figures to PostHog.

Payment information

Subscription payments are processed by Stripe. Stripe stores card details directly; PremiumGuardHQ never sees or stores card numbers.

Communications

Your email address is used for two kinds of messages, both sent through Brevo: transactional messages (account notifications, billing confirmations, security alerts) and marketing communications (product updates, newsletters, occasional announcements). You can unsubscribe from marketing emails at any time using the link in any marketing message. Transactional messages cannot be unsubscribed from because they are required to operate your account.

Advertising and conversion measurement

When you arrive from one of our ads, we use Google Analytics, the Meta pixel, and the Reddit pixel (loaded through Google Tag Manager) to measure ad performance and to show you relevant ads. These tools receive a hashed, irreversible version of your email, your IP address and browser, the pages you view, and conversion events such as starting a trial or subscribing. They never receive your broker credentials, positions, transactions, or financial figures. You can limit this through your browser settings and the ad-preference controls offered by Google, Meta, and Reddit.

3.0

How we use your information

  • Detect wheel cycles, reconcile cost basis, and compute withdrawal recommendations from your broker data.
  • Sync transactions across the brokers you have connected.
  • Process subscription payments and manage your account state.
  • Send transactional notifications about your account, plus marketing emails you can unsubscribe from at any time.
  • Improve the product using anonymized usage patterns.
  • Produce de-identified, aggregated statistics from trade data across many accounts, such as the median outcome for a ticker, for product research and for content we publish. See “De-identified aggregate statistics” below.
  • Detect and respond to security incidents.

We do not sell your personal information, and we never use your broker data, positions, transactions, or financial figures for advertising or to train models. We do use limited advertising and conversion-measurement tools, described under “Advertising and conversion measurement” above, which receive a hashed version of your email and conversion events to measure ad performance and show relevant ads. The only trade-derived information we ever use in published content is the de-identified aggregate statistics described below, which contain no individual data.

De-identified aggregate statistics

We compute aggregate statistics from trade data across many accounts, for example how many traders ran wheel cycles on a given ticker and the median result. These statistics are computed inside our own database, are never tied to your name, email, or account, and exclude test data. Before any such statistic is published or shared outside the product, whether in our own content or with commercial partners, it must cover at least five distinct traders, so no figure can be traced back to any one person. Your individual trades, positions, and balances are never published or shared.

4.0

Data sharing and sub-processors

We do not sell your personal information. We share data only with the sub-processors required to operate the platform, listed in full below.

  • Supabase: database and authentication. Receives all user data, encrypted at rest.
  • Stripe: subscription billing. Receives email, billing details, and card token.
  • Brevo: transactional and marketing email. Receives email address and message contents.
  • PostHog: product analytics. Receives anonymized event data; no broker data, no transactions.
  • Google (Analytics + Ads), Meta, and Reddit: advertising and conversion measurement. Receive a hashed email, IP, and conversion events; no broker data or transactions.
  • SnapTrade: brokers the read-only Robinhood and Fidelity connections. Receives the broker login you complete on its portal; PremiumGuardHQ never sees those credentials.
  • Finnhub: real-time market data. Receives ticker symbols only.
  • Vercel: hosting and edge. Server logs only; no persisted user data.
  • Charles Schwab API and Interactive Brokers Flex Web Service: the broker connections you authorize. Reach is read-only.

We may also disclose information when legally required, for example in response to a valid court order or subpoena. We will tell you about any such request unless we are legally prohibited from doing so.

For the current list and certifications of each vendor, see the sub-processors section on the security page.

6.0

Data retention and deletion

Your data is retained while your account is active. You can request deletion at any time from Settings → Delete account.

  • Active Pro subscribers: deletion is scheduled for the end of the current billing period. You retain full access until then. At the scheduled date, your auth record is removed and all associated data (trade history, cycles, broker tokens, profile fields) is purged in the same transaction.
  • Free tier accounts: deletion is immediate. Auth record removed and all data purged in the same transaction.

Two exceptions persist after deletion: Stripe retains billing records per its own legal retention policy (outside our control), and your email is added to an internal list that prevents the same address from claiming a second free trial.

For the full deletion mechanics, see the retention section on the security page.

7.0

Your rights

You can:

  • Access, correct, or delete your personal data from Settings.
  • Disconnect any broker connection at any time. Tokens are wiped immediately on disconnect; your account and historical data remain until you choose to delete the account itself.
  • Object to any specific use of your data by contacting us at support@premiumguardhq.com.
8.0

Changes and contact

Material changes to this policy will be posted to this page with a revised "Last updated" date. Continued use of PremiumGuardHQ after a change indicates acceptance of the revised policy.

Privacy questions, data requests, or compliance inquiries: support@premiumguardhq.com.