Introduction
This policy applies to PremiumGuardHQ, operated by Medium Rare Enterprises out of Doylestown, Pennsylvania. It covers both the marketing site at premiumguardhq.com and the application at app.premiumguardhq.com.
PremiumGuardHQ is an analytics platform for self-directed options traders. We do not place trades, hold custody of funds, or act as a broker-dealer or investment adviser. We read transaction data from brokers you authorize, run math against it, and show you the result.
Information we collect
Account information
Email address and display name, collected during sign-up and stored in Supabase Auth.
Brokerage transaction data
Transaction history (fills, expirations, assignments), positions, and account balances. This data reaches us by one of three paths that you choose:
- Charles Schwab: OAuth 2.0 connection, scopes limited to
accounts:readandtransactions:read. - Interactive Brokers: Flex Web Service token that you generate inside IBKR Account Management. Read-only by design.
- CSV upload: Schwab transaction-history format or IBKR Activity Statement format, auto-detected. Plus manual single-trade entries you create.
Broker credentials
Schwab OAuth access and refresh tokens are stored encrypted. IBKR Flex tokens are stored encrypted. We never receive your broker username, password, or two-factor codes.
Market data
Real-time stock prices for your open positions, fetched via Finnhub. The request contains ticker symbols only; Finnhub does not receive user identifiers or transaction data.
Usage data
Page views and feature interactions tracked through PostHog for product improvement. We do not send your transaction data, broker credentials, or financial figures to PostHog.
Payment information
Subscription payments are processed by Stripe. Stripe stores card details directly; PremiumGuardHQ never sees or stores card numbers.
Communications
Your email address is used for two kinds of messages, both sent through Brevo: transactional messages (account notifications, billing confirmations, security alerts) and marketing communications (product updates, newsletters, occasional announcements). You can unsubscribe from marketing emails at any time using the link in any marketing message. Transactional messages cannot be unsubscribed from because they are required to operate your account.
Advertising and conversion measurement
When you arrive from one of our ads, we use Google Analytics, the Meta pixel, and the Reddit pixel (loaded through Google Tag Manager) to measure ad performance and to show you relevant ads. These tools receive a hashed, irreversible version of your email, your IP address and browser, the pages you view, and conversion events such as starting a trial or subscribing. They never receive your broker credentials, positions, transactions, or financial figures. You can limit this through your browser settings and the ad-preference controls offered by Google, Meta, and Reddit.
How we use your information
- Detect wheel cycles, reconcile cost basis, and compute withdrawal recommendations from your broker data.
- Sync transactions across the brokers you have connected.
- Process subscription payments and manage your account state.
- Send transactional notifications about your account, plus marketing emails you can unsubscribe from at any time.
- Improve the product using anonymized usage patterns.
- Produce de-identified, aggregated statistics from trade data across many accounts, such as the median outcome for a ticker, for product research and for content we publish. See “De-identified aggregate statistics” below.
- Detect and respond to security incidents.
We do not sell your personal information, and we never use your broker data, positions, transactions, or financial figures for advertising or to train models. We do use limited advertising and conversion-measurement tools, described under “Advertising and conversion measurement” above, which receive a hashed version of your email and conversion events to measure ad performance and show relevant ads. The only trade-derived information we ever use in published content is the de-identified aggregate statistics described below, which contain no individual data.
De-identified aggregate statistics
We compute aggregate statistics from trade data across many accounts, for example how many traders ran wheel cycles on a given ticker and the median result. These statistics are computed inside our own database, are never tied to your name, email, or account, and exclude test data. Before any such statistic is published or shared outside the product, whether in our own content or with commercial partners, it must cover at least five distinct traders, so no figure can be traced back to any one person. Your individual trades, positions, and balances are never published or shared.
Data sharing and sub-processors
We do not sell your personal information. We share data only with the sub-processors required to operate the platform, listed in full below.
- Supabase: database and authentication. Receives all user data, encrypted at rest.
- Stripe: subscription billing. Receives email, billing details, and card token.
- Brevo: transactional and marketing email. Receives email address and message contents.
- PostHog: product analytics. Receives anonymized event data; no broker data, no transactions.
- Google (Analytics + Ads), Meta, and Reddit: advertising and conversion measurement. Receive a hashed email, IP, and conversion events; no broker data or transactions.
- SnapTrade: brokers the read-only Robinhood and Fidelity connections. Receives the broker login you complete on its portal; PremiumGuardHQ never sees those credentials.
- Finnhub: real-time market data. Receives ticker symbols only.
- Vercel: hosting and edge. Server logs only; no persisted user data.
- Charles Schwab API and Interactive Brokers Flex Web Service: the broker connections you authorize. Reach is read-only.
We may also disclose information when legally required, for example in response to a valid court order or subpoena. We will tell you about any such request unless we are legally prohibited from doing so.
For the current list and certifications of each vendor, see the sub-processors section on the security page.